Privacy Policy

Welcome to StudySolutions. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered academic assistance platform, including our plagiarism detection, AI content humanization, and document unlocking services.

Data Controller: StudySolutions is the data controller responsible for your personal data. We determine the purposes and means of processing your personal information in accordance with applicable data protection laws, including the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2.1 Personal Information

We collect the following categories of personal information:

• Account Information: Name, email address, password (encrypted), and profile preferences when you create an account.
• Payment Information: Billing address, payment method details, and transaction history. Note that full payment card details are processed and stored by our payment processor, Stripe, and we do not have access to your complete card numbers.
• Subscription Information: Your subscription tier (Basic, Premium, or Premium+), subscription status, and usage limits.
• Communication Data: Email correspondence, support tickets, and feedback you provide to us.

2.2 Usage Data

We automatically collect information about how you interact with our services:

• Service Usage: Features accessed, frequency of use, timestamps, and usage patterns for our plagiarism detection, humanizer, and document unlocking services.
• Device Information: Browser type, operating system, device identifiers, IP address, and screen resolution.
• Log Data: Server logs including access times, pages viewed, referring URLs, and system activity.
• Performance Data: Error reports, crash logs, and diagnostic information.

2.3 Uploaded Files and Content

When you use our services, you may upload or input content:

• Documents for Plagiarism Detection: Files uploaded for Turnitin analysis are temporarily stored in our secure cloud storage (Cloudflare R2) and automatically deleted after processing is complete.
• Text for Humanization: Text submitted to our AI Humanizer service is processed in real-time and is not permanently stored after the session ends.
• Unlocked Documents: Documents retrieved through our unlocking service are cached temporarily to improve performance and are subject to automatic expiration.

3.1 Information You Provide Directly

We collect information when you:

• Create an account or update your profile
• Subscribe to a plan or make a purchase
• Upload documents or submit text for processing
• Contact our support team or submit feedback
• Participate in surveys or promotional activities

3.2 Information Collected Automatically

When you use our services, we automatically collect certain information through cookies, web beacons, and similar tracking technologies. This includes:

• Session information and authentication tokens
• Browser and device characteristics
• Usage patterns and navigation paths
• Geographic location (country/region level)

3.3 Information from Third Parties

We may receive information from third-party sources:

• Authentication Providers: If you sign in using third-party authentication (when available), we receive basic profile information.
• Payment Processors: Stripe provides us with transaction confirmations and limited billing information.
• Analytics Services: We use analytics tools to understand aggregate usage patterns.

We use your information for the following purposes:

4.1 Service Delivery

• Provide, maintain, and improve our AI-powered academic tools
• Process plagiarism checks, content humanization, and document unlocking requests
• Manage your account and subscription
• Process payments and prevent fraud

4.2 Communication

• Send transactional emails (account verification, password resets, receipts)
• Provide customer support and respond to inquiries
• Send service updates and security alerts
• Send promotional communications (with your consent, where required)

4.3 Analytics and Improvement

• Analyze usage patterns to improve our services
• Develop new features and functionalities
• Monitor and ensure the security of our platform
• Detect and prevent abuse or violations of our terms

4.4 Legal and Compliance

• Comply with legal obligations and regulatory requirements
• Enforce our Terms of Service and other agreements
• Protect our rights, privacy, safety, or property
• Respond to lawful requests from public authorities

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

5.1 Contractual Necessity

We process your personal data to perform our contract with you, including providing our services, processing payments, and managing your subscription. Without this data, we cannot provide our services to you.

5.2 Legitimate Interests

We process certain data based on our legitimate business interests, such as improving our services, preventing fraud, and ensuring platform security. We balance these interests against your rights and freedoms.

5.3 Legal Obligations

We may process your data to comply with legal obligations, including tax requirements, responding to lawful government requests, and maintaining records as required by law.

5.4 Consent

Where required by law, we obtain your consent before processing your personal data for specific purposes, such as sending marketing communications. You may withdraw your consent at any time.

We do not sell your personal information. We may share your information with the following categories of third parties:

6.1 Service Providers

We work with trusted service providers who process data on our behalf:

• Supabase: Database hosting, user authentication, and secure data storage. Supabase processes your account information and usage data.
• Stripe: Payment processing. Stripe handles your payment information according to PCI DSS standards and their own privacy policy.
• Resend: Transactional email delivery. Resend processes your email address to send verification emails, receipts, and notifications.
• Cloudflare R2: Secure file storage for documents uploaded for plagiarism detection. Files are encrypted and automatically deleted after processing.

