Privacy Policy for FirstPass
Effective date: July 9, 2026
FirstPass is a research discovery and reading app for finding, saving, reading, and organizing scholarly papers. This Privacy Policy explains what information FirstPass collects, how it is used, what stays on your device, what may be sent to our server, and what happens when you open third-party research content such as arXiv pages, PDFs, publisher pages, citation links, or other external links.
FirstPass is operated by Fernando Flores, an individual developer. In this Policy, “FirstPass,” “we,” “us,” and “our” refer to the developer and the FirstPass app and related server-side services.
Contact: support@getfirstpass.app
Summary
FirstPass is designed to be local-first. We do not require an account, we do not sell personal information, we do not use advertising tracking, and we do not intentionally keep permanent logs of ordinary search or reading activity.
Most personal app activity stays on your device or, if iCloud sync is enabled, in your iCloud account, including saved papers, liked papers, reading history, search history, reading progress, highlights and notes, local summaries, local settings, and cached paper files.
Some information is sent to our server when needed to provide app features such as search, feeds, per-request liked-paper recommendations, Radar, smart folders, paper lookup, citation metadata, and downloading the optional local summarizer model.
When you open arXiv pages, PDFs, HTML versions of papers, publisher pages, citation links, or links inside the reader, your device may connect directly to arXiv, publishers, or other third-party websites. Those websites are not controlled by FirstPass and may collect information under their own privacy policies.
Information We Do Not Collect
FirstPass does not currently require or provide user accounts.
We do not intentionally collect your name, email address, phone number, payment card information, address, or account credentials through the app.
We do not sell your personal information.
We do not use third-party advertising networks.
We do not use cross-app advertising tracking.
We do not intentionally keep permanent logs of ordinary search activity, reading activity, liked-paper lists, or saved-paper lists as user profiles.
Information Stored on Your Device
FirstPass stores app data locally on your device so the app can work, remember your preferences, and provide offline or cached functionality.
This local data may include:
Saved papers and folders. This may include custom folder names, paper identifiers, paper titles, abstracts, authors, categories, paper URLs, and the dates papers were saved.
Liked papers. This includes arXiv paper identifiers and the date or time a paper was liked.
Highlights and notes. If you highlight passages or write notes while reading, FirstPass stores the highlighted text, highlight colors, notes, and related position data locally on your device.
Reading history. This may include papers you opened, paper identifiers, titles, abstracts, authors, categories, URLs, and view timestamps.
Reading state. This may include your last page, zoom setting, HTML scroll position, and the date the reading state was updated.
Search history. The app may store recent searches locally so you can reuse them.
Feed preferences. This may include the categories or feeds you select, feed names, and related app settings.
Radar and smart folder data. This may include saved search radar entries, author follows, smart folder names, seed paper identifiers, seed paper titles, acknowledged paper identifiers, unread counts, and related status data.
Cached paper metadata. This may include paper titles, abstracts, authors, categories, URLs, citation metadata, recommendation metadata, related-paper lists, and fetched timestamps.
Cached PDFs and HTML. If caching is enabled, FirstPass may store downloaded paper PDFs and HTML files locally on your device.
Local summaries. If you enable local abstract summaries, generated summaries and suppression records may be stored locally.
Local model files. If you install the optional summarizer model, the model files are stored locally on your device.
Purchase status. FirstPass offers paid features, and the app may store purchase or subscription status needed to unlock those features.
Preferences and settings. This includes settings such as theme, haptic feedback, caching preferences, reader appearance, default reader mode, and whether local summaries are enabled.
You can delete some local data from inside the app, such as PDF, HTML, and paper caches. You can also delete the app to remove app data stored by iOS. Some app-group or system-managed storage may be controlled by iOS behavior.
iCloud Sync
FirstPass offers iCloud sync for some paid features. If iCloud sync is enabled, FirstPass may sync some app data through Apple iCloud so that it is available across devices signed in to the same Apple Account.
