Privacy Policy

Introduction

Welcome to Memorized That. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website and use our services, and tell you about your privacy rights and how the law protects you.

Memorized That is operated by Memorized That Inc. We are the controller and responsible for your personal data.

1. Information We Collect

1.1 Personal Information

When you create an account, we collect:

• Name and email address
• Username and password (securely hashed)
• Study profile selection (Professional, Academic, or Young Learner)
• Account type and subscription information

1.2 Study Data

During your use of our services, we collect:

• Flashcards you create (questions, answers, images, tags)
• Study session data (mode used, cards studied, performance metrics)
• Progress tracking (mastered cards, weak areas, streaks)
• Achievement and badge data
• Analytics and usage statistics

1.3 Technical Information

We automatically collect:

• IP address and browser type
• Device information and operating system
• Page views and navigation patterns
• Session duration and timestamps
• Referral source

1.4 Payment Information

Payment processing is handled by secure third-party providers (Stripe). We do not store your full credit card information. We only retain the last 4 digits and expiration date for your reference.

2. How We Use Your Information

We use your data to:

• Provide and maintain our flashcard learning services
• Personalize your learning experience based on your study profile
• Track your progress and identify areas for improvement
• Send you important account notifications and updates
• Process payments and manage subscriptions
• Respond to your support requests and communications
• Improve our services through analytics and usage data
• Prevent fraud and ensure platform security
• Comply with legal obligations

3. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract Performance: To provide our services as outlined in our Terms of Service
• Consent: Where you have given explicit consent for specific processing activities
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations

4. Data Sharing and Disclosure

4.1 We Share Data With:

• Service Providers: Payment processors (Stripe), email services, cloud hosting (AWS)
• Organization Admins: For Group/Corporate accounts, admins can view team member progress
• Legal Authorities: When required by law or to protect our rights

4.2 We Never:

• Sell your personal data to third parties
• Share your flashcard content publicly without permission
• Use your data for advertising purposes
• Share data with unauthorized parties

5. Data Security

We implement the following security measures:

• TLS/SSL encryption for data in transit
• Secure password hashing (bcrypt)
• Role-based access controls and authentication (JWT)
• Hosted on managed infrastructure with encrypted storage
• Automated backup systems

While we take all reasonable steps to protect your data, no internet transmission is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Personal data deleted within 30 days of account deletion request
• Financial Records: Retained for 7 years to comply with tax and accounting regulations
• Security Logs: Retained for 1 year for security and fraud prevention

You can request deletion of your account and data at any time from your account settings.

7. Your Privacy Rights

Under GDPR and other privacy laws, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to certain types of processing
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at privacy@memorizedthat.com. We will respond within 30 days.

8. Cookies and Tracking

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication and basic site functionality
• Performance Cookies: Analytics to understand how you use our services
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may affect site functionality.

We use Google Analytics to analyze site usage. You can opt out using the Google Analytics Opt-out Browser Add-on.

9. International Data Transfers

Our servers are located in the United States. If you access our services from outside the US, your data may be transferred to, stored, and processed in the US or other countries where our service providers operate.

By using our services, you consent to having your data transferred to and processed in the United States. We are committed to handling all data responsibly and in accordance with this privacy policy.

10. Children's Privacy

We are committed to protecting the privacy of children under 13 and designing our platform to support organizations in meeting their obligations under the Children's Online Privacy Protection Act (COPPA).

10.1 Age Verification

We collect date of birth during individual account registration to verify that users meet the minimum age requirement of 13 years. Date of birth is stored securely and used solely for age verification and COPPA compliance purposes. It is not shared with third parties or used for marketing.

10.2 Under-13 Users

Children under 13 cannot create individual accounts on our platform. Children under 13 may only access the Service through an organization account (school, tutoring group, or family account) where the account administrator acts as the parent or authorized agent under COPPA's school consent exception.

10.3 School Consent Exception

For Group accounts (schools, tutors, and educational organizations), we support COPPA's school consent exception. The organization administrator creates and manages student accounts and is responsible for obtaining any necessary parental consent.

10.4 Parental Rights

Parents or guardians of children using the Service through an organization account may contact the organization administrator or us at memorizedthat@pm.me to review, correct, or request deletion of their child's personal information.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending you an email notification (for material changes)
• Displaying a prominent notice on our website

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this privacy policy or our data practices, please contact us:

14. Data Protection Officer (GDPR)

For GDPR-related inquiries, you can contact our Data Protection Officer:

Email: privacy@memorizedthat.com

15. Complaints and Supervisory Authority

If you believe we have not handled your data properly, you have the right to lodge a complaint with your local data protection authority. For EU residents, you can find your local authority at edpb.europa.eu.