StudyForge Privacy Notice
Last updated: August 10, 2025
This privacy notice explains how StudyForge (“StudyForge,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information when you use our website at www.studyforgeai.com, web or mobile apps, and related services (collectively, the “Services”), engage with our marketing, or communicate with us. It also describes your privacy rights and how to exercise them under laws that may apply to you, including the GDPR (EEA/UK) and CCPA/CPRA (California).
If you have questions or requests, contact us at [email protected].
Table of Contents
- Summary at a Glance
- 1) Scope & Who We Are
- 2) Personal Information We Collect
- 3) How We Use Personal Information (Purposes & Legal Bases)
- 4) AI/Model Processing (Important for StudyForge)
- 5) Cookies, Analytics, and Ads
- 6) How We Share Information
- 7) Data Retention
- 8) Security
- 9) International Data Transfers
- 10) Your Privacy Rights & Choices
- 11) California Privacy (CCPA/CPRA) – Notice at Collection
- 12) Do Not Track & Global Privacy Control
- 13) ThirdParty Platforms & Links
- 14) Children’s Privacy
- 15) Your Responsibilities
- 16) Changes to This Notice
- 17) Contact Us
- Appendix A — Categories of Personal Information (CCPA/CPRA Mapping)
- Appendix B — Regional Rights (EEA/UK/US State)
Summary at a Glance
- What we collect: Account info (name, email), content you upload (study materials), usage data (device, logs, cookies), and payment info processed by our payment partner.
- Why we collect it: To run and improve StudyForge, personalize learning, secure our Services, process payments, and meet legal obligations.
- AI processing: We process your prompts, uploads, and outputs to provide features like flashcards and notes. We do not use your private content to train our own models without your permission.
- Sharing: We share data with service providers (hosting, analytics, customer support, payment, AI processing) under contracts that restrict their use. We do not sell your personal information. If we “share” for crosscontext behavioral advertising (CPRA), we will provide a clear optout.
- Your choices: Manage cookies, marketing preferences, and privacy rights (access, delete, correct, portability, optout of certain processing).
- Security & retention: We use administrative, technical, and physical safeguards and retain data only as long as needed for the purposes described.
- Children: StudyForge isn’t directed to children under 13 (or a higher age where required).
- Changes: We’ll post updates to this notice and change the “Last updated” date.
1) Scope & Who We Are
This notice applies to personal information we collect through:
- Our website(s) and app(s) branded as StudyForge;
- Your interactions with our emails, surveys, and events; and
- Customer support and sales/partnership communications.
If StudyForge is provided to you by a school or organization, we may process your information on their behalf as a processor. In that case, that organization’s privacy policy governs, and requests should be directed to them.
2) Personal Information We Collect
a) Information you provide to us
- Account & profile: name, email, password (hashed), username, photo/avatar (optional).
- Content & learning data: materials you upload (e.g., PDFs, slides, lecture notes, recordings you provide), text you input, chat prompts, highlights, annotations, generated flashcards/notes, quiz responses, and study progress.
- Communications: support requests, feedback, survey responses.
- Billing: purchase history. All payments are processed by Apple through inapp subscriptions (IAP). We do not receive your full payment card details; Apple provides us with transaction status information (e.g., receipt validation).
b) Automatically collected
- Device/technical data: IP address, device type, OS and version, browser type, screen resolution, language.
- Usage/log data: pages/screens viewed, features used, clicks, time stamps, crash reports, and diagnostic data.
- Cookies & similar tech: cookies, pixels, SDKs, and local storage to keep you logged in, remember preferences, measure usage, and (if enabled) for marketing/ads.
c) From third parties
- Single signon (SSO): if you use Google, Apple, or similar, we receive basic profile info (e.g., name, email, profile image) as permitted by your settings.
- Analytics/marketing providers: aggregated insights about site/app interactions.
- Payment & fraud partners: transaction results and signals to prevent abuse.
