Privacy Policy

Last updated February 19, 2026

Welcome to Studeli's Privacy Policy

We understand that your privacy matters, and we want to be transparent about how we handle your information when you use our educational platform.

Who We Are

We are Studeli (Studeli B.V.), an educational technology company from Amsterdam committed to creating personalized learning experiences. Our platform helps users create and share educational content, practice their knowledge, and track their learning progress.

Why This Policy Matters

This policy explains how we collect and use your information when you interact with our platform. Whether you're creating study materials, taking practice tests, or sharing learning resources, we want you to understand exactly what happens with your data.

If you have questions about anything in this policy, please reach out to us through our contact page. We're here to help.

Quick Overview

  • We use your information to create personalized learning experiences and help you track your progress.
  • If you're under 18, you'll need your parent or guardian's permission to use our platform.
  • We use artificial intelligence (through Anthropic's Claude, Google's Gemini, and OpenRouter) to help generate educational content, practice questions, flashcards, and provide AI-powered tutoring.
  • You can upload files (PDFs, documents, images) for AI-powered content generation. These are stored securely and deleted when you delete your account.
  • Your learning materials and progress are stored securely and remain available as long as your account is active.
  • As a Dutch company, we follow strict European privacy laws, but we work with global service providers to deliver our platform.
  • You can sign in using Google, Facebook, or TikTok accounts if you prefer.
  • We use Google Ads to measure the effectiveness of our advertising campaigns.
  • We detect your country from your IP address to provide relevant payment options and improve our services.
  • If you use our mobile app and opt in, we may send you push notifications.
  • We send transactional emails related to your account and may also send marketing emails, from which you can always unsubscribe.

The Information We Collect

When you use our platform, we collect different types of information to provide and improve our services:

Information You Share Directly

When you create an account and use our platform, you share certain information with us. This includes basic details like your name and email address, but also the educational content you create, your learning preferences, and your progress through different materials.

Information From Your Learning Activities

As you use our platform, we collect information about how you learn best. This includes which types of content you find most helpful, your practice question results, your flashcard progress, your AI Tutor chat conversations, and your progress through different topics. We use this information to make your learning experience more effective.

Technical Information

Like most online services, we automatically collect some technical information when you visit our platform. This includes things like your IP address and device type, which help us ensure our platform works smoothly on your device.

File Uploads

When you upload files (such as PDFs, documents, or images) for content generation, we store these files securely in our cloud storage. We collect file metadata including the filename, file type, file size, and page count. Files are processed either through text extraction or AI-powered visual analysis, depending on the processing mode you select. Your uploaded files are accessible only to you through time-limited secure URLs.

Location Information

We detect your country from your IP address using our hosting provider's geolocation headers. When you first sign up, your country is recorded once as your signup country. On subsequent visits, we update your current country. This information helps us offer relevant payment methods (such as iDEAL for the Netherlands or Bancontact for Belgium) and improve our services. We do not collect precise location data such as GPS coordinates.

Advertising and Conversion Tracking

When you arrive at our platform through a Google Ads advertisement, we may capture and store a Google Click Identifier (GCLID) from your URL. This identifier is stored in cookies (90-day expiration) and in your browser's local storage. If you create an account, we associate this identifier with your user profile to measure advertising effectiveness.

Push Notification Tokens

If you use our mobile application and opt in to push notifications, we store a device push notification token to deliver notifications to your device. You can revoke this permission at any time through your device settings.

Social Login Information

If you choose to sign in using Google, Facebook, or TikTok, we receive basic profile information from these services. This makes it easier for you to access our platform without creating a new password, but we only receive the information necessary to create and secure your account.

You may also have the option of sharing additional information with the Company through Your Third-Party Social Media Service's account. If You choose to provide such information and Personal Data, during registration or otherwise, You are giving the Company permission to use, share, and store it in a manner consistent with this Privacy Policy.

Google APIs

We comply with the Google API Services User Data Policy, including its Limited Use requirements, in how we handle information received from Google APIs.

How We Use Your Information

Educational Platform Features

Your information helps us deliver personalized learning experiences. This includes generating study materials, creating practice questions, generating flashcards, providing AI-powered tutoring assistance, and tracking your progress. Our AI technology, powered by Anthropic, Google, and OpenRouter, helps create educational content tailored to your needs. When you use the AI Tutor, your chat messages are processed by our AI providers to generate educational responses. When you upload files, they may be processed through text extraction or sent to AI providers for visual analysis to generate content.

Account and Service Management

We use your information to manage your account ourselves and through Clerk, process payments through Paddle, and ensure you can access all platform features. If you've chosen to share your learning materials publicly, we'll also use your information to make these materials available to other users.

