Privacy Policy

Privacy Policy

Last Updated: January 20, 2026

1. Introduction

This Privacy Notice for A.C.N. 694 510 248 PTY LTD (Trading as STUDYBETTER IO) (doing business as StudyBetter) (“we,” “us,” or “our”), describes how and why we might access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you:

  • Use StudyBetter. StudyBetter is an AI-powered educational platform that helps students learn more effectively. The core feature is intelligent quiz generation from uploaded study materials, enabling students to identify knowledge gaps and reinforce learning through active recall. Additional features include AI-powered chat with study materials and summary generation.
  • Engage with us in other related ways, including any marketing or events

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@studybetter.net.

Summary of Key Points

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.

Do we process any sensitive personal information? We do not intentionally collect sensitive personal information such as racial or ethnic origins, sexual orientation, or religious beliefs. However, study materials you upload may incidentally contain personal information. We process such content only to provide our AI-powered learning features.

Do we collect any information from third parties? We collect basic profile information (name, email address) when you sign in with Google.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your prior explicit consent.

Do AI providers retain your data? We enable zero data retention policies with our AI service providers wherever possible. This means your content sent to AI providers is not stored beyond the immediate processing of your request, except for minimal temporary logs retained for abuse detection (typically 30 days or less), and is not used for training AI models.

In what situations and with which types of parties do we share personal information? We may share information in specific situations and with specific categories of third parties.

How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review the Privacy Notice in full below.

2. Information We Collect

We may collect personal information in a variety of ways:

a. Information You Provide to Us:

  • Account Information: When you sign in with Google, we collect your name and email address from your Google account. We do not store your profile picture.
  • User Content: We collect the information and content you create, upload, or share through our Services, such as notes, documents, or other study materials.
  • Payment Information: If you make a purchase or subscribe to our Services, payment processing is handled by Polar.sh. We do not store your payment card information.
  • Communications: If you contact us for support, we may collect your email address and the contents of your message.

Educational Content: When you use our AI-powered features, we process the following categories of information:

  • Student data - Educational content, study materials, and academic information you upload to use our AI-powered learning features. This data is sent to our AI providers (OpenAI, Google Cloud AI, xAI) with zero data retention configurations, subject to minimal temporary logs for abuse detection.

b. Information We Collect Automatically:

  • Log and Usage Data: We automatically collect basic log data when you use our Services, including your IP address, browser type, and timestamps. This information is used for security, debugging, and service improvement.
  • Essential Cookies: We use only essential cookies necessary for authentication and to maintain your logged-in session. We do not use advertising or tracking cookies.
  • Session Replay Data: We use PostHog to collect privacy-focused session recordings (mouse movements, clicks, page navigation) to improve user experience and troubleshoot issues. All text input values are masked (replaced with asterisks), and recording is stopped on pages within the subscription and settings sections. Recordings are retained for a limited period according to our analytics retention settings. See Section 13 for details.

c. Information from Google Authentication: When you sign in with Google, we receive your name and email address. This is the only third-party data we collect.

3. How We Use Your Information

We use personal information collected via our Services for the following purposes:

  • To provide, operate, and maintain our Services: Including to create and manage your account, authenticate your login, process transactions, and send you service-related information such as purchase confirmations.
  • To improve and expand our Services: To understand how you use our Services and develop new features and functionality.
  • To communicate with you: To respond to your support requests, provide customer service, and send you technical notices, updates, and security alerts.
  • For optional marketing communications: To send you occasional emails about new features, updates, or educational content. You can opt out of these emails at any time.
  • To process your payments: Payment processing is handled securely by our payment processor, Polar.sh.
  • For security and compliance: To protect the security of our Services, prevent fraud and abuse, and comply with applicable laws and legal requests.

If you are an individual in the EEA, we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:

  • We need it to provide you the Services, including to operate the Services, provide customer support and personalized features, and to protect the safety and security of the Services;
  • It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services, and to protect our legal rights and interests;
  • You give us consent to do so for a specific purpose; or
  • We need to process your data to comply with a legal obligation.

If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.

5. Data Sharing and Disclosure

We limit data sharing to only what’s necessary to provide our Services. We share your information in the following situations:

  • AI Service Providers: Your study materials and content are sent to our AI providers (OpenAI, Google Cloud AI, and xAI) to provide AI-powered features. We have configured zero data retention options with these providers, subject to minimal temporary logs for abuse detection.
  • Payment Processor: Payment information is processed by Polar.sh. We do not store your payment card details. See Polar.sh for details: https://polar.sh
  • Infrastructure and Hosting: Your data is stored on secure cloud infrastructure providers necessary to operate our Services.
  • Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.
  • Security and Fraud Prevention: We may disclose your information where necessary to investigate, prevent, or take action regarding suspected fraud, security threats, or violations of our Terms of Service.

We do not:

  • Sell your personal information to anyone
  • Share your data with advertising or marketing partners
  • Use tracking cookies or share data with analytics companies beyond basic server logs

6. Do We Offer Artificial Intelligence-Based Products?

In Short: We offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies.

