Privacy Policy

Last updated: May 2026

1. Information We Collect

When you use StudySense, we collect the following categories of information:

  • Account data — your email address, display name, and profile photo provided through Firebase Authentication (email/password or Google sign-in).
  • Study data — flashcard decks, cards, quiz results, study sessions, language tutoring sessions and messages, vocabulary lists, and daily activity records that you create while using the service.
  • Usage analytics — anonymized interaction data collected through Google Analytics 4 (GA4), such as page views, feature usage frequency, and session duration. This data is aggregated and cannot be used to identify you personally.
  • Subscription & billing data — if you purchase a paid plan, we store your subscription tier and status and the subscription/customer identifiers returned by our payment providers. Your payment-card details are collected and processed directly by Paddle (web) or Google Play (Android) and are never received or stored by us.
  • Device & notification data — if you enable push notifications, we store a device push token, app version, and timezone so we can deliver study reminders. You can disable notifications at any time.

2. How We Use Your Information

  • Provide the service — we use your account and study data to deliver core functionality including spaced repetition scheduling, AI-generated flashcards, language tutoring, document Q&A, and personalized analytics.
  • Improve the app — aggregated usage analytics help us understand which features are most valuable and where the experience can be improved.
  • Maintain security — we use authentication data to enforce access controls and protect your account from unauthorized access.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. AI Processing

StudySense uses AI models provided by OpenAI to power features such as flashcard generation, language tutoring, document Q&A, quiz answer choices, course generation, and the voice tutor. When you use these features, the relevant content — for example your uploaded text, notes, chat messages, and card content, and for the voice tutor the audio you record (which is transcribed to text and used to generate a spoken reply) — is sent to OpenAI through our server-side proxy (Firebase Cloud Functions). Your content is never sent directly from your browser to OpenAI.

Content submitted to OpenAI through its API is not used to train OpenAI's models. OpenAI may retain API inputs and outputs for a limited period (up to 30 days) for abuse and misuse monitoring, after which they are deleted, in accordance with OpenAI's API data-usage policies. All AI requests are authenticated and rate-limited on our servers, and we apply content moderation and input sanitization to AI interactions for safety.

4. Data Storage & Security

Your data is stored in Google Cloud Firestore with authentication-scoped access controls. Every database query is restricted to your user ID, meaning no user can read or modify another user's data. Firestore security rules enforce field-level validation on all write operations.

All data is encrypted in transit using TLS. Firestore provides encryption at rest by default. We use Firebase Authentication to verify your identity before granting access to any data.

A persistent local cache is enabled on your device to provide offline access to your study materials. This cache is managed by the Firebase SDK and stored in your browser's IndexedDB.

5. Third-Party Sub-Processors

We rely on a small number of trusted service providers (“sub-processors”) to operate StudySense. Each receives only the data needed to perform its function:

  • OpenAI — processes the text and voice-audio content you submit to AI features, as described in Section 3.
  • Google Firebase & Google Cloud — provides authentication, the Firestore database that stores your account and study data, and the Cloud Functions that run our server-side logic.
  • Paddle.com Market Ltd — our Merchant of Record for web subscriptions; processes payments and related billing data.
  • RevenueCat, Inc. — manages subscription state for purchases made through Google Play on the Android app.
  • Google Play Billing — processes payments for subscriptions purchased through the Android app.
  • Firebase Cloud Messaging — delivers push notifications to your device if you enable them.
  • Google Analytics 4 — anonymized, consent-gated usage analytics (see Section 6).

These providers may process and store data on servers located outside your country, including in the United States and the European Union. Where personal data is transferred internationally, our providers rely on recognized safeguards (such as the EU Standard Contractual Clauses). We do not sell your personal data, and we require all sub-processors to protect it under their own privacy and security commitments.

6. Cookies & Analytics

StudySense uses Google Analytics 4 (GA4) to collect anonymized usage data. GA4 may set cookies in your browser to distinguish unique users and throttle request rates. These cookies do not contain personally identifiable information.

We also use localStorage to persist your preferences (such as theme and study goals) locally on your device. This data never leaves your browser.

You may be shown a consent banner on your first visit. You can manage your cookie preferences at any time through your browser settings. Disabling cookies will not affect core app functionality.

7. Your Rights

You have the right to:

  • Access your personal data — all your study data is visible within the app at any time.
  • Export your data — you can export your flashcard decks and study history from the Settings page.
  • Delete your account and all associated data — you can request account deletion from the Settings page. Upon deletion, all your data (decks, cards, sessions, vocabulary, and activity records) will be permanently removed from our servers.

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated data is permanently deleted from Firestore and cannot be recovered. Anonymized analytics data collected by GA4 is retained according to Google's standard data retention policies and cannot be linked back to your account after deletion.

9. Children's Privacy

StudySense is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can take appropriate action to remove that data.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Your continued use of StudySense after any changes constitutes acceptance of the updated policy.

11. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us at support@studysense.app.

We use cookies for analytics to improve your experience. Learn more