Synced data may include saved papers, folders, liked papers, highlights and notes, pinned papers, reading history, reading position, per-paper reader mode, reader appearance settings, saved feeds, Radar entries, smart folder data, and related app preferences.
iCloud sync is provided by Apple through CloudKit. Synced data is stored in the user’s iCloud account and is subject to Apple’s privacy policy and iCloud settings. FirstPass does not receive your Apple Account password or payment card information from iCloud sync.
If iCloud sync is disabled for FirstPass, unavailable on your device, or unavailable under your current FirstPass plan, synced features may not work across devices, but local app features may still work on that device.
Deleting data from FirstPass may also remove synced copies from iCloud, depending on the feature and Apple’s sync behavior. Deleting the app from one device may not immediately delete copies already synced to iCloud or other devices.
Information Sent to Us or Our Server
FirstPass uses a backend service to provide paper metadata, feeds, search, recommendations, citation metadata, and related features. When you use these features, the app may send information to our server so the server can respond.
Information sent to our server may include:
Search requests. This may include your search query, author filters, category filters, date filters, sort options, pagination cursors, and search options.
Feed requests. This may include selected categories or feeds, pagination cursors, limits, and similar feed settings.
Liked-paper recommendation inputs. To rank a feed based on papers you have liked, the app may send liked arXiv paper identifiers or derived liked-paper recommendation information needed to generate the current feed response. We use this information to respond to the current request. We do not intentionally retain liked-paper recommendation inputs after the request is complete, and we do not use them as account identifiers, advertising identifiers, or cross-app tracking identifiers.
Highlight embedding requests. When you highlight a passage of a paper, the app may send the highlighted passage text to our server so the server can compute a numerical representation (an embedding) used for highlight-related features such as surfacing related papers and past highlights. The passage text is processed to respond to the current request. We do not intentionally retain or log highlighted passage text after the request is complete. Notes you write are never sent to our server.
Paper embedding and feed data requests. To rank feeds and find related content on your device, the app may download daily feed data files and request numerical representations (embeddings) for specific papers, including papers you have liked or saved. These requests may include lists of paper identifiers. We do not intentionally retain these lists after the request is complete.
Paper lookup requests. When the app or share extension resolves a paper, it may request metadata for a specific arXiv paper identifier.
Related-paper requests. When the app displays related papers, it may request related-paper results for a paper identifier.
Citation metadata requests. When citation metadata is available, our server may return citation counts, citation links, or related citation information derived from third-party academic metadata sources such as OpenAlex.
Smart folder requests. Smart folder scans may send seed paper identifiers, acknowledged paper identifiers, limits, and lookback settings.
Radar requests. Radar searches may send saved search criteria such as query text, author filters, category filters, date filters, and sorting settings.
Search-within-results requests. Some searches may send a list of paper identifiers to search within.
Author suggestion requests. Author search or suggestion features may send the typed author query.
Summary model download requests. If you choose to install the optional local summarizer model, the app downloads the model artifact from our server.
Purchase verification or entitlement requests. FirstPass offers paid features, and the app may receive purchase or subscription status from Apple or use purchase-related information needed to unlock paid features. We do not receive your full payment card information from Apple.
Technical connection information. Like all internet services, our server necessarily receives technical information needed to respond to requests, such as your IP address and basic request metadata. We may derive an aggregate count of daily active devices from technical connection information. This is computed transiently; IP addresses are not stored or logged for this purpose, and only the aggregate count is retained, which cannot identify you.
Support and privacy messages. If you contact us for support, privacy requests, crash-report follow-up, or other questions, we may receive your email address and the contents of your message. We use that information only to respond to you and handle your request.
We use this information to provide the requested feature, operate the service, prevent abuse, debug technical problems, and maintain reliability and security.
We do not use this information for advertising.
We do not sell this information.
We do not intentionally keep permanent logs containing your search queries, liked paper lists, smart folder seeds, saved paper lists, or reading activity. However, hosting, security, error, crash, or infrastructure logs may temporarily include technical metadata needed to operate, protect, or troubleshoot the service. We try to avoid including research-interest data in logs.
