Privacy Policy

We value your privacy and comply with Swedish and EU data protection laws (including GDPR). This Privacy Policy explains what data we collect, how we use it, and your rights. By using the AI Study Pilot web app ("we", "our", or "the app"), you agree to this Privacy Policy.

Data We Collect

We collect minimal personal data needed to provide and improve our service:

  • Account Information: When you create an account, we collect your email address and a password. If you sign up or log in with Google, we receive your basic Google profile info (such as your name and email) via Google’s OAuth service.
  • Study Content: The text, notes, or files you upload to the app for study purposes (e.g. to generate flashcards or quizzes).
  • Progress Data: Your study progress and usage data within the app (such as quiz scores, flashcard performance, and study session history).
  • Communications: If you contact us or provide feedback (e.g. via our contact form), we collect the information you provide in those communications.
  • Cookies and Usage Data: We use cookies to operate the site (see Cookies below). Through these, we may collect technical data like your browser type and usage patterns. Analytics cookies (Google Analytics) are only used if you consent.

We do not collect sensitive personal data like personal identity numbers, payment card details (unless you opt for future premium features), or any information unrelated to providing the study service.

How We Use Your Data

We only use your personal data for legitimate purposes, including:

  • Providing the Service: To create and manage your account, authenticate you at login, and enable the AI-driven study tools (like generating flashcards/quizzes from your content and tracking your progress).
  • Personalized Learning: To tailor the study experience to you. For example, the app uses your content and progress data to customize flashcard decks and suggest quizzes appropriate to your level.
  • Analytics and Improvement: To understand how the app is used and improve our features. We use Google Analytics to gather usage statistics (only if you have accepted analytics cookies). This helps us identify what features are useful and improve the app’s performance. All analytics data is anonymized where possible.
  • Communication: To send you service-related notifications or respond to your inquiries. For example, we might email you about important updates or respond when you contact us via the form.

We will not use your data for any purpose that is incompatible with the above. We do not sell your personal data to third parties or use it for advertising.

Cookies and Tracking

Our app uses cookies and similar technologies to function effectively and to collect analytics (with your consent):

  • Essential Cookies: These are necessary for the website to work. For example, when you log in, a session cookie keeps you logged in as you navigate. We also use a CSRF token cookie for security (to protect against cross-site request forgery attacks). These cookies do not require consent as they are needed for core functionality.
  • Analytics Cookies: With your permission, we use Google Analytics cookies to collect information on how you use the app (e.g. which pages you visit, for how long). This helps us improve the user experience. These cookies will not be set unless you choose “Accept All” on our cookie consent banner.
  • Cookie Consent Choices: When you first visit the site, you are presented with a cookie banner. You can choose “Essential Only” to decline non-essential cookies, or “Accept All” to allow analytics cookies in addition to essential ones. Your choice will be remembered. You can change your preference at any time by clearing your cookies or contacting us for assistance. For more details, please see our Cookie Policy.

Third-Party Services

We rely on a few third-party providers to run our app. We only share the minimum necessary data with them, and each of these providers is compliant with GDPR or provides equivalent safeguards:

  • Google Analytics (Google LLC): If you opt in, we use Google Analytics to track usage data (like page visits and clicks). Google may receive your IP address and device information to provide aggregated analytics. We have configured Analytics to anonymize IP addresses as far as possible. You can opt out by choosing not to accept analytics cookies.
  • Google reCAPTCHA (Google LLC): We use reCAPTCHA on our site (for example, on sign-up and contact forms) to prevent spam and abuse. This service may collect hardware and software information (such as device and application data) and send it to Google for analysis. reCAPTCHA is used strictly for security purposes.
  • Google Sign-In (OAuth): If you choose to log in via your Google account, Google’s OAuth service will authenticate you. We receive your name and email from Google to set up your account profile. We do not receive your Google password or any other data beyond your basic profile info.
  • Microsoft Azure (Microsoft Corporation): We host our application and store all data on Azure cloud servers located in the West Europe region (within the EU). Azure acts as our data processor, handling data on our behalf. Microsoft Azure implements strong security measures and is GDPR-compliant. All your data remains within EU data centers.
  • OpenAI API (OpenAI, Inc.): Our app uses OpenAI’s artificial intelligence service to generate flashcards and quiz questions from your study content. When you input study text or upload material for AI processing, that content is sent to OpenAI’s API. Important: We do not send any personally identifiable information about you to OpenAI — only the study material text you provide. OpenAI may temporarily process and store that content to generate results, but they are not given your name, email, or any other personal details.
  • Stripe (Stripe, Inc.): Planned for future use. In the future, if we offer premium subscriptions (€19.99/month as planned), we will use Stripe to process payments. This means if you decide to subscribe, you will provide payment information (e.g. credit card details) through Stripe’s secure platform. Stripe will handle and store your payment details; we do not see or store your full payment information. At this MVP stage, we are not processing any payments and are not sharing data with Stripe yet.