6.2 API Partners

Our services integrate with third-party APIs to provide functionality:

• Turnitin API: For plagiarism detection. Submitted documents are processed according to Turnitin's privacy practices.
• Ryne.ai API: For AI content humanization. Text is processed in real-time and not retained by the API provider.

6.3 Legal Requirements

We may disclose your information if required to:

• Comply with applicable laws, regulations, or legal processes
• Respond to lawful requests from public authorities
• Protect our rights, privacy, safety, or property
• Enforce our agreements and investigate potential violations

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

Your personal data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

When we transfer personal data from the EEA, UK, or Switzerland to other countries, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): We use European Commission-approved standard contractual clauses with our service providers.
• Adequacy Decisions: We may transfer data to countries that have been recognized as providing adequate data protection.
• Data Processing Agreements: We maintain appropriate data processing agreements with all third-party processors.

Our primary data storage is located in secure data centers managed by Supabase and Cloudflare, which maintain robust security measures and compliance certifications.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.

8.1 Retention Periods

• Account Data: Retained for the duration of your account plus 30 days after account deletion to allow for account recovery.
• Transaction Records: Retained for 7 years to comply with tax and accounting requirements.
• Usage Data: Aggregated and anonymized usage data may be retained indefinitely for analytics purposes. Identifiable usage data is retained for up to 2 years.
• Uploaded Documents: Deleted within 24 hours of processing completion or according to the expiration policy for cached unlocks.
• Support Communications: Retained for up to 3 years after resolution.

8.2 Account Deletion

When you delete your account, we will delete or anonymize your personal data within 30 days, except for data we are required to retain for legal or legitimate business purposes.

9.1 Rights Under GDPR (EEA, UK, Switzerland Residents)

If you are located in the EEA, UK, or Switzerland, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten") in certain circumstances.
• Right to Restriction: Request restriction of processing in certain circumstances.
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

9.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the CCPA:

• Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes of collection, and the categories of third parties with whom we share it.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell personal information. However, if this changes, you will have the right to opt out.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

9.3 Exercising Your Rights

To exercise any of these rights, please contact us using the information in the Contact Information section below. We will respond to your request within the timeframe required by applicable law (generally 30 days for GDPR and 45 days for CCPA).

We may need to verify your identity before processing your request. If you have an account with us, we may ask you to log in. Otherwise, we may request additional information to confirm your identity.

Our services are not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately. If we learn that we have collected personal information from a child without verification of parental consent, we will take steps to delete that information promptly.

Users between 13-18 years old (or 16-18 in the EEA) should review this Privacy Policy with their parent or guardian to ensure they understand it before using our services.

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and provide personalized features.

11.1 Types of Cookies We Use

• Essential Cookies: Required for the operation of our services, including authentication, session management, and security features. These cannot be disabled.
• Functional Cookies: Remember your preferences and settings to provide a personalized experience.
• Analytics Cookies: Help us understand how users interact with our services so we can improve them.
• Performance Cookies: Monitor and improve the performance of our services.

11.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse cookies or alert you when cookies are being sent. However, some features of our services may not function properly without essential cookies.

To learn more about cookies and how to manage them, visit www.allaboutcookies.org.

11.3 Do Not Track

Some browsers have a "Do Not Track" feature that signals to websites that you do not want to be tracked. We currently do not respond to Do Not Track signals, but we honor the privacy choices described in this policy.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

12.1 Technical Safeguards

• Encryption: Data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption algorithms.
• Secure Authentication: We use secure authentication mechanisms including password hashing, magic links, and session management through Supabase Auth.
• Access Controls: Role-based access controls limit data access to authorized personnel only.
• Regular Security Audits: We conduct regular security assessments and vulnerability testing.

12.2 Organizational Safeguards

• Employee training on data protection and security best practices
• Incident response procedures for data breaches
• Regular review and update of security policies
• Vendor security assessments for third-party service providers

12.3 Your Responsibilities

While we take extensive measures to protect your data, security is a shared responsibility. We encourage you to:

• Use a strong, unique password for your account
• Keep your login credentials confidential
• Log out of your account when using shared devices
• Contact us immediately if you suspect unauthorized access to your account

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you by email (for significant changes)
• Display a prominent notice on our website
• Obtain your consent where required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Your continued use of our services after any changes indicates your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact your local data protection authority. A list of EU data protection authorities can be found at edpb.europa.eu.

For California residents, you may also contact the California Attorney General's office regarding your CCPA rights at oag.ca.gov/privacy.

We aim to respond to all privacy inquiries within 30 days. If your request is complex, we may need additional time and will keep you informed of any delays.