Optional Crash Reports
FirstPass may offer optional crash reporting.
If you choose to send a crash report, the report may include diagnostic information such as:
App version and build number.
Operating system version.
Device model or device class.
Crash time.
Stack trace.
Technical error information.
Recent diagnostic logs needed to understand the crash.
Crash reports are used only to fix bugs, improve reliability, and maintain the app.
Crash reports are not intended to include your saved papers, full search history, paper PDFs, paper HTML files, local summaries, or full paper contents. However, diagnostic information may sometimes contain limited contextual information if it is involved in a crash. You should not send a crash report if you do not want diagnostic information sent to us.
If we use a third-party crash-reporting provider in the future, we will update this Privacy Policy to identify that provider and describe its role.
Local AI Features
FirstPass may offer local abstract summaries. On new installations this feature may be enabled by default, and the summarizer model may download automatically from our server over Wi-Fi. You can disable local summaries in settings and delete the model.
The model is stored on your device and used locally to generate summaries of paper abstracts.
We do not send paper abstracts to our server for summary generation.
Generated summaries are stored locally on your device unless you clear them or delete the app.
Downloading the model may reveal to our server that the app requested the model artifact, along with ordinary technical connection information such as IP address.
arXiv, Publisher Sites, Citation Links, and Third-Party Web Content
FirstPass helps you read papers from arXiv and other paper sources. FirstPass may also show citation metadata derived from third-party academic metadata sources such as OpenAlex.
When you open arXiv abstract pages, PDFs, HTML versions, publisher pages, citation links, or links inside the reader, your device may connect directly to arXiv, a publisher, or another third-party website.
Those third-party services may receive information such as your IP address, browser or device information, the page or file requested, cookies or local web storage, referring information, and other information described in their own privacy policies.
FirstPass does not control arXiv, publisher websites, or external websites linked from papers.
The reader may allow navigation through links in web content. If you follow links to other websites, those websites may collect information independently of FirstPass.
FirstPass is currently intended to use an ephemeral webview data store for in-app web browsing where possible. This means FirstPass does not intend to preserve third-party web cookies or web browsing data across sessions through the app’s webview. However, third-party websites may still receive technical connection information while you are viewing their pages, and external links opened outside FirstPass may be handled by Safari or another browser with its own privacy behavior.
PDFs and HTML Files
When you read a paper in-app, FirstPass may download the paper’s PDF or HTML file from arXiv or another source URL.
If caching is enabled, FirstPass may store those files locally so they can open faster later and so you can continue reading without downloading the same file again.
You can disable PDF or HTML caching in app settings. You can also clear PDF and HTML caches from the app.
If caching is disabled, FirstPass may still temporarily download files so they can be displayed, but it will not intentionally keep them in the persistent cache.
How We Use Information
We use information for the following purposes:
To provide app features such as search, feeds, paper lookup, reading, saved papers, liked papers, smart folders, Radar, citation metadata, highlights and notes, and related-paper recommendations.
To personalize your research feed based on your selected categories and liked papers.
To store your local preferences and app state.
To cache paper metadata, PDFs, HTML files, related papers, citation metadata, summaries, and model files.
To provide optional local abstract summaries.
To unlock paid features.
To provide optional crash reporting if you choose to send diagnostic reports.
To respond to support, privacy, and other messages you send us.
To maintain, debug, secure, and improve FirstPass and its server-side services.
To comply with applicable law or respond to lawful requests.
How We Share Information
We do not sell your personal information.
We do not share your information with advertising networks.
We may share or process information in the following limited ways:
Service providers. Our server is hosted by a server hosting provider. That provider may process technical information needed to host FirstPass server-side services, store server files, and deliver responses.
App Store purchases. FirstPass offers paid features through Apple. Apple processes payments and may provide purchase or subscription status needed for the app to unlock paid features. We do not receive your full payment card information from Apple.