As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (collectively, “AI Products”). These tools are designed to enhance your experience and provide you with innovative solutions. The terms in this Privacy Notice govern your use of the AI Products within our Services.

Use of AI Technologies

We provide the AI Products through third-party service providers (“AI Service Providers”), including OpenAI, Google Cloud AI, and xAI. As outlined in this Privacy Notice, your input, output, and personal information will be shared with and processed by these AI Service Providers to enable your use of our AI Products for purposes outlined in “HOW DO WE PROCESS YOUR INFORMATION?” You must not use the AI Products in any way that violates the terms or policies of any AI Service Provider.

Our AI Products

Our AI Products are designed for the following functions:

  • AI applications - Quiz generation from study materials, AI-powered chat with uploaded content, and automatic summary generation to enhance learning and knowledge retention.

How We Process Your Data Using AI

All personal information processed using our AI Products is handled in line with our Privacy Notice and our agreement with third parties. This ensures high security and safeguards your personal information throughout the process, giving you peace of mind about your data’s safety.

Zero Data Retention Policy

We have implemented zero data retention policies with our AI Service Providers to maximize your privacy:

  • No Long-Term Storage: Your content is not stored by AI providers beyond the immediate processing of your request.
  • No Training on Your Data: We do not use your content to train our own models, and we have configured our AI Service Providers to not use your data for training their models.
  • Minimal Temporary Logs: AI Service Providers may retain minimal logs for a short period (typically 30 days or less) solely for abuse detection and fraud prevention, as required by their terms of service.
  • Single-Purpose Processing: Your study materials and generated content are processed exclusively to provide you with the requested AI features and are not used for any other purpose without your explicit consent.
  • Automatic Deletion: Once your AI request is processed and the response is delivered, your content is automatically deleted from the AI provider’s systems (subject to the minimal temporary logging noted above).

This zero data retention approach ensures that your educational content, study materials, and personal learning data remain private and are not retained, analyzed, or used for purposes beyond your immediate use of our Services.

7. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction.

If you are located in the EEA, your personal information may be transferred to and processed in Australia and other countries outside the EEA that may not provide the same level of data protection as your home country. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and that appropriate safeguards are in place to protect your personal data, such as by using Standard Contractual Clauses approved by the European Commission, or by relying on adequacy decisions where applicable.

8. Data Retention

We retain personal information only for as long as necessary for the purposes described in this Privacy Policy, including to comply with legal obligations, resolve disputes, and enforce agreements. Typical retention periods:

  • Content sent to AI providers: Zero retention policy - your content is not stored by AI providers beyond immediate processing (subject to minimal temporary logs for abuse detection, typically 30 days or less).
  • Uploads and generated content (documents, images, slides, quizzes, summaries, chats): Retained on our servers until you delete the item or your account is deleted.
  • Application logs and telemetry: Typically 30–90 days.
  • Backups: Encrypted backups may retain deleted data for 30–90 days until backup rotation completes.
  • Billing and transactional records: Retained for up to 7 years to meet tax and accounting obligations.
  • Support tickets and correspondence: retained for up to 24 months.

9. Your Privacy Rights

a. Australian Privacy Principles: Under the Australian Privacy Act 1988 (Cth), you have the right to:

  • Access the personal information we hold about you.
  • Correct any inaccurate personal information we hold about you.
  • Make a complaint if you believe we have breached the APPs.

b. GDPR Rights for EEA Individuals: If you are a resident in the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

  • The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your Personal Data.
  • The right of restriction. You have the right to request that we restrict the processing of your personal information.
  • The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

To exercise any of these rights, please contact us using the contact details provided below. We may need to verify your identity before responding. We aim to respond within 30 days. Deletion requests will be honored subject to legal/contractual obligations; data may persist in backups for up to 30–90 days.

10. Data Security

We implement technical and organizational measures to protect personal information, including TLS encryption in transit, encryption at rest for stored content, role‑based access controls, and audit logging for administrative access. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security. We welcome responsible disclosure at support@studybetter.net.

Data Breach Notification:

In the event we become aware of a security breach that results in unauthorized access to your personal information, we will notify affected users without undue delay and within the timeframes required by applicable law (such as 72 hours under GDPR where feasible, or as required by the Australian Privacy Act). Notification will be sent to the email address associated with your account and may include: (a) a description of the nature of the breach; (b) the types of information potentially affected; (c) steps we are taking to address the breach; and (d) recommendations for steps you can take to protect yourself.

11. Children’s Privacy

Our Services are directed to users aged 13 and older. We do not knowingly collect personal information from children under the age of 13. If we become aware that a child under 13 has provided personal information, we will take steps to delete such information promptly.

