Privacy Policy

Marc Enke
Stephanstr. 22
04103 Leipzig
Germany
Email: studymaxxer@gmail.com

This Privacy Policy is intended for global use. Where required by local law (e.g. in the European Union or Germany), additional legal information such as an imprint or further disclosures may apply alongside this policy.

We collect the following categories of personal data:

• Account and authentication data: Email address, authentication credentials (stored securely), user ID, profile data from third-party sign-in providers (e.g. Google), avatar (if uploaded), account status, and timestamps.
• Study content: Content you create or upload, such as notes, documents, images, audio recordings, links (including websites or YouTube), and generated materials such as flashcards, summaries, quizzes, and chat inputs.
• Learning and personalization data: Study goals, exam dates, study plans, progress data, preferences, onboarding responses, and optional profile information (e.g. name, age, education level, language, settings).
• Billing data: Subscription status, plan details, and billing-related identifiers (e.g. customer ID). Payment information is processed by our payment provider and is not stored by StudyMaxx.
• Support and feedback data: Messages you send, issue reports, optional contact details, and related technical context (e.g. browser type, timestamps).
• Technical and usage data: IP-related request data, device/browser information, session data, consent preferences, and limited usage data necessary for security, stability, and performance.

Where applicable (e.g. under the General Data Protection Regulation), we rely on the following legal bases:

• Contract performance: To provide and maintain your account, deliver features, process subscriptions, and respond to requests.
• Consent: For optional features such as analytics, third-party sign-in, or processing content you choose to submit (e.g. for AI-based features). You may withdraw consent at any time.
• Legitimate interests: To ensure security, prevent abuse, improve the service, enforce usage limits, and provide support. You may object where applicable.
• Legal obligations: To comply with applicable laws, including accounting, tax, and regulatory requirements.

We do not sell personal data or use it for cross-context behavioral advertising.

To operate StudyMaxx, we use selected service providers:

• AI providers (e.g. Google Gemini, OpenAI, Deepgram): When you use AI-powered features (such as summaries, flashcards, or transcription), the content you submit is sent to the relevant provider for processing only when you actively use these features.
• Infrastructure and database (Supabase): Used for authentication, data storage, and file handling.
• Payments (Stripe): Used for subscriptions, billing, and payment processing.
• Authentication (Google OAuth): Used only if you choose to sign in via Google.
• Hosting and analytics (Vercel): Provides hosting and optional analytics (only with your consent).
• External content sources: If you submit a link (e.g. a website or YouTube video), content may be retrieved from that source to perform the requested feature.

Processing by these providers is governed by their respective privacy policies and data processing agreements.

StudyMaxx uses essential cookies and local storage to provide core functionality.

• Necessary storage: Used for authentication, session management, and security. These are required for the service to function.
• Analytics (optional): Analytics tools are only activated if you explicitly consent. They are used solely to understand usage and improve the service, not for advertising.
• Local storage: Your browser may store study data, preferences, and settings locally to improve performance and user experience. When you are logged in, relevant data may also be synchronized with our servers to enable cross-device access.

We retain personal data only as long as necessary:

• Account and study data: until deletion by you or upon account deletion
• Billing records: as required for legal and accounting purposes
• Support data: as long as needed to resolve issues and maintain service quality
• Security data: as needed to protect the service and prevent abuse

You may request deletion of your data at any time.

We use global service providers. As a result, your data may be processed outside your country of residence.

Where required, we implement appropriate safeguards such as standard contractual clauses or equivalent legal mechanisms.

Depending on your location, you may have rights to:

• Access your data
• Correct inaccurate data
• Delete your data
• Restrict or object to processing
• Withdraw consent
• Request data portability

You may also lodge a complaint with a supervisory authority.

To exercise your rights, contact: studymaxxer@gmail.com

We implement appropriate technical and organizational measures, including:

• Encrypted data transmission (HTTPS/TLS)
• Secure authentication systems
• Access controls for backend systems

However, no system can guarantee absolute security.

StudyMaxx is intended for users aged 13 and above.

If stricter age requirements apply in your jurisdiction, those requirements take precedence.

Please do not upload sensitive personal data unless necessary and lawful.

StudyMaxx uses AI to generate study-related content.

These outputs are informational and may contain inaccuracies.

We do not use automated decision-making that produces legal or similarly significant effects.

We may update this Privacy Policy from time to time.

Material changes will be communicated through the service where required.