Privacy Policy

Welcome to Studilax ("we," "our," "us," or "Studilax"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, safeguard, and share your information when you visit our website (studify.app), use our mobile application (available on iOS and Android), or use any of our related services, features, content, or applications (collectively, the "Service").

This policy is designed to help you understand what information we collect, why we collect it, how we use it, and what choices you have regarding your data. By using the Service, you consent to the data practices described in this Privacy Policy.

We collect information to provide better services to all our users. The information we collect falls into two categories: information you provide to us and information we obtain from your use of the Service.

2.1 Personal Information You Provide

When you register for an account, subscribe to our Service, or interact with our features, you may provide the following personal information:

• Account Information: Name, email address, and password (stored in hashed format using bcrypt).
• Profile Information: Profile picture (optional), username, and educational information such as grade level, institution name, subjects of interest, and upcoming exam dates.
• Payment Information: If you subscribe to a paid plan, we collect billing information through our third-party payment processors. We do not store complete credit card numbers on our servers.
• Communication Data: When you contact our support team or communicate with us through the Service, we collect the content of those communications.

2.2 User-Generated Content

We collect and store the content you upload to the Service, including:

• Lecture notes, study materials, and documents (PDF, Word, text files)
• Images and photographs of handwritten notes
• Audio recordings (for voice note features)
• Flashcards, quiz questions, and other educational content you create
• AI Tutor conversation history

This data is collectively referred to as "User Content" and is essential for our AI algorithms to generate flashcards, quizzes, summaries, and other personalized educational resources.

2.3 Automatically Collected Information

When you access or use the Service, we automatically collect the following information:

• Device Information: Device type, operating system, unique device identifiers, browser type, and mobile network information.
• Usage Data: Pages visited, features used, time spent on the Service, interactions with content, and study session data (e.g., number of flashcards reviewed, quiz scores).
• IP Address: We collect your IP address for security purposes, fraud prevention, and to understand user geographic distribution.
• Cookies and Similar Technologies: See Section 7 for more details.

We use the information we collect for the following purposes:

3.1 Providing and Improving the Service

• Creating and managing your account
• Processing your subscriptions and payments
• Delivering the AI-powered features you request (flashcard generation, quiz creation, AI Tutor conversations)
• Personalizing your learning experience based on your study habits and performance
• Tracking your progress and providing analytics on your study habits
• Improving, maintaining, and debugging the Service
• Responding to your comments, questions, and support requests

3.2 AI Processing

Your User Content and queries are processed by our AI systems to:

• Generate flashcards from your study materials
• Create personalized quizzes based on your knowledge gaps
• Provide instant explanations and tutoring through the AI Tutor feature
• Summarize lengthy documents and notes
• Recommend optimal study schedules based on spaced repetition algorithms

3.3 Communications

We may use your email address to:

• Send you account-related information (welcome emails, password resets)
• Notify you about updates to the Service or changes to our terms
• Send you promotional emails about new features or special offers (you can opt out at any time)
• Send you study reminders and streak notifications

3.4 Legal and Security Purposes

• Comply with legal obligations and respond to legal requests
• Detect, prevent, and address fraud, security issues, and abusive behavior
• Enforce our Terms of Service and other agreements

We do not sell your personal information. We may share your information only in the following circumstances:

4.1 With Service Providers

We share information with third-party vendors who help us operate, provide, improve, integrate, customize, support, and market the Service:

• Cloud Infrastructure: Neon Technologies (serverless PostgreSQL database)
• AI Services: OpenRouter (AI API aggregation)
• Authentication: Auth.js (formerly NextAuth) for secure authentication
• Analytics: Analytics providers to understand Service usage
• Payment Processing: Third-party payment processors
• Email Services: Email delivery services

4.2 For Legal Reasons

We may disclose information when required by law, regulation, or legal process, or when we believe disclosure is necessary to:

• Comply with a judicial proceeding, court order, or legal request
• Detect, prevent, or address fraud, security, or technical issues
• Protect the rights, property, or safety of Studilax, our users, or the public
• Enforce our Terms of Service or Privacy Policy

4.3 Aggregated or De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you. This data helps us understand usage patterns, improve the Service, and conduct research.

A core feature of Studilax is the use of artificial intelligence, including Large Language Models (LLMs), to generate personalized educational content. This section explains how your data is processed by AI systems.

5.1 AI Service Providers

To provide our AI-powered features, we use the following third-party AI services:

• OpenRouter: An AI API aggregator that provides access to various large language models. OpenRouter acts as an intermediary that routes our AI requests to various model providers.
• Step-fun: We primarily utilize the Step-3.5-flash model for its advanced reasoning capabilities in generating educational content.

