Privacy Policy for Memly

1. Who We Are

Memly is an online learning platform based in Prague, Czechia.

If you have any questions about privacy or data use, contact us at support@memly.app.

2. What This Policy Covers

This policy applies to everyone using:

• The Memly website (memly.app)
• The Memly web application (my.memly.app)

It explains how we handle your information when you create an account, use our learning tools, or visit our website.

3. What We Collect

We collect only what’s needed to make Memly work and improve it responsibly.

A. Account Data

• Your name and email address, provided when you sign up through Supabase Auth.
• Authentication and session data stored securely in Supabase (EU – Frankfurt).

B. Uploaded & Generated Content

• Notes, flashcards, PDFs, files, and any AI-generated learning materials you create in Memly.

C. Usage & Analytics Data

To understand how Memly is used and improve performance, we use:

• Google Analytics 4 — anonymous usage statistics
• Microsoft Clarity — session insights and heatmaps
• Sentry — error tracking and performance monitoring
• Cloudflare — security and CDN performance logs
• OpenAI API — processes your submitted content to generate learning materials

These tools may process data outside the EU (e.g., in the U.S.) under standard contractual safeguards (SCCs) or equivalent.

D. Payments

If you choose a paid plan, payment handling is provided by Lemon Squeezy. Memly does not store your card details. Lemon Squeezy acts as our payment processor.

4. How We Use Your Data

• Operate and improve Memly’s learning experience
• Authenticate users and manage accounts
• Generate AI-powered study content
• Analyze anonymous usage trends
• Send transactional emails (e.g., password resets, updates)

We do not sell your personal data.

5. How We Share Your Data

• Service providers listed above, for hosting, analytics, or payments
• Legal authorities, if required by law

We never sell, rent, or exchange your personal data with third parties for marketing.

6. Where Your Data Is Stored

• Supabase (Frankfurt, EU) — database and authentication
• Vercel — web hosting (EU-first region)
• Third-party tools (OpenAI, Google, Microsoft) may temporarily process data outside the EU with appropriate safeguards.

All connections are encrypted (HTTPS). Data is encrypted in transit and at rest.

7. Cookies

We use cookies to:

• Keep you signed in
• Remember preferences
• Measure usage and improve the app

Currently, analytics cookies load automatically. A cookie consent banner will soon be added to allow opting in/out in compliance with GDPR.

8. Your Rights

Under GDPR, you can:

• Access your personal data
• Request correction or deletion
• Withdraw consent (when the cookie banner is live)
• Ask what data we store about you

To exercise your rights, contact support@memly.app. We respond to all valid requests within 30 days.

9. Data Retention

• Account data is stored as long as your account remains active.
• You can request deletion at any time via support@memly.app.
• Some aggregated, anonymized analytics may be retained for app performance and research.

10. Security

We use HTTPS and rely on secure providers (Supabase, Vercel, Lemon Squeezy). While no system is perfect, we work to protect your information from unauthorized access or misuse.

11. Children

Memly is intended for users aged 13 and above.

If you believe a child has created an account, please contact us for removal.

12. Updates to This Policy

We may update this policy from time to time. When we do, we’ll change the “Last Updated” date above and post a notice on the website for major changes.

13. Contact

If you have questions or concerns about this policy or your data, reach us at:

📩 support@memly.app