Privacy Policy

Last updated: August 23, 2025

Welcome to StudyAI (“we”, “our”, “us”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our mobile apps (Android/iOS), and our backend services/APIs powered by Ktor (hosted on Render).

Quick Summary

We collect account details you provide (like name and email), authentication data (JWT access token), limited usage data (e.g., created flashcards/quizzes), and basic technical logs. On-device, we store data using DataStore and optionally Room. On the server, we store data in MongoDB Atlas. We do not sell your data.

Information We Collect

  • Account Information: full name, email, userId, createdOn.
  • Authentication: access tokens (JWT). Passwords are never stored in plain text.
  • Usage Data: content you create or interact with in the app (e.g., flashcards/quizzes metadata), app version, timestamps, basic request logs.
  • Device/Technical: IP (transient in server logs), user agent, performance/availability metrics.
  • Support: information you provide when contacting us.

How We Use Your Information

  • Authenticate you and maintain sessions with JWT.
  • Provide core features (flashcards, quizzes, progress).
  • Improve reliability, performance, and user experience.
  • Communicate important updates (e.g., password resets, policy changes).
  • Protect against fraud, abuse, and security threats.

Where Your Data Lives

  • On Device: DataStore (e.g., access token, small user prefs) and optionally Room (cached content for offline/fast access).
  • Server: Ktor backend hosted on Render with database on MongoDB Atlas.

Sharing & Disclosure

We share data only as necessary to operate and improve the service:

  • Service Providers: hosting (Render), database (MongoDB Atlas), email delivery provider (for password reset or account notices).
  • Legal: if required by law or to protect our rights, users, or the public.

We do not sell your personal information.

Security

We use industry-standard measures to protect your data in transit and at rest (e.g., HTTPS, token-based auth). No method is 100% secure, but we regularly review our security posture.

Data Retention

We retain data for as long as your account is active or as needed to provide services, comply with legal obligations, or resolve disputes. You may request deletion (see “Your Rights”).

Your Rights & Choices

  • Access/Update: view and update profile details in the app.
  • Portability: ask for a copy of your personal data.
  • Deletion: request account/data deletion. Some legal/operational data may be retained as required.
  • Opt-out of email: unsubscribe from non-essential emails.

Contact us at support@studyai.app for requests.

Children’s Privacy

StudyAI is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children.

International Transfers

Your data may be processed and stored in countries other than your own. We take steps to ensure appropriate safeguards are in place.

Third-Party Links

Our app may link to third-party sites or services. Their privacy practices are governed by their own policies.

Changes to This Policy

We may update this policy from time to time. We’ll post the new version here and update the “Last updated” date.

Contact Us

Questions or requests? Email support@studyai.app.

StudyAI – Privacy first. No data sales. Minimal tracking.