Privacy Policy

Effective Date: November 26, 2025
Last Updated: November 26, 2025

1. INTRODUCTION

StudyCrush AI ("Company," "we," "us," or "our") is committed to respecting your privacy and safeguarding the personal information you share with us when you use our website, subdomains, mobile applications, and any related online services (collectively, the "Services"). This Privacy Policy describes how we collect, use, disclose, and protect your personal data, as well as the rights you may have regarding your information.

This Privacy Policy is intended to be as comprehensive and detailed as possible to help ensure compliance with applicable privacy laws, including the European Union's General Data Protection Regulation (GDPR) and Germany's Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG). However, no policy can foresee every possible scenario, and we encourage you to contact us at [email protected] should you have any questions or concerns.

By accessing or using our Services, or by otherwise providing personal information to us, you consent to the collection, use, disclosure, and handling of your personal information as described in this Privacy Policy and agree to be bound by its terms. If you do not agree with these terms, please do not use the Services.

2. SCOPE OF THIS PRIVACY POLICY

Applicability: This Privacy Policy applies to personal information we collect through the Services, as well as through any related online or offline interactions (such as emails, customer support, or events) that reference or link to this policy.

Third-Party Links & Services: Our Services may include links to third-party websites or integrate with third-party tools. While we strive to work with reputable partners, these third parties have their own privacy practices, and we do not control or assume responsibility for their actions, privacy policies, or content. We encourage you to review the privacy policies of any third-party websites or services you visit.

3. DEFINITIONS

"Personal Information" or "Personal Data": Any information about an identifiable individual, or information that could reasonably be used to identify an individual, either on its own or when combined with other data.

"Processing": Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.

"You" / "User": An individual who accesses or uses our Services.

"Controller": The natural or legal person which determines the purposes and means of the processing of personal data.

"Processor": A natural or legal person which processes personal data on behalf of the controller.

4. INFORMATION WE COLLECT

We may collect various types of information, including but not limited to:

A. Information You Provide Directly

Account Registration: When you create an account, we may collect your name, email address, username, password, and other registration details.

Profile Information: You may choose to provide additional information in your profile, such as a profile picture or other optional details.

Communications: If you contact us (e.g., via email, chat, or support forms), we may collect the content of your communications, your contact details, and any other information you choose to provide.

Study Materials / User Content: When you upload or submit study materials (e.g., PDF, text, images, audio, video links), we collect and process this content for the purpose of providing the Services (e.g., generating quizzes, flashcards, tutoring sessions). Important: You must not upload any personal data of yourself or third parties within study materials.

Payment Information: If you purchase a subscription or otherwise engage in a financial transaction, we may collect billing information such as your name, payment method details, and any other data necessary to process payments. We use Polar as our payment processor and do not store full payment card details on our servers; we only store minimal information necessary for record-keeping (e.g., transaction IDs and partial card details).

B. Information Collected Automatically

Usage Data: We may automatically collect information about your interaction with our Services, such as pages viewed, features used, links clicked, and the time spent on the Services.

Device & Log Information: We may collect information about the device and browser you use to access the Services (e.g., IP address, browser type, operating system, device identifiers, language preferences, and timestamps).

Cookies & Similar Technologies: We and our service providers may use cookies, web beacons, pixels, and similar tracking technologies to enhance user experience, analyze usage, and deliver relevant content or advertisements.

C. Information From Third Parties

Social Media & Single Sign-On: If you choose to register or log in using a third-party single sign-on service (e.g., Google), we may receive certain profile information from that third party in accordance with their privacy policy and your account settings.

Third-Party Integrations: In some cases, we may receive information from third parties if you choose to integrate our Services with theirs or allow data sharing.

5. HOW WE USE YOUR INFORMATION

We use the personal information we collect for various legitimate business purposes, including:

Service Provision & Account Management: To create, maintain, and administer your account, and to provide, operate, and improve the functionality of the Services, including generating AI-powered study materials, quizzes, flashcards, and personalized tutor sessions.

Personalization & Analytics: To personalize your experience based on your study materials, progress, and preferences, and to analyze usage trends and understand how users interact with our Services.

Communication: To respond to your inquiries, comments, and support requests, and to send you administrative or transactional messages (e.g., service announcements, password reset notifications).

Payment Processing & Subscription Management: To facilitate payment transactions, subscriptions, and billing processes through our payment processor Polar.