Advertising and Analytics

We use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. This involves tracking when users who clicked an ad subsequently sign up, generate their first content, or subscribe to a paid plan. We use Plausible for privacy-focused general analytics without tracking individual users.

Platform Improvements

We analyze how our platform is used to make it better. Using Plausible analytics, we look at general usage patterns to improve our features and fix any issues. We always do this in a way that protects your privacy.

Other Purposes

We may use your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, business transfers and to evaluate and improve our service, products, services, marketing and your experience.

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases for processing your personal data:

Contractual Necessity (Art. 6(1)(b) GDPR)

Processing necessary to provide our Services to you:
  • Account creation and management
  • AI-powered content generation (study materials, practice questions, flashcards)
  • AI Tutor chatbot functionality
  • File uploads and storage
  • Subscription management and payment processing
  • PDF downloads and content delivery

Legitimate Interest (Art. 6(1)(f) GDPR)

Processing based on our legitimate business interests, balanced against your rights:
  • Platform security and fraud prevention
  • Service improvement and analytics (via Plausible)
  • Inactive account cleanup (data minimization)
  • Technical infrastructure and caching

Consent (Art. 6(1)(a) GDPR)

Processing based on your explicit consent, which you can withdraw at any time:
  • Marketing email communications
  • Push notifications (mobile app)
  • Social login data sharing (Google, Facebook, TikTok)

Legal Obligation (Art. 6(1)(c) GDPR)

Processing required by law:
  • Financial record retention (tax and accounting regulations)
  • Responding to lawful requests from authorities

For advertising conversion tracking (Google Ads), consent is the applicable legal basis. We are implementing cookie consent management to provide you with full control over these cookies.

Service Providers, Data Processing and Sharing

Sharing data

We may share your personal information in the following situations:
  • Service Providers: We may share your personal information with Service Providers to monitor and analyze the use of our service, to contact You.
  • Business transfers: We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
  • Affiliates: We may share your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
  • Business partners: We may share your information with Our business partners to offer You certain products, services or promotions.
  • Other users: When you share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If You interact with other users or register through a Third-Party Social Media Service, your contacts on the Third-Party Social Media Service may see your name, profile, pictures and description of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with You and view your profile.
  • With your consent: We may disclose your personal information for any other purpose with your consent.

Key Service Providers

We work with trusted partners to provide our platform. Here's how we handle data sharing:
  • Vercel - Platform hosting, IP-based geolocation, and performance monitoring
  • Supabase - Database services and file storage
  • Paddle - Secure payment processing
  • Clerk - Account authentication
  • Anthropic - AI-powered educational content (Claude)
  • Google - AI-powered educational content and tutoring (Gemini)
  • OpenRouter - AI model routing and processing
  • Plausible - Privacy-focused usage analytics
  • Upstash - Rate limiting and caching services
  • Google Ads - Advertising conversion tracking
  • Sanity - Blog content management and image delivery
  • Web3Forms - Contact form processing

We carefully select providers who maintain high privacy standards and comply with privacy laws. While we're based in the Netherlands, some of these services operate globally.

Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with our key service providers who process personal data on our behalf, as required by GDPR Article 28. These agreements ensure that our providers handle your data in accordance with applicable data protection laws and only process data on our instructions.

International Data Transfers

As a Dutch company, your data is primarily processed within the European Economic Area (EEA). However, some of our service providers are based outside the EEA, including in the United States. When your data is transferred outside the EEA, we ensure adequate protection through the following safeguards:

  • EU-U.S. Data Privacy Framework (DPF): Several of our US-based providers (including Google and Vercel) participate in the EU-U.S. Data Privacy Framework, which the European Commission has recognized as providing adequate data protection.
  • Standard Contractual Clauses (SCCs): For transfers to providers not covered by an adequacy decision or the DPF, we rely on Standard Contractual Clauses approved by the European Commission.
  • Supplementary Measures: Where necessary, we implement additional technical and organizational measures to ensure an adequate level of protection.

Our key international transfers include:

  • Vercel (United States) - Platform hosting
  • Supabase (United States) - Database and file storage
  • Anthropic (United States) - AI content generation
  • Google (United States) - AI processing, advertising, analytics
  • OpenRouter (United States) - AI model routing
  • Clerk (United States) - Authentication services
  • Paddle (United Kingdom) - Payment processing
  • Upstash (may include non-EEA regions) - Caching services

You can request more information about the specific safeguards in place for any transfer by contacting us.

Platform Features and Data Processing

AI-Driven Content Generation

When you use our AI features to create study materials, practice questions, or flashcards:
  • Your prompts, text input, or uploaded file content is processed securely through our AI providers (Anthropic, Google, and OpenRouter)
  • Generated content is stored in your account
  • You control sharing permissions for the content

For more details about AI data processing, see Anthropic's privacy policy, Google's Gemini API terms, and OpenRouter's privacy policy.

