GDPR Compliance

Your Rights

Under the GDPR, if you are in the European Economic Area (EEA), you have the following rights regarding your personal data:

• Right of Access — You can request a copy of the personal data we hold about you.
• Right to Rectification — You can ask us to correct inaccurate or incomplete data.
• Right to Erasure — You can request that we delete your personal data.
• Right to Data Portability — You can request your data in a structured, machine-readable format.
• Right to Object — You can object to the processing of your personal data in certain circumstances.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent — When you sign in and agree to our terms.
• Contract — To provide the Active Recalling service you have subscribed to.
• Legitimate Interest — To improve our service and ensure security.

Data Processing

Your data is processed and stored using Supabase infrastructure. We only collect data that is necessary to provide the service: your name, email address, profile picture (from Google OAuth), and the learning content you create within the platform. Payment data is processed by Dodo Payments, our Merchant of Record, and is subject to their privacy policy.

Data Retention

We retain your personal data for as long as your account is active. If you delete your account, your personal data and all associated content will be removed within 30 days.

Exercising Your Rights

To exercise any of your GDPR rights, please contact our Data Protection team at [email protected]. We will respond to your request within 30 days.