Back to StudyLens

Legal

Privacy Policy

Last updated: 27 February 2026 · Effective immediately

1. Who we are

StudyLens is operated by Zain Mughal (sole trader, United Kingdom). We will update this policy when we incorporate as a UK limited company.

Data controller contact: privacy@studylens.net

We do not have a Data Protection Officer. For ICO enquiries our reference will be published here once registered.

2. What data we collect

Account emailWhen you sign in with Clerk (optional; the app works without sign-in)
Uploaded notesText and files you upload for processing. Stored in MongoDB Atlas.
Quiz responsesYour answers to generated questions, time spent, and whether you were correct.
Confidence ratingsThe self-rated confidence scores (1–5) you assign to each concept.
Session metadataSession titles, creation dates, concept lists, gap scores.
Voice audioAudio generated by ElevenLabs for explanations. Not stored. Streamed only.
Feedback submissionsBug reports and feature requests you send via the Feedback button.
Analytics eventsPage views, feature interactions, and performance metrics via PostHog (EU cloud). No personally identifiable fields are captured in analytics.
Error reportsStack traces and device info sent to Sentry when errors occur. No quiz content is included.
Device / browser infoUser-agent string stored with feedback submissions only.

3. Lawful basis for processing (UK GDPR)

We rely on the following lawful bases under UK GDPR Article 6:

  • Contract performance: processing your uploaded notes and generating quiz questions is necessary to provide the service you requested.
  • Legitimate interests: analytics (aggregate service improvement), error monitoring, and security. Our legitimate interests do not override your rights: analytics are anonymised, error reports exclude content, and you can opt out at any time.
  • Consent: for optional features where we ask you first (e.g. future voice data storage). You can withdraw consent at any time.

4. Third-party processors

We use the following sub-processors. All handle data on our behalf and are bound by data processing agreements.

Google (Gemini API)AI generation of quiz questions, explanations, and concept maps. Paid tier; inputs are not used for model training. Google Ireland Ltd. / Google LLC. Data may be processed in the US under Standard Contractual Clauses (SCCs).
MongoDB AtlasDatabase hosting for all user data. MongoDB, Inc. (US). Data processed in the US under SCCs.
VercelApplication hosting and serverless functions. Vercel Inc. (US). Data processed in the US under SCCs.
PostHog (EU cloud)Product analytics. PostHog Inc. / Hiberly Ltd. EU servers, UK GDPR compliant. No personally identifiable data fields captured.
SentryError monitoring. Sentry Inc. (US). Crash reports only; no quiz content. Processed in the US under SCCs.
ElevenLabsVoice synthesis for spoken explanations. ElevenLabs, Inc. (US). Audio is streamed and not stored. Processed in the US under SCCs.
Clerk (optional)Authentication. Clerk Inc. (US). Only used if you sign in. Processed in the US under SCCs.

5. International data transfers

Some processors listed above operate in the United States. Where personal data is transferred outside the UK, we rely on Standard Contractual Clauses (SCCs) approved under the UK GDPR International Data Transfer Agreement (IDTA) framework as the legal mechanism for transfer.

6. Data retention

Study session dataRetained while your account is active. Deleted within 30 days of account deletion request.
Anonymous session dataRetained for 12 months, then automatically deleted.
Feedback submissionsRetained for 24 months for product improvement, then deleted.
Analytics dataPostHog EU cloud. Aggregated data retained per PostHog defaults (1 year). No personal data retained.
Error reportsSentry retains for 90 days by default.

7. Your rights under UK GDPR

You have the following rights. To exercise any of them, email privacy@studylens.net. We will respond within one month.

  • Access - request a copy of all personal data we hold about you.
  • Rectification - ask us to correct inaccurate data.
  • Erasure - ask us to delete your data ("right to be forgotten").
  • Restriction - ask us to pause processing while a dispute is resolved.
  • Portability - receive your data in a structured, machine-readable format.
  • Objection - object to processing based on legitimate interests.
  • Withdraw consent - where processing is based on consent, withdraw at any time without affecting prior processing.

You also have the right to lodge a complaint with the UK supervisory authority: Information Commissioner's Office (ICO).

8. Cookies and local storage

StudyLens does not use advertising or tracking cookies. We use browser localStorage for:

  • Remembering your age-gate confirmation (sl_age_ok)
  • Storing your authentication session (via Clerk, if signed in)
  • PostHog analytics distinct ID (anonymous identifier for session continuity)

The PostHog analytics identifier is anonymous and contains no personal information. You can opt out of analytics at any time by emailing privacy@studylens.net.

9. Automated processing

StudyLens uses automated algorithms to calculate spaced-repetition study intervals (FSRS algorithm) and to identify confidence gaps between your self-rated confidence and your quiz performance. These calculations drive your personalised study schedule and gap reveal results.

No automated decision produces legal effects or significantly affects your access to services. All scheduling and gap scores are study recommendations only.

10. Age

StudyLens is intended for users aged 13 and over. By using the service you confirm you are at least 13 years old. We do not knowingly collect personal data from users under 13. If you believe someone under 13 has an account, please contact us and we will delete it promptly.

Users aged 13–17 should have parental or guardian consent before using the service. StudyLens is designed to be privacy-safe for younger users: we do not serve advertising, we do not track behaviour for commercial purposes, and we collect only the minimum data needed to provide the study service (UK Children's Code compliant by design).

11. AI-generated content and your data

When you upload notes, your content is sent to the Google Gemini API (paid tier) to generate quiz questions and explanations. Under Google's paid tier terms, your inputs are not used to train Google's AI models. Google processes this data as a sub-processor under a Data Processing Addendum.

Do not upload sensitive personal data (medical records, financial information, government IDs) to StudyLens. The service is designed for study notes only.

12. Changes to this policy

We will notify you of material changes by email (if you have an account) or by posting a notice on the app. Continued use after the effective date constitutes acceptance.

13. Contact

Questions about this policy: privacy@studylens.net

🔍
Privacy Policy | StudyLens | StudyLens