Parental Consent for Users Aged 13-17:

If you are at least 13 years old but under 18 years old (or the age of legal majority in your jurisdiction), you may only use the Services with the consent and under the supervision of a parent or legal guardian who agrees to be bound by these Terms on your behalf. By permitting your child to use the Services, parents and guardians represent and warrant that they have the legal authority to consent on behalf of the minor and agree to:

  • The terms of this Privacy Policy and our Terms of Service;
  • Accept full responsibility for the minor’s use of the Services;
  • Be liable for any breaches of these terms by the minor; and
  • Supervise the minor’s use of the Services as appropriate for their age.

Parents and Guardians:

We encourage parents and guardians to take an active role in their children’s online activities. We do not have a practical means to verify the age of users or to confirm that parental consent has been obtained. By allowing a minor to access the Services, parents and guardians accept responsibility for that decision. If you are a parent or guardian and you become aware that your child has provided us with personal information without your consent, please contact us at privacy@studybetter.net. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to remove that information from our servers.

12. Cookies and Essential Technologies

We use only essential cookies necessary for the basic functioning of our Services:

  • Authentication Cookies: To keep you logged in to your account
  • Session Cookies: To maintain your session state as you navigate the Services
  • Security Cookies: To protect against unauthorized access and fraud

We do not use:

  • Advertising cookies
  • Tracking cookies
  • Analytics cookies from third parties
  • Marketing or promotional cookies

These essential cookies are necessary for the Services to function and cannot be disabled. By using our Services, you consent to the use of these essential cookies.

13. Session Replay and Analytics

In Short: We use PostHog for session replay to improve user experience and troubleshoot issues. All recordings are privacy-focused with comprehensive data masking.

What We Collect Through Session Replay:

We use PostHog, a privacy-focused analytics platform, to collect session replay data that helps us:

  • Understand how users interact with our Services
  • Identify and fix technical issues and bugs
  • Improve user experience and interface design
  • Provide better customer support

Session Recordings Include:

  • Mouse movements, clicks, and scrolls
  • Page navigation and interactions
  • Console logs (errors and warnings only in production)
  • Anonymous performance metrics

What We DO NOT Capture:

  • All text input values are automatically masked (replaced with asterisks) to prevent capturing typed content
  • Password fields are never captured (we use Google OAuth - no passwords in our app)
  • Payment information (handled by our payment provider Polar.sh, which may use Stripe as a sub-processor)
  • Sensitive page content on checkout and account deletion flows
  • Personal identifiable information in form fields

Privacy Protections:

We have implemented comprehensive privacy measures:

  • Input Masking: All input fields are automatically masked to prevent capturing typed content
  • Selective Blocking: Sensitive UI elements (payment buttons, account deletion dialogs) are excluded from recordings
  • Page-Level Control: Recording is automatically stopped on all pages in the subscription and settings sections (including checkout and sensitive account actions) to provide comprehensive privacy protection
  • Network Capture Controls: In production environments, network request and response headers and bodies are not recorded at all; in development environments, network headers and bodies may be recorded for debugging purposes without additional filtering
  • Data Minimization: Only errors and warnings are logged in production environments

Data Retention and Storage:

  • Session recordings are stored by PostHog (EU region: eu.i.posthog.com)
  • Recordings are retained for a limited period according to our analytics retention settings
  • Data is encrypted in transit and at rest
  • PostHog does not share session data with third parties

Your Rights:

You can request deletion of your session recordings by contacting us at privacy@studybetter.net. We will honor your right to erasure under GDPR and other applicable privacy laws.

Legal Basis:

We process session replay data based on our legitimate interest in improving our Services and providing technical support, while implementing appropriate safeguards to protect your privacy.

14. Do Residents of Australia and New Zealand Have Specific Privacy Rights?

In Short: Yes, if you are a resident of Australia or New Zealand, you are granted specific rights regarding access to your personal information.

We collect and process your personal information under the obligations and conditions set by Australia’s Privacy Act 1988 and New Zealand’s Privacy Act 2020 (Privacy Act).

This Privacy Notice satisfies the notice requirements defined in both Privacy Acts, in particular: what personal information we collect from you, from which sources, for which purposes, and other recipients of your personal information.

If you do not wish to provide the personal information necessary to fulfill their applicable purpose, it may affect our ability to provide our services, in particular:

  • offer you the products or services that you want
  • respond to or help with your requests
  • manage your account with us
  • confirm your identity and protect your account

At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us by using the contact details provided in the section “HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?”

If you believe we are unlawfully processing your personal information, you have the right to submit a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner and a breach of New Zealand’s Privacy Principles to the Office of New Zealand Privacy Commissioner.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Last Updated” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

16. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, you may email us at privacy@studybetter.net or contact us by post at:

A.C.N. 694 510 248 PTY LTD (Trading as STUDYBETTER IO) Australia

17. How Can You Review, Update, or Delete the Data We Collect From You?

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law.

To request to review, update, or delete your personal information, please:

  • Log in to your account settings and update your user account
  • Contact us using the contact information provided above
  • Submit a data subject access request

Upon your request to delete your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.