Privacy Policy

This privacy policy applies to the Studr – AI Notetaker app and the website at studr.app (together, the "Service"), provided by Muhammad Mustafa ("Service Provider", "we", "us"). This service is intended for use AS IS. By using the Service, you consent to the practices described here.

Summary (in plain English)

• You upload lectures, PDFs, and YouTube links. We use AI to transcribe and turn them into notes, summaries, flashcards, and quizzes.
• We store your content in the cloud so it's available across your devices.
• We use third-party AI providers (OpenAI, Google, AssemblyAI) to process your content. We do not sell your data.
• You can delete your account and all associated data at any time — in the app or by emailing us.

1. What We Collect

We collect the following categories of information:

• Account information: name and email address (from Sign in with Google or Apple), and an internal user ID.
• Content you provide: audio recordings, audio files you upload, PDF and document uploads, image uploads (for OCR), YouTube URLs you paste, and chat messages you send to the AI assistant.
• Generated content: AI-generated transcripts, summaries, flashcards, quizzes, and study sections derived from your content.
• Usage data: features you use, time spent, in-app actions, and aggregate session data.
• Device data: mobile operating system, device model, app version, IP address, language, and timezone.
• Subscription data: subscription status, plan, and entitlement information from the App Store / Google Play (via RevenueCat). We do not see your card or payment details.
• Diagnostic data: crash logs and performance metrics (via Firebase Crashlytics).
• Attribution data: when you arrive via a referral or marketing link, we capture utm_* and ref parameters to understand where users come from.

The Service does NOT collect precise GPS location.

2. Audio Recording

The app uses your device's microphone to record audio only when you explicitly start a recording and after you have granted microphone permission. Recordings are uploaded to our servers and processed by AI for transcription, summarization, and study-content generation.

Recording laws are your responsibility. Some jurisdictions and institutions require all-party consent before recording lectures, conversations, or meetings. Before recording, ensure you have permission from your professor or institution and comply with local laws.

3. File and Image Picker

The app may request access to files via your device's file picker. This is used to allow you to:

• Select audio files to transcribe
• Upload PDF documents (lecture slides, textbook chapters, notes) to process and chat with
• Upload images that contain text, which we run through optical character recognition (OCR)

No files are accessed without your explicit selection. Only the files you choose are uploaded and processed.

4. YouTube URLs

When you paste a YouTube URL, we fetch the video's publicly available transcript or captions and process them with AI to generate notes, summaries, and study materials. We do not host or redistribute the underlying YouTube video. We do not access any YouTube account, watch history, or private videos.

5. Authentication

We use Sign in with Google and Sign in with Apple for account creation. We receive your name and email address from these providers and use them to create and identify your account, store your data, and contact you for account-related communications.

6. How We Use Your Data

We use the data we collect to:

• Provide the core features of the Service (transcription, summarization, flashcards, quizzes, chat)
• Sync your content across your devices
• Personalize the in-app experience and remember your preferences
• Send transactional emails (account verification, billing receipts, support replies)
• Send local push reminders for spaced-repetition study sessions, with your permission
• Improve the Service: analyze aggregate usage to fix bugs, improve performance, and develop new features
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations

We do not sell your personal data. We do not use your uploaded content to train third-party AI models beyond what is needed to process your individual request (see "AI Providers" below).

7. AI Providers and Sub-processors

To deliver the Service, we share the minimum necessary data with the following sub-processors. Each is bound by their own privacy policy and applicable data-protection terms:

• OpenAI — large language models for summarization, chat, and study-content generation. OpenAI does not train its models on API data sent through our account.
• Google (Gemini API) — large language models for select generation tasks.
• AssemblyAI — speech-to-text transcription of audio recordings.
• Supabase — database, authentication backend, and file storage.
• Amazon Web Services (AWS) — object storage (S3) for uploaded files.
• Qdrant — vector database used to power semantic search ("chat with your notes").
• Firebase Analytics & Crashlytics — anonymized usage analytics and crash reporting.
• RevenueCat — subscription entitlement and billing-state management.
• Mailtrap — transactional email delivery.

Payments are processed by Apple (App Store) and Google (Google Play). We never see your card number or full billing details.

8. Data Sharing

We share your data only:

• With the sub-processors listed above, strictly as needed to deliver the Service
• To comply with legal obligations, court orders, or lawful government requests
• To protect the rights, safety, or property of users, the public, or the Service Provider, including investigation of fraud or abuse
• In the event of a merger, acquisition, or asset sale (you will be notified before your data becomes subject to a different policy)

9. International Data Transfers

Our sub-processors are based primarily in the United States. If you use the Service from outside the United States, your data will be transferred to and stored in the United States. We rely on the appropriate safeguards (e.g., Standard Contractual Clauses where required) to protect your data in transit.

10. Data Retention

We retain your data for as long as your account is active. Specifically:

• Account profile, content, and generated study materials: retained until you delete the account.
• Server logs: retained for up to 90 days for security and debugging.
• Encrypted backups: deleted data may persist in encrypted backups for up to 90 days before purge.
• Billing and tax records: retained as required by law (typically 6–7 years), even after account deletion.

11. Your Rights

Depending on your location, you may have the right to access, correct, export, restrict, or delete the personal data we hold about you, and to object to certain processing. These rights apply to all users; users in the European Economic Area, United Kingdom, and California may have additional rights under GDPR, UK GDPR, and CCPA respectively.

To exercise any right, email support@studr.app. We will respond within 30 days. You can also delete your account and all associated content directly in the app — see how to delete your account.

Users in California have the right to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.

12. Account Deletion

You can delete your account in the app under Settings → Delete Account, or by emailing support@studr.app with the subject "Delete My Account". Full deletion details and timelines are on the delete account page.

13. Children's Privacy

The Service is not intended for children under 13 (or under 16 in jurisdictions where that is the applicable age of consent). We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, contact support@studr.app and we will delete it promptly.

14. Security

We use industry-standard security practices to safeguard your data, including encrypted transit (TLS), encrypted storage at rest, scoped access tokens, and least-privilege internal access. No system is perfectly secure; we cannot guarantee absolute security but commit to notifying affected users of any material breach as required by law.

15. Cookies and Website Tracking

The studr.app website uses minimal essential storage to render content. We do not use third-party advertising cookies or cross-site trackers on the website.

16. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected on this page with an updated date and, where appropriate, communicated to you via email or in-app notice. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

17. Contact Us

For questions about this policy or to exercise any of your rights, contact: support@studr.app

Last updated: May 2, 2026