AI Tutor

When you use the AI Tutor chatbot feature:
  • Your chat messages, along with relevant study material content (such as learning goals, chapters, and summaries), are sent to AI providers as context to generate educational responses
  • Chat conversations (including your messages and AI responses) are stored in our database
  • We track token usage per conversation to manage usage limits within your subscription tier
  • Saved conversations can be accessed later from your account
  • All chat data is permanently deleted when you delete your account

File Uploads and Storage

When you upload files to our platform:
  • Files are stored securely in our cloud storage (Supabase Storage)
  • File access is protected by time-limited signed URLs (1-hour expiry)
  • Files can be processed in two ways: text extraction (content extracted client-side) or AI Vision (files sent to AI providers for visual analysis)
  • Storage limits vary by subscription tier
  • All uploaded files are permanently deleted when you delete your account
  • An automated daily cleanup process removes any orphaned files from our storage

YouTube Content Processing

When you provide a YouTube URL for content generation:
  • We extract publicly available captions and subtitles from the video
  • No authentication data or personal information is sent to YouTube
  • The extracted transcript text is then processed through our AI providers to generate educational content
  • The YouTube URL is stored with your study material for reference purposes and is deleted when you delete the study material or your account

PDF Downloads

When you download PDF versions of your study materials:
  • PDFs are generated server-side from your existing study material content
  • No data is shared with external services during PDF generation
  • PDF downloads are rate-limited and available based on your subscription tier

Sharing and Visibility

You control the visibility of your content on our platform:
  • Study materials and learning environments can be set to private (accessible only to you) or public (visible to all platform users)
  • Public content is clearly marked and may be discoverable by other users
  • You can change visibility settings for your content at any time
  • Learning environments are organizational containers for grouping your study materials — their visibility is controlled independently from the materials they contain

Protecting Your Information

Security Measures

We take security seriously. Your information is protected using industry-standard security measures, including encryption and secure data storage. We regularly review and update our security practices to keep your data safe.

Data Storage and Retention

We keep your information for as long as you have an active account with us. When you delete your account:
  • Your uploaded files are immediately deleted from our cloud storage
  • Your study materials, learning environments, practice questions, flashcards, and chat conversations are permanently deleted
  • Your personal information (such as name, email, and profile image) is anonymized
  • Your authentication provider records (such as linked Google, Facebook, or TikTok accounts) are deleted
  • Financial records (payments, subscriptions, invoices, and one-time payment access records) are retained as required by tax and financial regulations
  • Your user record is retained in anonymized form to maintain database integrity for the retained financial records
  • An automated daily process cleans up any orphaned files from our cloud storage

Please contact us to request a deletion of your account.

Inactive Account Cleanup

To comply with data minimization principles and maintain platform security, we reserve the right to delete accounts that have been inactive for 12 months or more. If we choose to do so, we will send you an email notification at least 30 days in advance, giving you the opportunity to log in and keep your account active. If you do not respond, your account and associated data will be deleted following the same process described above for account deletion. Financial records will be retained as required by law.

For data regarding our external services, please refer to their privacy policies linked above.

Temporary Data and Caching

We use Redis-based caching (Upstash) to store temporary operational data including usage counters, rate limits, and AI Tutor usage tracking. This cached data is automatically cleared based on time-based expiration policies and does not persist beyond its operational purpose.

Your Privacy Choices

Managing Your Data

You have control over your information. Through your account settings, you can:
  • View and update your personal information
  • Control what information is public
  • See all your content
  • Manage all your content

Cookie Choices

We use cookies to keep our platform working smoothly and to understand how it's used. You can control cookie settings through your browser, though some features may not work without essential cookies.

Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

  • Cookies or Browser Cookies: A cookie is a small file placed on your device. You can instruct Your browser to refuse all Cookies or to indicate when a cookie is being sent. However, if You do not accept cookies, you may not be able to use some parts of our service. Unless you have adjusted your browser setting so that it will refuse Cookies, our service may use cookies.
  • Web Beacons: Some third-party services we integrate with may employ small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) in their operations. Our own analytics solution (Plausible) does not use tracking pixels or web beacons.