Security & Compliance: To protect the security and integrity of our Services, detect and prevent fraud or abuse, and comply with our legal obligations under German and EU law.

Business Operations & Legal Requirements: To conduct audits, data analysis, or troubleshooting, to fulfill legal obligations, and to enforce our Terms of Service or other legal rights.

6. COOKIES AND SIMILAR TECHNOLOGIES

Cookies are small text files stored on your device that allow us to remember your actions and preferences over time. We use cookies for:

Essential Functions: Enabling core site functionality (e.g., maintaining session state).

Analytics: Collecting anonymized traffic and usage statistics to help us improve the Services.

Personalization: Remembering your preferences and customizing your experience.

You can manage or disable cookies via your browser settings, though blocking essential cookies may affect the functionality of our Services. We may also use web beacons, pixels, and local storage to achieve similar purposes as cookies.

7. LEGAL BASES FOR PROCESSING (GDPR)

Under the GDPR, we rely on one or more of the following legal bases to process your personal information:

Consent (Art. 6(1)(a) GDPR): We process your personal data when you have given us explicit consent to do so (e.g., subscribing to marketing communications).

Performance of Contract (Art. 6(1)(b) GDPR): We process your personal data as necessary to provide the Services you have requested under our Terms of Service.

Legitimate Interests (Art. 6(1)(f) GDPR): We process your personal data where it is necessary for our legitimate interests (e.g., improving user experience, securing the Services, or analyzing usage patterns), provided these interests are not overridden by your fundamental rights and freedoms.

Compliance with Legal Obligations (Art. 6(1)(c) GDPR): We may process your personal data to comply with legal obligations or respond to lawful requests from governmental authorities.

8. DISCLOSURE OF YOUR INFORMATION

We may share or disclose personal information in the following circumstances:

Service Providers & Partners: We engage third-party companies and individuals to facilitate our Services:

  • Render.com: Hosting provider
  • Supabase: Database and storage provider
  • Cloudflare: Content Delivery Network (CDN)
  • Polar: Payment processing
  • OpenRouter, Inc.: AI model routing
  • Replicate, Inc.: AI model processing

These parties have access to personal information only to perform tasks on our behalf and are obligated not to disclose or use it for any other purpose. We have data processing agreements in place with these processors as required by Art. 28 GDPR.

Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, we may transfer your personal information as part of the transaction. Any acquiring entity or third party will adhere to the commitments we have made in this Privacy Policy.

Legal Compliance & Protection: We may disclose personal information if required to do so by law, or in response to a lawful request by public authorities (e.g., a court order or subpoena). We may also disclose personal information when we believe it is necessary to protect our rights, property, or safety, or to investigate fraud, abuse, or security issues.

Consent or Direction: We may share your personal information for other purposes when you have provided consent or requested such disclosure.

Aggregated or De-Identified Data: We may share data that has been aggregated or de-identified in such a way that it can no longer be associated with a specific individual.

9. INTERNATIONAL DATA TRANSFERS

Your personal information may be transferred to, processed, and stored in countries outside the European Economic Area (EEA), including the United States. We ensure that such transfers comply with Chapter V of the GDPR by:

  • Using Standard Contractual Clauses (SCCs) approved by the European Commission
  • Ensuring adequate safeguards are in place
  • Obtaining your explicit consent where required

Our service providers (OpenRouter, Replicate) are located in the United States. We have implemented appropriate safeguards to protect your data during these transfers.

10. DATA RETENTION

We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining the retention period, we consider factors such as:

  • The nature of the data
  • The purpose for which it was collected
  • Regulatory or legal obligations (e.g., German tax law requires retention of certain records for 10 years)

Once retention is no longer required, we will securely delete or anonymize your data.

11. SECURITY MEASURES

We are committed to protecting the security of your personal data. We implement a variety of administrative, technical, and physical safeguards designed to protect against unauthorized access, alteration, disclosure, or destruction of personal information. Examples include:

Encryption: We use industry-standard encryption (e.g., TLS) to protect data in transit.

Access Controls: We limit access to personal information to employees, contractors, and agents who need to know such information to process it on our behalf.

Secure Hosting: We host our Services with reputable providers (Render.com, Supabase) that maintain high security standards.

Monitoring & Audits: We regularly review our information collection, storage, and processing practices, including physical security measures.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

12. CHILDREN'S PRIVACY

Minimum Age Requirements: Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from individuals under 16 years of age without parental consent.

