Skip to content
cramblr
Log in

Legal

Last updated: 2026-02-08

Privacy Policy

This policy explains what data we collect, how AI and billing processors are involved, how long data is retained, and how users can exercise privacy rights.

Summary: We collect only the data needed to run accounts, process AI workflows, secure the platform, and handle billing when paid plans are enabled.

1. Scope

This Privacy Policy explains how cramblr collects, uses, stores, shares, and deletes personal information when you use the Service.

2. Information We Collect

Depending on how you use the Service, we may collect:

  • Account data: name, email, password hash, account settings, terms acceptance metadata, login/session metadata.
  • User content: uploaded images/documents, extracted text, generated flashcards, tags, deck metadata, and exports.
  • Usage and technical data: IP address, browser/user-agent, timestamps, error logs, queue/job status, and security events.
  • Payment data (if paid plans are enabled): billing events, plan status, invoices, and transaction identifiers from Stripe. Full card numbers are processed by Stripe, not stored by us.

3. How We Use Information

  • Provide authentication, account management, and core study workflows.
  • Run AI extraction, card generation, and optional text-to-speech features.
  • Store and deliver private files, downloads, and exports tied to your account.
  • Prevent abuse, enforce policies, detect fraud, and secure the Service.
  • Provide support, incident response, and service reliability operations.
  • Process subscriptions, invoices, and payment operations where applicable.

4. AI and Third-Party Processing

To provide AI functionality, we may transmit your prompts, uploaded images, and related text to third-party AI providers.

We also use infrastructure providers for hosting, storage, logging, email delivery, and payment processing (such as Stripe for billing). These providers process data under their own terms and privacy commitments. We limit disclosure to what is reasonably necessary to provide the Service.

5. How We Share Information

We do not sell personal information for monetary consideration. We may share information:

  • With service providers and subprocessors that help operate the Service.
  • To comply with legal obligations, court orders, or lawful requests.
  • To protect rights, safety, and security of users and the Service.
  • As part of a merger, acquisition, financing, or asset sale.

6. Retention

We retain information for as long as needed to provide the Service and meet legal, accounting, security, and dispute-resolution obligations. Retention periods may vary by data type and legal requirement.

When you delete your account, we remove associated database records and private files linked to your account, including import images and export files.

Limited retention may still apply where required by law or for legitimate security and audit needs.

7. Security

We use administrative, technical, and organizational safeguards designed to protect personal information, including account-scoped authorization checks, signed media links, and restricted storage paths. No method of storage or transmission is completely secure.

8. Cookies and Similar Technologies

We use cookies and similar technologies for authentication, session management, security, preferences, and performance. If analytics or advertising technologies are enabled, we will disclose them and provide required choices under applicable law.

9. Your Rights and Choices

Depending on your jurisdiction, you may have rights to access, correct, delete, or export personal information, and to object to or limit certain processing. You may also have rights related to marketing communications and profiling.

To submit a privacy request, contact [email protected].

10. Children’s Privacy

The Service is not intended for children under the minimum age required by applicable law in your jurisdiction. If we learn we collected personal data from a child where prohibited, we will take steps to delete it.

11. International Data Transfers

Your information may be processed in countries other than your own where our providers operate. Where required, we use appropriate safeguards for cross-border data transfers.

12. Changes to This Policy

We may update this Privacy Policy. We will post the updated version with a revised effective date. Continued use after updates means you accept the revised policy.

13. Contact

For privacy questions, complaints, or rights requests, contact [email protected].