Privacy Policy

Effective Date: August 27th, 2025
Last Updated: August 27th, 2025

At a Glance - Your Privacy Matters

We respect your privacy. Here's what you need to know:

  • ✅ We only collect data necessary to provide our service
  • ✅ Your study materials stay private and are never shared publicly
  • ✅ We store data in the EU whenever possible
  • ✅ You can delete all your data anytime
  • ✅ Any health-related information is optional and specially protected
  • ❌ We never sell your data
  • ❌ We don't use tracking for advertising

1. Who We Are

StudyLM is operated by Michał Pałys-Dudek, trading as P&D Michał Pałys-Dudek, a sole trader registered in Poland.

Contact Information:

2. What Information We Collect

2.1 Information You Provide

During Onboarding (Even Without Account):

  • Educational Information: Your education level, field of study, major/minor, courses
  • Learning Preferences (OPTIONAL): Information about learning differences or neurodiversity (e.g., ADHD, dyslexia) - see Section 2.4 below

When Using the Service:

  • Study Materials: Documents, PDFs, images, audio files, and text you upload
  • YouTube Links: URLs of videos you want to analyze

When Creating an Account (Optional):

  • Basic Information: Name and email address
  • Social Login Data: If you sign in with Apple, Google, Facebook, Instagram, or TikTok

2.2 Information We Collect Automatically

Device & Technical Information:

  • Device ID: A unique identifier we generate for your device (stored locally)
  • Technical Details: Device type, model, operating system, app version, browser type
  • IP Address: For security and service delivery
  • Language Settings: Your preferred language/locale

Usage Information:

  • App Interactions: Features used, buttons clicked, navigation patterns
  • AI Interactions: Your conversations with AI features and generated content
  • Session Data: When and how long you use the app
  • Crash Reports: Technical data when something goes wrong (via Sentry)

2.3 Information We DON'T Collect

  • ❌ Location data
  • ❌ Contacts or address book
  • ❌ Photos/videos from your gallery (unless you upload them)
  • ❌ Advertising identifiers

2.4 Special Category Data - Neurodiversity Information

⚠️ IMPORTANT - PLEASE READ CAREFULLY:

During onboarding, we may ask about learning differences or conditions that affect learning (such as ADHD, dyslexia, autism, depression, anxiety, etc.).

This information is:

  • 100% OPTIONAL - You can skip this question with no impact on service access
  • Specially Protected - This is health data under GDPR requiring highest protection
  • Used ONLY to personalize study methods and content generation
  • Processed with Explicit Consent - By providing this information, you explicitly consent to its processing
  • Deletable Anytime - You can request immediate deletion without affecting other data
  • Never Required - The app works fully without this information

Why we ask: This helps us generate study materials better suited to different learning styles and needs. For example, we might create shorter content segments for ADHD, or more visual content for dyslexia.

Your explicit consent: If you choose to provide this information, you explicitly consent to:

  • Us storing this data with special protection measures
  • Including relevant details in AI prompts to customize your content
  • Processing under GDPR Article 9(2)(a) - explicit consent for health data

You can withdraw this consent anytime by contacting support@studylm.app

3. How We Use Your Information

3.1 To Provide Our Service

Legal Basis: Contract Performance (or Legitimate Interests for non-account users)

We use your information to:

  • Deliver the core functionality of StudyLM
  • Process and analyze your study materials using AI
  • Generate personalized study content
  • Store and organize your content
  • Provide customer support
  • Enable features and functionality as we develop them

3.2 To Personalize Your Experience

Legal Basis: Explicit Consent (for neurodiversity data) / Contract Performance (for other data)

  • Adapt content based on your educational level and field
  • Customize learning approaches if you've shared neurodiversity information
  • Adjust content format, length, and style to your needs

3.3 To Improve Our Service

Legal Basis: Legitimate Interests

  • Understand feature usage through analytics
  • Fix bugs and improve performance
  • Develop new features
  • Ensure security and prevent abuse

3.4 To Communicate With You

Legal Basis: Consent (marketing) / Contract Performance (service messages)

  • Send study reminders (if enabled)
  • Share interesting facts from your materials (if enabled)
  • Important service updates
  • Promotional offers (you can opt-out)

3.5 Legal Basis Summary (GDPR Article 6 & 9)

Processing Activity Legal Basis
Service delivery Contract performance
Analytics Legitimate interests
Neurodiversity personalization Explicit consent (Article 9)
Marketing communications Consent
Security & fraud prevention Legitimate interests
Legal compliance Legal obligation

4. Who We Share Your Data With

We only share your data with service providers necessary to run StudyLM:

4.1 AI Processing Partners

Your study materials (and personalization preferences if provided) are processed by:

  • OpenAI (ChatGPT) - US-based, DPA available
  • Anthropic (Claude) - US-based, DPA available
  • Google (Gemini) - EU processing available
  • Meta (Llama models) - Varies by deployment
  • xAI (Grok) - Processing location varies

Note: If you provide neurodiversity information, it may be included in prompts to generate personalized content. These providers process data under their privacy policies and don't retain your personal data for their own purposes.