Cookie Purposes

  • Necessary / Essential Cookies
    • Type: Session Cookies
    • Purpose: These cookies are essential to provide you with services available through the Website and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.
  • Cookies Policy / Notice Acceptance Cookies
    • Type: Persistent Cookies
    • Purpose: These cookies are used to identify if users have accepted the use of cookies on the Website.
  • Functionality Cookies
    • Type: Persistent Cookies
    • Purpose: These cookies allow us to remember choices you make when You use the website, such as remembering your login details or language preference. The purpose of these cookies is to provide You with a more personal experience and to avoid you having to re-enter your preferences every time You use the website.
  • Advertising Cookies
    • Type: Persistent Cookies
    • Provider: Google Ads
    • Purpose: When you arrive at our platform through a Google advertisement, a Google Click Identifier (GCLID) cookie is stored with a 90-day expiration. This helps us measure the effectiveness of our advertising campaigns by linking ad clicks to subsequent account actions (signup, first content generation, subscription). We also use local storage in your browser as a backup for this identifier. You can opt out of Google Ads personalization through Google's Ad Settings.

Email Communications

We may send you the following types of email communications:

  • Transactional Emails: Account-related notifications such as signup confirmation, password resets, payment receipts, and subscription changes. These are necessary for providing our services and cannot be opted out of.
  • Marketing Emails: We may send product updates, feature announcements, educational tips, and promotional offers. Every marketing email will include an unsubscribe link, allowing you to opt out at any time.

We currently use our authentication provider (Clerk) and payment provider (Paddle) to send transactional emails on our behalf.

Mobile Application

Our platform is also available as a mobile application. When you use our mobile app:

  • The same privacy practices described in this policy apply
  • If you enable push notifications, we store a device token to deliver notifications to your device
  • You can disable push notifications at any time through your device's settings
  • The mobile app may access device features only with your explicit permission
  • The Apple App Store and Google Play Store terms also apply when downloading our app

Your Legal Rights

Your Rights Under the GDPR

As a Dutch company operating under the General Data Protection Regulation (GDPR), we ensure you can exercise the following rights:
  • Right of Access (Art. 15): You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data.
  • Right to Rectification (Art. 16): You can request correction of inaccurate personal data or completion of incomplete data.
  • Right to Erasure (Art. 17): You can request deletion of your personal data. We will comply unless we have a legal obligation to retain certain records (such as financial data for tax purposes).
  • Right to Restrict Processing (Art. 18): You can request that we limit how we use your data in certain circumstances, such as while we verify the accuracy of your data or assess an objection.
  • Right to Data Portability (Art. 20): You can request your personal data in a structured, commonly used, machine-readable format for transfer to another service. To make such a request, please contact us.
  • Right to Object (Art. 21): You can object to processing based on legitimate interests. We will stop processing unless we demonstrate compelling legitimate grounds. You can always object to direct marketing.
  • Right to Withdraw Consent (Art. 7): Where processing is based on consent (such as marketing emails or push notifications), you can withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right Not to Be Subject to Automated Decision-Making (Art. 22): You have the right not to be subject to decisions based solely on automated processing that significantly affect you. Our AI features generate educational content and do not make automated decisions about you.
  • Right to Lodge a Complaint: You have the right to file a complaint with a supervisory authority. For the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

To exercise any of these rights, please contact us. We will respond to your request within 30 days. If we need more time (up to 60 additional days for complex requests), we will inform you.

You may also have additional rights based on the country you reside in. See the sections below for jurisdiction-specific rights.

Additional Rights for California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with additional rights regarding your personal information.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:
  • Identifiers: Name, email address, IP address, account ID
  • Internet or Network Activity: Browsing history on our platform, interaction with our services, AI-generated content usage
  • Geolocation Data: Country-level location derived from IP address (not precise location)
  • Professional or Education-Related Information: Study materials, learning progress, practice question results
  • Inferences: Learning preferences and content recommendations derived from your usage

Your CCPA/CPRA Rights

  • Right to Know: You can request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You can request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We share limited data with Google Ads for advertising measurement, which may constitute "sharing" under CCPA. You can opt out by disabling advertising cookies in your browser settings or through Google's Ad Settings.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your rights, please contact us. We will verify your identity before processing your request.

Children's Privacy

Our Services are designed for users aged 18 and older. Users under 18 may only use our platform under the supervision of a parent or legal guardian, as described in our Terms of Service.

Children Under 13 (COPPA)

In compliance with the U.S. Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under the age of 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information as soon as possible.

EU/EEA Users Under 16

In the EU/EEA, users under the age of 16 require parental or legal guardian consent to use our Services, in accordance with the GDPR. Member states may set a lower age threshold (but not below 13).

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately so we can take appropriate action.

Updates to This Policy

We may notify you about significant changes to this policy through our platform and, where possible, by email. We encourage you to review this policy occasionally to stay informed about how we protect your information.

Contact and Support

Studeli B.V.
Bilderdijkstraat 118-3
1053KZ Amsterdam
Netherlands

Get in Touch

General privacy questions: Contact Us

For formal complaints, you can contact: Dutch Data Protection Authority

This privacy policy was last updated on February 19, 2026. We may notify you about significant changes through our platform and, where possible, by email.