Each third party only has access to the information needed to perform their role, and they are obligated to protect your data. If any third-party service involves data transfer outside the EU, we ensure appropriate legal safeguards (such as EU Standard Contractual Clauses) are in place.

Data Storage and Security

We take security seriously. Your data is stored securely in the Microsoft Azure West Europe data center (located within the EU). We implement industry-standard security practices to protect your information, including:

  • Encryption: All network communication is encrypted via HTTPS. Passwords are stored in hashed form.
  • Access Control: Only authorized personnel can access the system and databases, and only for valid reasons.
  • Regular Backups: We back up data periodically to prevent loss, and those backups are secured as well.

While we strive to protect your data, no system is 100% secure. As this is a pilot (MVP) service, some features are still in development, but we continuously update our security measures. You accept that there is always some risk in transmitting data over the internet, and we cannot guarantee absolute security of your information. If a significant data breach occurs that affects your personal data, we will inform you and the relevant authorities as required by GDPR.

Data Retention

We keep your personal data only as long as necessary for the purposes described:

  • Account Data: Information like your email, profile info, and study data is kept for as long as you have an active account.
  • Deleted Accounts: If you delete your account or request deletion of your data, we will erase or anonymize your personal data within a reasonable time. (Some data may be kept in secure backups or logs for a short period before being automatically deleted.)
  • Analytics Data: Data collected via Google Analytics is retained according to Google’s standard retention periods (e.g. 14 months) and is used in aggregate form for trend analysis before it is deleted by Google.

Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Access and Portability: You can request a copy of the personal data we hold about you, and we will provide it in a common electronic format.
  • Correction: You have the right to ask us to correct or update any inaccurate or incomplete information (for example, update your email if it changes).
  • Deletion: You can request that we delete your personal data. For instance, you can ask to delete your account and all associated data. We will comply unless we are required to keep certain data by law or for legitimate purposes.
  • Withdrawal of Consent: If we are processing any of your data based on consent (for example, analytics cookies), you can withdraw your consent at any time. This will stop that specific processing going forward (it won’t affect processing already done while consent was in place).
  • Objection & Restriction: You may object to our processing of your data in certain cases, or ask us to restrict processing. For example, you can request that we limit use of your data while we address a concern you have.
  • Complaint: If you believe we are not complying with data protection laws, you have the right to lodge a complaint with a supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).

You can exercise most rights by contacting us (see Contact Us below). We will respond within one month of receiving your request, as required by GDPR (this may be extended by two further months for complex requests, but we will let you know if more time is needed).

Children’s Privacy

Our service is not directed to children, and we do not knowingly collect personal data from anyone under the age of 13. If you are under 13, please do not use this app or provide any personal information. If you are between 13 and 16 years old, you should only use the app with the consent of a parent or guardian, as required by law. We have not implemented strict age verification in this MVP, so we rely on users to be honest about their age. If we become aware that we have collected personal data from a child under 13 without parental consent, we will delete that data. If you are a parent or guardian and believe your child has provided personal data to us, please contact us so we can remove it.

Contact Us

We welcome any questions or concerns about privacy. If you want to exercise your rights or have questions about how we handle your data, please contact us via the contact form on our website.

Data Controller: AI Study Pilot (operated in Sweden).
Contact Method: Contact form on the AI Study Pilot website. (Please mention "Privacy" in your message so we can direct it appropriately.)

We will do our best to respond promptly (generally within a few business days).

Changes to This Policy

We may update this Privacy Policy from time to time as our service evolves or as laws change. If we make significant changes, we will notify users via the app or email. The "last updated" date below shows when this Policy was last revised.

Last updated: April 5, 2025.