5.2 Data Transmitted to AI Services

When you use AI features (such as "Generate Flashcards," "Create Quiz," or "Ask AI Tutor"), the following data is transmitted to our AI service providers:

• The text of your query or request
• Relevant snippets from your uploaded study materials (to generate contextually relevant responses)
• Your study session context (e.g., current subject, topic being studied)

Important: We do not transmit your full account profile, email address, or other personal identifying information to AI providers unless you explicitly include such information in your queries.

5.3 AI Data Handling

• Your data sent to AI providers is used solely to generate responses to your specific queries.
• We do not use your personal data or User Content to train or fine-tune public AI models.
• AI providers may retain request data for a limited period for quality and debugging purposes. This data is not used to train their public models.
• AI conversations (e.g., with AI Tutor) are stored in your account so you can review them later.

6.1 Data Storage Provider

Your data is stored securely using Neon, a serverless PostgreSQL database provider. Neon provides:

• Encryption of data at rest using AES-256 encryption
• Encryption of data in transit using TLS/SSL
• Isolated database instances with strict network policies
• Automatic backups with point-in-time recovery

6.2 Security Measures

We implement a comprehensive set of technical and organizational security measures to protect your data:

• Password Security: All passwords are hashed using bcrypt with appropriate salt rounds.
• Authentication: We use secure authentication protocols (OAuth, JWT) with secure token handling.
• Access Controls: Strict role-based access controls limit who can access user data.
• Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.3.
• Regular Audits: We conduct regular security audits and vulnerability assessments.
• Employee Training: Our team is trained on data protection and security best practices.

6.3 Security Limitations

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. You are also responsible for maintaining the confidentiality of your account credentials.

We use cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and for security purposes.

7.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function properly (e.g., authentication tokens, session IDs).
• Analytics Cookies: Help us understand how users interact with the Service (e.g., pages visited, time spent).
• Preference Cookies: Remember your settings and preferences (e.g., theme choice, language).
• Security Cookies: Help us detect fraudulent activity and ensure secure sessions.

7.2 Managing Cookies

You can control or disable cookies through your browser settings. However, disabling essential cookies may prevent the Service from functioning properly.

The Service may contain links to third-party websites, services, or applications that are not owned or controlled by Studilax. We are not responsible for the privacy practices or content of these third parties.

We encourage you to review the privacy policies of any third-party sites or services you access from the Service. This Privacy Policy applies only to information collected by Studilax.

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you become aware that a child under 13 has provided us with personal information without parental consent, please contact us at privacy@studify.app. If we discover that we have collected personal information from a child under 13 without parental consent, we will delete that information promptly.

Depending on your location, you may have the following rights regarding your personal information:

10.1 Access and Portability

You have the right to request a copy of the personal information we hold about you. You also have the right to request your data in a portable, machine-readable format.

10.2 Correction

You have the right to request correction of inaccurate or incomplete personal information we hold about you.

10.3 Deletion ("Right to be Forgotten")

You have the right to request deletion of your personal information. When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required by law to retain certain data.

10.4 Objection and Restriction

You have the right to object to or restrict processing of your personal information in certain circumstances.

10.5 Opt-Out of Marketing

You can opt out of receiving promotional emails by clicking the "unsubscribe" link in any promotional email or by contacting us at privacy@studify.app.

10.6 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@studify.app. We will respond to your request within 30 days.

We retain your personal information for as long as your account is active or as needed to provide you services. Specifically:

• Account Data: Retained while your account is active. Upon account deletion, data is deleted within 30 days.
• User Content: Deleted within 30 days of account deletion.
• AI Conversations: Stored until you delete them or your account is deleted.
• Usage Data: Retained for analytics purposes in anonymized form indefinitely.
• Legal Requirements: Some data may be retained longer if required by law or for legal proceedings.

Studilax is primarily operated in the United States. Your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

When we transfer data internationally, we implement appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy and applicable data protection laws, including standard contractual clauses or other lawful transfer mechanisms.

In the event of a data breach that affects your personal information, we will:

• Notify affected users via email within 72 hours of discovering the breach
• Investigate the incident and take appropriate remedial measures
• Report the breach to relevant authorities as required by applicable law
• Provide guidance to affected users on steps they can take to protect themselves

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will post any material changes to this policy on this page and update the "Last updated" date at the top.

For significant changes, we will provide more prominent notice, such as an email notification or a notice through the Service. We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data protection inquiries, please contact our privacy team at privacy@studify.app.