1. Who we are
This Privacy Notice is issued by Kiyan R Thakor ("StudyUpAI", "we", "us"), the operator of the StudyUpAI service. We act as the data controller for personal data we collect about users of our service. If you have any questions, contact us at piumolang.911@gmail.com.
2. Categories of personal data we collect
- Account data: name, email address, password (hashed), and authentication identifiers from Google sign-in.
- Profile data: display name and avatar you choose to provide.
- Content you create: notes, flashcards, AI chat prompts and responses, study group messages, attachments, marketplace listings.
- Usage and telemetry: features used, error logs, IP address, device and browser information, session timestamps.
- Support data: messages you send us when you request help.
- Subscription metadata: plan, status, period dates, and customer identifiers received from our payment provider (we do not collect or store card details).
3. Purposes and legal basis
- Provide the service (contract): create your account, store your study material, generate AI responses, run study groups.
- Customer support (contract / legitimate interest): respond to your requests.
- Security and fraud prevention (legitimate interest / legal obligation): detect abuse, protect accounts, investigate incidents.
- Product improvement (legitimate interest): understand which features are used so we can improve them.
- Legal compliance (legal obligation): respond to lawful requests and meet our regulatory duties.
4. Who we share data with
- Paddle.com Market Ltd — our Merchant of Record. Paddle handles all payments, subscription billing, tax, invoicing, and refunds. Their handling of your payment data is governed by their own privacy policy.
- Infrastructure & hosting subprocessors: Supabase (database, authentication, storage) and Cloudflare (edge hosting). These providers process data on our instructions.
- AI model providers (e.g. Google, OpenAI) when you use AI features — your prompts are sent to generate a response. We do not authorise them to train models on your inputs where opt-out is available.
- Authentication providers (Google) when you choose social sign-in.
- Professional advisers (legal, accounting) where reasonably necessary.
- Authorities where required by law, court order, or to protect rights and safety.
5. International transfers
Your data may be processed in countries outside your home jurisdiction (including the United States and the European Union). Where we transfer data outside the UK / EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or an adequacy decision.
6. Data retention
We keep your personal data for as long as your account is active. When you delete your account, we delete or anonymise your personal data within 30 days, except where we are required to retain it (for example, billing records held by Paddle for tax compliance, or limited security logs for up to 12 months).
7. Your rights
Subject to applicable law (including the UK GDPR / EU GDPR where it applies), you have the right to: access your data, request correction, request erasure, restrict or object to certain processing, request portability, withdraw consent you have given, and lodge a complaint with your local data protection authority. To exercise any of these rights, email piumolang.911@gmail.com. We aim to respond within one month.
8. Security
We apply appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encryption of credentials at rest, role-based access controls, and database row-level security policies. No system is perfectly secure; please use a strong unique password and notify us if you suspect a compromise.
9. Cookies
We use only essential cookies and local storage to keep you signed in and remember your preferences. We do not currently use third-party advertising or analytics cookies. If this changes, we will update this notice and request consent where required.
10. Changes
We may update this notice from time to time. Material changes will be highlighted in the app or by email.