Parental Consent: If you are under 18 and wish to use the Services, you may do so only with the involvement and consent of a parent or legal guardian.

Account Termination: If we become aware that a child under 16 has provided personal information to us without parental consent, we will delete such information and terminate the child's account.

13. YOUR RIGHTS UNDER GDPR

Under the GDPR and German data protection law, you have the following rights regarding your personal information:

Right of Access (Art. 15 GDPR): You have the right to request a copy of the personal information we hold about you.

Right to Rectification (Art. 16 GDPR): You can ask us to correct or update any inaccuracies in your personal data.

Right to Erasure (Art. 17 GDPR): You may have the right to request the deletion of your personal information, subject to certain exceptions (e.g., legal obligations requiring us to retain data).

Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on your consent, you have the right to withdraw that consent at any time.

Right to Restrict Processing (Art. 18 GDPR): In certain circumstances, you may have the right to request that we limit or restrict our processing of your personal information.

Right to Data Portability (Art. 20 GDPR): You can request a structured, commonly used, and machine-readable copy of certain personal data you have provided to us.

Right to Object (Art. 21 GDPR): You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. In Germany, you can contact your local data protection authority (Landesdatenschutzbehörde).

To exercise these rights, please contact us at [email protected]. We will respond to your request within one month, as required by Art. 12(3) GDPR.

14. MANAGING YOUR PERSONAL INFORMATION

Account Settings: You can access, update, or delete certain personal information by logging into your account settings within the Services.

Email Preferences: You can opt out of marketing or promotional emails at any time by following the unsubscribe link in such communications. You may still receive transactional messages even if you opt out of marketing emails.

Contact Us: If you have any difficulties accessing or managing your personal information, please email us at [email protected].

15. THIRD-PARTY SERVICES AND INTEGRATIONS

In order to offer a comprehensive learning experience, our Services may integrate with or link to third-party platforms and services (e.g., YouTube for video content, Google for single sign-on, Polar for payment processing). We do not control and are not responsible for the data practices of these third parties. We encourage you to review their respective privacy policies to understand how they handle your personal information.

16. BUSINESS AND MARKETING COMMUNICATIONS

Service-Related Communications: We may send you service-related emails or notifications (e.g., account verification, technical or security notices). You cannot opt out of these essential communications.

Promotional Communications: With your consent (as required by GDPR), we may send you promotional communications about new features, offers, or other relevant updates. You can opt out at any time by following the instructions in the emails or contacting us at [email protected].

17. CHANGES TO THIS PRIVACY POLICY

Updates: We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our practices, technologies, legal requirements, or other factors.

Notification: If we make any material changes, we will notify you by posting the updated policy on our website or by other appropriate means, such as email or notifications within the Services, at least 30 days before the changes take effect.

Effective Date: The "Effective Date" at the top of this Privacy Policy indicates when the latest version went into effect. Your continued use of the Services after any changes take effect signifies your acceptance of the revised Privacy Policy.

18. DATA PROTECTION OFFICER

For questions regarding data protection or to exercise your rights, you may contact us at:

Email: [email protected]
Subject Line: Data Protection Inquiry

19. DISPUTE RESOLUTION

Contact Us First: If you have any concerns about our privacy practices, we encourage you to reach out to us at [email protected] so we can address your concerns directly and promptly.

Supervisory Authority: You have the right to lodge a complaint with a supervisory authority in the EU/EEA, particularly in your country of residence, workplace, or where the alleged violation occurred.

Governing Law: This Privacy Policy and any disputes arising from it shall be governed by German law, excluding its conflict of law provisions.

20. ADDITIONAL PROVISIONS

No Contractual Rights: This Privacy Policy is not intended to create contractual or legal rights beyond those established by applicable privacy laws.

Severability: If any provision of this Privacy Policy is found unenforceable or invalid, that provision shall be enforced to the maximum extent permissible, and the remaining provisions will remain in full force and effect.

Language: This Privacy Policy may be provided in multiple languages. In the event of any conflict or inconsistency between the English version and any translation, the English version shall prevail.

21. CONTACT US

If you have any questions, comments, or concerns about this Privacy Policy or our privacy practices, please feel free to contact us:

Email: [email protected]
Website: https://studycrush.ai

Controller Information:

StudyCrush AI
Email: [email protected]
Website: https://studycrush.ai

StudyCrush AI - Study Tool for Students & Academics