Sensitive data: We do not seek to collect sensitive personal data (e.g., health, biometric, precise geolocation). Please do not upload such information to StudyForge.
3) How We Use Personal Information (Purposes & Legal Bases)
We process personal information to:
- Provide the Services (create and secure accounts, deliver features, generate study content, sync across devices). Legal bases: contract, legitimate interests.
- Process payments and manage subscriptions. Legal bases: contract, legal obligations.
- Personalize & improve (recommendations, feature tuning, A/B testing, analytics, error/debugging). Legal bases: legitimate interests, consent where required.
- Communicate with you (service/transactional emails, product updates, marketing if you opt in, and feedback requests). Legal bases: contract, legitimate interests, consent where required.
- Keep our Services safe (fraud, abuse, spam, security monitoring, enforcing terms). Legal bases: legitimate interests, legal obligations.
- Comply with law (tax, accounting, requests from authorities). Legal bases: legal obligations, legitimate interests.
Where we rely on consent (e.g., certain cookies/marketing), you can withdraw it at any time emailing [email protected] or by following unsubscribe links.
4) AI/Model Processing (Important for StudyForge)
To power features such as flashcard/notes generation, question answering, and content summaries, StudyForge may transmit your inputs (e.g., prompts, document text you upload) and outputs (model responses) to our infrastructure and/or vetted thirdparty AI providers acting as our processors. We take contractual and technical steps to protect your content.
Training: We do not use your private study content to train our own models without your permission.
Provider logs: Thirdparty AI providers may temporarily retain logs for security/abuse detection per their policies.
Your controls: You can delete uploads or generated artifacts from within the product where available, or contact us to request deletion.
If you are part of an organization (e.g., a school license), our processing of your content follows that organization’s instructions and our data processing agreement (DPA) with them.
6) How We Share Information
We do not sell your personal information. We may “share” personal information for crosscontext behavioral advertising only if we enable such ads; if so, you will have the right to opt out.
We share information with:
- Service providers / processors: hosting & storage, content delivery, analytics, customer support, email/SMS, payment processing via Apple InApp Purchase (IAP), fraud prevention, logging/monitoring, and AI processing.
- Enterprise/School customers: if your account is provisioned by an organization, certain admins may access usage and content per their policies.
- Legal & safety: to comply with law, enforce terms, or protect rights, privacy, safety, or property of StudyForge, you, or others.
- Business transfers: in a merger, acquisition, financing, or sale of assets, your information may be transferred consistent with this notice.
All vendors are bound by agreements limiting their use of your data to our instructions and requiring appropriate security. For transparency, our subprocessors are OpenAI and Google.
7) Data Retention
We keep personal information only as long as necessary to:
- provide the Services,
- comply with legal obligations,
- resolve disputes, and
- enforce agreements.
Illustrative defaults (customize for your operations):
- Account data: retained while your account is active and for [24 months] after closure, unless you request earlier deletion or we must keep it longer by law.
- Logs/telemetry: [12–18 months].
- Backups: rolling [30–45 days].
- Payment records: as required by tax and accounting laws (often 7 years in some jurisdictions).
We will delete or deidentify data when no longer needed.
8) Security
We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest, access controls, leastprivilege practices, and vendor due diligence. No system is 100% secure; if you suspect unauthorized access, contact us immediately at [email protected].
9) International Data Transfers
We may process and store information in countries other than where you live (e.g., the United States). When we transfer personal data internationally, we rely on lawful mechanisms such as Standard Contractual Clauses (and the UK addendum/IDTA where applicable) and implement additional safeguards where appropriate.
10) Your Privacy Rights & Choices
Your rights depend on where you live. Subject to limits under applicable law, you may have the right to:
- Access the personal information we hold about you;
- Correct inaccurate or incomplete information;
- Delete your information;
- Port data to another service;
- Restrict or object to certain processing (including direct marketing);
- Withdraw consent where processing relies on consent; and
- Appeal a denied request (for Virginia/Colorado/Connecticut, etc.).
