The data controller is the operator of StudyZap, based in Italy. To exercise your rights or for any information regarding the processing of your data, contact us at: privacy@studyzap.it
We collect the following data: • Registration data: email address, username/display name, password (encrypted). • Usage data: study sessions, card progress, XP and ZAP scores, registration date, last access. • Uploaded content: PDFs provided by the user (processed to generate flashcards, not stored after processing). • Payment data: managed exclusively by Stripe Inc. — we do not store credit card data. • Technical data: IP address, browser type, operating system (collected automatically for security and aggregate analytics). • Marketing consent: if you accepted promotional communications, we record this consent with date and time.
a) Service delivery (Art. 6.1.b GDPR): account management, flashcard generation, XP/ZAP calculation, subscription management. b) Legal compliance (Art. 6.1.c GDPR): retention of invoices and transactions for 10 years for tax purposes. c) Transactional communications (Art. 6.1.b): account confirmation emails, payment receipts, security notifications. d) Marketing (Art. 6.1.a GDPR — explicit consent): promotional emails, special offers, product updates. You can withdraw consent at any time without affecting the Service. e) Service improvement (Art. 6.1.f GDPR — legitimate interest): aggregate and anonymised statistical analysis.
• Account data: retained for the duration of the contract and for 12 months after account deletion. • Uploaded PDFs: deleted immediately after AI processing. • Tax data and transactions: retained for 10 years under Italian tax law. • Marketing consent data: retained until consent is withdrawn or account is deleted. • Technical logs: retained for a maximum of 90 days.
Your data is not sold to third parties. We use the following providers as data processors (Art. 28 GDPR): • Supabase Inc. (USA) — database and authentication, via Standard Contractual Clauses (SCC). • Stripe Inc. (USA) — payment processing, via SCC. • Google LLC (USA) — generative AI (Gemini API) for PDF processing. • Google Cloud Run — application hosting. • Resend Inc. / email provider — transactional and promotional emails.
Under GDPR you have the right to: access your data, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, objection to processing, and to withdraw marketing consent at any time. To exercise these rights: privacy@studyzap.it
If you believe the processing of your data violates GDPR, you can lodge a complaint with the Italian Data Protection Authority (Garante) at www.garanteprivacy.it.
We may update this Privacy Policy. Significant changes will be communicated via email at least 14 days before taking effect.
For any questions: privacy@studyzap.it