Privacy Policy

Account data: Email address, display name, and optional onboarding profile (experience level, learning goals). If you sign in via OAuth (Google, GitHub, LinkedIn, Facebook), we receive your public profile information from that provider.

Payment data: Billing name and payment method are processed by Stripe. We do not store full card numbers — only the last four digits and subscription status.

User content: Study materials (PDFs) and source URLs you upload for question generation.

Usage data: Exam session answers, performance analytics, feature usage, pages visited, and device/browser information.

• Provide, maintain, and improve the Service
• Process payments and manage subscriptions
• Generate practice questions from your uploaded study materials
• Track learning progress and provide personalized analytics
• Communicate service updates and respond to support requests
• Ensure platform security and prevent abuse

We process your personal data on the following legal grounds:

• Contract performance: Providing the Service, processing payments, and managing your account.
• Legitimate interest: Platform security, abuse prevention, and service improvement.
• Consent: Analytics cookies, which are loaded only after you provide consent.

We share data with the following service providers, solely for operating the Service:

• Supabase — Authentication and database hosting
• Stripe — Payment processing (Stripe Privacy Policy)
• Google Cloud / Vertex AI — AI question generation (study materials are processed by AI models)
• Cloudflare R2 — File storage for uploaded study materials
• Google Analytics — Anonymous usage analytics, loaded only with your consent

We do not sell your personal information. We may disclose data if required by law or in connection with a business transfer (merger, acquisition).

When you generate practice questions, your uploaded study materials are sent to Google Vertex AI for processing. This data is used solely to produce questions for your account — it is not used to train AI models. Generated questions and their source references are stored in your account.

We retain your account data as long as your account is active. Stripe webhook payloads containing payment details are automatically redacted after 90 days. Upon account deletion, your personal data is removed within 30 days, except where retention is required by law (e.g., tax records).

Under the GDPR and applicable data protection law, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data (“right to be forgotten”)
• Restrict processing
• Data portability
• Object to processing based on legitimate interest
• Withdraw consent at any time
• Lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no

You can manage most of these from your account settings. For requests we cannot fulfill through the app, contact us at privacy@tempto.io. We respond within 30 days.

Your data is primarily stored on servers in the European Union. Some of our sub-processors (such as Stripe and Google Cloud) may process data outside the EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

All data is encrypted in transit (TLS) and at rest. We implement access controls, regular security reviews, and monitoring. No system is perfectly secure — if we discover a breach affecting your personal data, we will notify you in accordance with applicable law.

Cookies are small text files stored on your device when you visit a website. They help the site remember your preferences and understand how you use it.

Essential cookies

Required for authentication, session management, and security. These cannot be disabled as the Service will not function without them.

• Supabase authentication session
• Cookie consent preference

Analytics cookies

We use Google Analytics to understand how visitors navigate the site — page views, session duration, and navigation patterns. These cookies are loaded only after you provide consent via our cookie banner. No advertising or cross-site tracking cookies are used.

Managing your preferences

You can accept or decline analytics cookies when you first visit the site. Change your preference at any time using the button below or through your browser settings.

Most browsers also allow you to block or delete cookies. See your browser’s help documentation for instructions. Note that blocking essential cookies may prevent parts of the Service from working correctly.

Tempto is not intended for children under 16. We do not knowingly collect personal information from children under 16. If we learn we have collected data from a child under 16, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before they take effect.

Questions about privacy? Contact us at privacy@tempto.io.