4.2 Infrastructure & Service Providers

Provider Purpose Data Shared Location
Railway Database & API hosting All app data US/EU
DigitalOcean Spaces File storage Uploaded documents EU
PostHog Analytics Anonymous usage data (no health data) EU
Sentry Error tracking Crash reports (no health data) US/EU
MailerSend Email delivery Email address only EU
CloudConvert Document conversion Documents only EU
Supadata YouTube transcripts Video URLs only Unknown
RevenueCat Subscription management Purchase data, device ID US
Payment Processors Payments As required by platform Varies

4.3 We Never Share Your Data For:

  • ❌ Advertising or marketing to third parties
  • ❌ Data brokers or resellers
  • ❌ Public access or other users
  • ❌ Research (unless you explicitly consent)

4.4 Legal Requirements

We may disclose data if required by law, court order, or to protect rights and safety. We will resist requests where legally possible and notify you unless prohibited.

5. International Data Transfers

  • We're based in the EU and prefer EU data storage
  • Some services (Railway, AI providers) operate in the US
  • We rely on Standard Contractual Clauses (SCCs) for legal transfers
  • Your rights under GDPR apply regardless of processing location

6. How Long We Keep Your Data

Data Type Retention Period
Account Data Until you delete your account
Uploaded Content Until you delete it or your account
Neurodiversity Info Until you withdraw consent or delete account
Deleted Data Removed within 30 days
Analytics Events Indefinitely (anonymized, no health data)
Error Logs Indefinitely (anonymized, no health data)
Server Logs 3 months

7. Your Privacy Rights (GDPR)

7.1 Your Rights

  • Access: Request a copy of your data
  • Correction: Fix inaccurate information
  • Deletion: Delete your account and all data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing
  • Restriction: Limit how we process your data
  • Withdraw Consent: Stop processing based on consent (especially health data)

7.2 Special Rights for Sensitive Data

For neurodiversity/health information:

  • Withdraw consent anytime without losing service access
  • Request immediate deletion of just this data
  • Opt-out of personalization while keeping the data stored
  • Request human review of any AI personalization

7.3 How to Exercise Your Rights

  • Email: support@studylm.app
  • In-App: "Contact Us" feature
  • Response Time: Within 30 days (usually faster)

7.4 Complaints

You can complain to:

  • Polish Data Protection Authority (UODO)
  • Your local EU supervisory authority

8. Data Security

8.1 Technical Measures

  • ✅ HTTPS encryption for all data transfers
  • ✅ Secure authentication systems
  • ✅ Regular security updates
  • ✅ Access controls and monitoring
  • ⚠️ Data at rest is not encrypted (except passwords)

8.2 Special Protection for Sensitive Data

Neurodiversity/health information receives extra protection:

  • Limited internal access
  • Audit logs for all access
  • Separate storage from other data
  • Regular review of necessity
  • Immediate deletion upon request

8.3 Your Security Responsibilities

  • Keep credentials secure
  • Don't upload unrelated sensitive documents (medical records, financial docs)
  • Report security concerns immediately
  • Use strong, unique passwords

9. Children's Privacy

  • StudyLM is for users 16 and older
  • We don't knowingly collect data from anyone under 16
  • If we discover underage use, we delete the data immediately
  • Parents can contact us to remove their child's data

10. Cookies and Local Storage

10.1 Web Version

We use local storage (not cookies) for:

  • Session management
  • User preferences
  • Temporary data caching
  • Device ID storage

No cookie banner needed as we don't use cookies for tracking.

10.2 Mobile Apps

  • Local caching for offline access
  • Preference storage
  • No advertising identifiers

11. Push Notifications

Optional notifications include:

  • Study reminders at your chosen times
  • Interesting facts from your materials
  • Service updates
  • Promotional offers (can be disabled separately)

Manage in your device settings anytime.

12. Data Breach Procedures

If a breach occurs:

  • We'll notify affected users within 72 hours
  • We'll inform relevant authorities as required
  • We'll provide information about the breach and our response
  • We'll take immediate steps to minimize harm

13. Changes to This Policy

We may update this policy. For significant changes:

  • In-app notification
  • Email (if you have an account)
  • 30 days notice for material changes

Continued use after changes means acceptance.

14. Additional Jurisdictions

14.1 California (CCPA)

California residents have rights to:

  • Know what personal information we collect
  • Delete personal information
  • Opt-out of sale (we don't sell data)
  • Non-discrimination for exercising rights

14.2 UK (UK GDPR)

UK residents have equivalent rights to EU residents under UK GDPR.

15. Automated Decision Making

  • AI generates content but doesn't make decisions about you
  • No automated profiling that produces legal effects
  • You can request human review of any AI-generated content

16. Contact Us

For privacy questions or to exercise your rights:

Email: support@studylm.app
Data Protection Officer: Michał Pałys-Dudek
Address: ul. Racławicka 79/27, 53-149 Wrocław, Poland
Response Time: Within 30 days

For urgent privacy concerns (like accidental upload of sensitive data), please mark your email as "URGENT - PRIVACY" for faster response.

Last reminder: Please don't upload sensitive personal documents like medical records, financial statements, or government IDs. StudyLM is designed for study materials only.