Crash reporting. If optional crash reporting is enabled and we use a crash-reporting provider, that provider may process diagnostic reports on our behalf. If crash reports are self-hosted, they are sent to our server.
Third-party paper and citation sources. When you open arXiv, publisher pages, PDFs, HTML documents, citation links, or links inside the reader, your device may contact those third-party services directly. Our server may also query third-party paper and citation metadata sources, such as arXiv and OpenAlex, using public paper identifiers or metadata needed to provide app features. We do not sell or share your saved-paper lists, liked-paper lists, or reading history with advertising networks.
Legal and safety reasons. We may disclose information if required by law, legal process, or a good-faith belief that disclosure is necessary to protect rights, safety, security, or the integrity of the service.
Business transfer. If FirstPass is ever transferred, merged, or reorganized, relevant information may be transferred as part of that transaction. We would expect the recipient to honor this Policy or provide notice of any material changes.
Data Retention
Local and iCloud-synced data remains on your device or in your iCloud account until it is cleared, evicted by the app, removed by iOS/iCloud, or deleted when you delete the app or relevant synced records.
Some local data has built-in retention or cache limits. For example, reading state may be pruned after a period of time, search history may be capped, and caches may be size-limited or manually cleared.
Liked-paper recommendation inputs, highlighted passage text sent for embedding, and paper identifier lists sent for embeddings are processed to provide the current response and are not intentionally retained after that request is complete. They are not used as permanent user profiles, account identifiers, advertising identifiers, or cross-app tracking identifiers.
We do not intentionally keep permanent logs of ordinary search, reading, liked-paper, or saved-paper activity. Limited operational, security, crash, error, or infrastructure logs may be retained as needed to operate and protect the service.
Privacy Rights
Depending on where you live, you may have rights to request access to, correction of, deletion of, or portability of personal information we have about you. You may also have the right to object to or restrict certain processing.
Because FirstPass does not use accounts and most app activity stays on your device, we may not be able to identify or access local app data from our server. You can delete local app data through app features where available or by deleting the app.
To make a privacy request about information we may have received through optional crash reports, support messages, or server-side operational records, contact us at support@getfirstpass.app.
Your Choices
You can use FirstPass without creating an account.
You can enable or disable iCloud sync for FirstPass where the feature is available. You may also be able to manage iCloud availability for FirstPass in iOS Settings.
You can choose whether to enable local abstract summaries.
You can choose whether to install or delete the local summarizer model.
You can choose whether to enable or disable PDF caching.
You can choose whether to enable or disable HTML caching.
You can clear PDF, HTML, and paper caches from app settings.
You can choose whether to send optional crash reports.
You can delete saved papers, folders, liked papers, Radar entries, smart folders, and other app data through app features where available.
You can delete the app to remove app data stored by iOS.
You can contact us at support@getfirstpass.app to ask questions or request deletion of information we may have received through optional crash reports, support messages, or server-side operational records.
Security
We use reasonable technical and organizational measures to protect FirstPass and its server-side services.
No method of transmission or storage is perfectly secure. We cannot guarantee absolute security, but we design FirstPass to reduce unnecessary collection and to keep most user activity local to your device.
International Users
FirstPass and its server-side services may be operated from servers located in the United States or another location chosen by the developer or hosting provider.
If you use FirstPass from outside that location, your information may be processed in a country with different privacy laws than your country of residence.
Children’s Privacy
FirstPass is not directed to children under 13. Users under 13 should not use FirstPass.
We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe that a child under 13 has provided information to FirstPass, contact us at support@getfirstpass.app. We will take reasonable steps to delete the information if we can identify it.
FirstPass is a general research app and may allow users to access arXiv pages, scholarly papers, citation metadata, and external links. This content is not curated for children.
Changes to This Policy
We may update this Privacy Policy from time to time.
If we make material changes, we will update the effective date and provide notice in the app or through another reasonable method.
The updated Privacy Policy will apply after it becomes effective.
Contact
For privacy questions, requests, or concerns, contact:
Fernando Flores
support@getfirstpass.app