Privacy Policy

Last Updated: 30 July 2025 (07-30-2025)

We use Sign in with Google and GitHub to authenticate users. Your name and email are stored in our Supabase database and are not shared with third parties.

Data We Collect

  • Authentication info (name, email via OAuth)
  • Profile data (avatar, preferences, study logs)
  • Additional usage data stored via Supabase such as study logs and preferences
  • AI conversation history and message counts
  • Files you upload, stored in Supabase Buckets
  • Subscription status and related Stripe identifiers
  • Cookies & analytics (essential vs. optional)
  • User-provided content (feedback, messages)

How We Use the Data

  • Authenticating users via Google and GitHub OAuth and Supabase.
  • Storing sessions or caching login tokens.
  • Providing AI mentor conversations and flashcard generation via OpenAI’s ChatGPT API.
  • Tracking usage metrics to improve the app and personalize your learning experience.
  • Processing subscription payments and renewals through Stripe.
  • Allowing you to start or cancel your plan from the Settings page.
  • Sending service-related emails through providers like Resend.

Legal Basis for Processing

We process your personal data only when we have a legal reason to do so. This may be your consent, the performance of a contract (for example, to deliver the service you have requested) or compliance with our legal obligations.

AI Data Handling

Your conversation data is sent securely to OpenAI’s servers to generate responses. We do not use your prompts or files to train our own models or repurpose them for unrelated features.

Data Retention

We retain your personal data while your account is active or as long as needed to provide our services. Deleting your account from the Settings page triggers removal of associated data within 30 days.

Data Hosting & Transfers

Our Supabase database is hosted in the EU, which means your data is processed and stored within the European Economic Area. Some processors such as OpenAI and Stripe may store data in the United States, and we rely on their Data Processing Addendums and standard contractual clauses for these transfers.

Third-Party Sharing

  • Supabase hosts our database and processes user data on our behalf.
  • Supabase Buckets store your uploaded files.
  • If we send emails via a service such as Resend, your name and email may be shared with them.
  • OpenAI processes your messages to provide AI responses.
  • Stripe handles subscription billing information.
  • Google and GitHub are used for authentication and may set their own cookies.

User Rights

  • Access: You can request a copy of your personal data.
  • Rectification: You may correct inaccurate or incomplete data.
  • Erasure: (“Right to be forgotten”) You can request deletion of your data. To delete your account, navigate to Settings → Delete Account
  • Restriction: Request that we limit processing while a dispute is resolved.
  • Portability: You may receive your data in a structured, machine-readable format.
  • Withdraw Consent: If processing is based on consent, you can withdraw it anytime.
  • Opt-out of Sale: We do not sell your data; if we ever do, you’ll be able to opt out.
  • How to Exercise Rights: Email contact@nyfic.app with “Privacy Request” in the subject. We’ll verify your identity (e.g. sending a confirmation link) and respond within 30 calendar days.

Security Measures

We protect data using HTTPS, authentication checks and role-based access controls.

AI Data Usage

AI features may personalize your experience using your study data, but only after you grant consent. You'll be asked the first time you use an AI feature, and you can change your choice in the settings page.

Cookies

  • Essential cookies are required for authentication and site security.
  • Optional analytics cookies help us understand usage patterns. We obtain your consent for these cookies through the banner displayed when you first visit the app.
  • Supabase, Google and Resend may also set their own cookies.
  • You can manage or delete cookies in your browser settings.

Contact Us

Reach us at contact@nyfic.app with any questions about your data. To exercise any of your rights as a user, please email us at contact@nyfic.app with the subject ‘Data Request’. We may ask you to verify your identity; we’ll respond within 30 calendar days.

This policy is a starting point for our team and will be updated as our service evolves.

Go back to signing up