How to exercise: Email [email protected]. We may need to verify your identity (and, in some regions, confirm an authorized agent’s authority). We will respond within the time required by law.
11) California Privacy (CCPA/CPRA) – Notice at Collection
- Categories collected: identifiers (name, email, IP); commercial info (purchases); internet/activity data (usage, logs, device); geolocation (coarse IPbased); inferences (feature usage insights); user content (study materials you upload).
- Sources: you, your device/browser, your organization (if applicable), service providers.
- Business purposes: to provide and improve Services, security/fraud prevention, debugging, shortterm transient use, internal research, quality control, marketing with consent.
- Retention: see Section 7.
- Selling/Sharing: we do not sell personal information. If we “share” for crosscontext behavioral advertising, you can opt out via by emailing [email protected] and we honor GPC signals where required.
- Sensitive PI: we do not collect it by default; if we ever do, we limit use/disclosure as required by CPRA.
- Nondiscrimination: We won’t discriminate against you for exercising your rights.
To submit a California request, email [email protected]. “Shine the Light” (Cal. Civ. Code § 1798.83): to request a list of third parties we disclosed personal data to for their direct marketing in the past year (if any), contact us.
12) Do Not Track & Global Privacy Control
Some browsers send Do Not Track (DNT) signals. There’s no common standard, so we don’t respond to DNT. We do recognize Global Privacy Control (GPC) signals for optout of “sale”/“sharing” where legally required.
13) ThirdParty Platforms & Links
If you register or sign in using a thirdparty platform (e.g., Google or Apple), we receive information that platform shares with us per your settings. Your use of thirdparty sites and services is governed by their own privacy policies. Please review them carefully.
14) Children’s Privacy
StudyForge is not directed to children under 13 (or a higher age where required by local law). We do not knowingly collect personal information from children under that age. If you believe a child has provided personal information, contact us so we can delete it.
15) Your Responsibilities
Only upload or input content that you have the right to use and that doesn’t include others’ personal information without their permission. Avoid uploading sensitive personal data.
16) Changes to This Notice
We may update this notice from time to time. We’ll post the updated version here and revise the “Last updated” date. If changes materially affect your rights or how we use your data, we’ll provide additional notice (e.g., email or inapp).
17) Contact Us
- StudyForge
- Email: [email protected]
Appendix A — Categories of Personal Information (CCPA/CPRA Mapping)
| Category | Examples | Purpose | Disclosed to (service types) |
|---|---|---|---|
| Identifiers | Name, email, IP, user ID | Account, support, security | Hosting/CDN, customer support, analytics |
| Commercial data | Subscription tier, purchase history | Billing, support | Apple (InApp Subscriptions), finance tools |
| Internet/activity | Pages viewed, clicks, device/OS, crash logs | Provide/improve services, debugging | Analytics, logging, performance monitoring |
| Geolocation (coarse) | IPbased region/city | Localization, security/fraud | Security/fraud services, analytics |
| User content | Uploads (notes, PDFs, recordings you provide), prompts, outputs | Core features (generation, Q&A), sync | Storage/hosting, AI processing |
| Inferences | Feature usage patterns | Improve/personalize experiences | Analytics, product telemetry |
Appendix B — Regional Rights (EEA/UK/US State)
EEA/UK (GDPR): You may contact us to exercise rights of access, rectification, erasure, restriction, portability, and objection. You may lodge a complaint with your local supervisory authority (e.g., ICO in the UK or your country’s DPA). Lawful bases are described in Section 3.
US State laws (VA, CO, CT, UT, etc.): You may request access, deletion, correction (where applicable), portability, and opt out of targeted advertising, sale, or profiling in furtherance of decisions that produce legal or similarly significant effects. If we deny your request, you can appeal by replying to our decision notice with “Appeal” in the subject line.