سياسة الخصوصية
آخر تحديث: March 12, 2026
Privacy Policy for Binge Study
Last Updated: March 12, 2026
Effective Date: March 12, 2026
1. Introduction and Data Controller
Binge Study ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").
Data Controller:
Arseniy Arsentyev PE
Email: info@bingestudy.app
Website: https://bingestudy.app
This policy applies to all users worldwide, including users in the EEA, UK, and California.
2. Information We Collect
2.1 Account Information
No account is required to use Binge Study. By default, all data is stored locally on your device. You may optionally create an account via Email/Password, Google Sign-In, or Apple Sign-In to enable cloud sync and premium features.
| Data Type | Description | Required? |
|---|---|---|
| Email Address | For email/password accounts | Optional |
| Password | Securely hashed by Firebase | Optional |
| Authentication Provider | Google, Apple, or Email/Password | Varies |
| OAuth Tokens | Temporary tokens from Google/Apple | If using social sign-in |
2.2 Profile and Social Data
Social features are opt-in only. When enabled, the following may be collected:
| Data Type | Required? |
|---|---|
| Display Name | Optional |
| Profile Photo (max 5 MB PNG, stored in Firebase Cloud Storage) | Optional |
| Friend Code (unique 6-digit code) | Auto-generated when social features enabled |
| Public Profile (name, level, XP, streak) | Only if social features enabled |
| Friend Relationships and Requests | Only if you add friends |
| Weekly XP (for leagues and leaderboards) | Only if social features enabled |
| League Tier, Bucket Assignment, and Week | Auto-assigned weekly when leagues are active; only if social features enabled |
Public profiles are visible to other users for friend discovery and leagues. You can delete your public profile at any time in Settings.
2.3 Study Activity and Learning Data
| Data Type | Storage |
|---|---|
| Study Materials (documents, images, text for AI generation) | Processed by Vertex AI in real-time, not permanently stored |
| Exam Attachments (PDF, images up to 20 MB each) | Stored locally on device only. Content is sent to Vertex AI for topic extraction; original files are never uploaded to our servers. |
| Topics, Prompts, and Exam Configurations | Local device (+ Firestore for premium subscribers) |
| Study Sessions (last 100), Topic Statistics | Local device (+ Firestore for premium subscribers) |
| Spaced Repetition Cards (up to 2,000) | Local device (+ Firestore for premium subscribers) |
| Streaks, XP, Level, Achievements | Local device (+ Firestore for premium subscribers) |
| AI Usage Quota | Local device |
2.4 Device and Usage Information
| Data Type | Purpose |
|---|---|
| Hashed Device Identifier (SHA-256) | Referral fraud prevention (cannot be reversed) |
| Device Type, OS Version | Compatibility and crash diagnostics |
| App Interactions (features used, screens viewed) | Analytics (Mixpanel) |
| Crash Reports | Firebase Crashlytics |
| App Tracking Transparency Status (iOS) | Privacy opt-out detection (GPC/CCPA compliance) |
2.5 Information from Third Parties
| Source | Data | Purpose |
|---|---|---|
| RevenueCat | Subscription status, purchase history | Subscription management |
| App Store / Google Play | Purchase confirmation | Payment processing |
| Google / Apple Sign-In | Profile (email, name) | Authentication (optional) |
3. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Authentication and account access | Contract / Legitimate interest |
| AI-powered question generation | Contract |
| Adaptive difficulty personalization | Contract |
| Study progress and achievement tracking | Contract |
| Subscription payment processing | Contract |
| Social features (opt-in) | Consent |
| Study reminders and notifications | Consent |
| Analytics and app improvement | Legitimate interests |
| Referral fraud prevention | Legitimate interests |
| App security and stability | Legitimate interests |
4. Third-Party Services and Data Sharing
We do not sell your personal information to third parties. All third-party service providers are contractually required to provide the same or equivalent level of data protection as described in this policy.
Firebase (Google)
- Services: Authentication, Cloud Firestore, Cloud Storage, Realtime Database, Vertex AI (Gemini), Crashlytics, App Check
- Data Shared: User ID, email (if used), auth data, profile data, study data, social data, hashed device ID, crash logs
- Privacy: https://firebase.google.com/support/privacy
RevenueCat
- Purpose: Subscription and in-app purchase management
- Data Shared: Purchase data, subscription status, anonymous user ID. We do not store payment card details.
- Privacy: https://www.revenuecat.com/privacy
Mixpanel
- Purpose: Analytics and usage tracking
- Data Shared: App events, device type, OS version, aggregated usage metrics
- Data Residency: EU (api-eu.mixpanel.com)
- Opt-Out: Settings > Privacy > Analytics
- Privacy: https://mixpanel.com/legal/privacy-policy/
Apple App Store / Google Play Store
5. Social Features and Public Information
Social features are disabled by default and require explicit opt-in.
What becomes public when enabled: Display name, profile photo, level, total XP, streak, weekly XP, friend code, and league tier.
Who can see it: Users with your friend code, league participants, and your friends.
Leagues: Premium users are placed into weekly league buckets of up to 16 participants, grouped by tier (Wooden, Bronze, Silver, Gold, Diamond). League standings are visible to all participants in the same bucket. League buckets may include simulated participants to ensure a competitive experience. League data (tier, bucket assignment, week) is stored in your public profile on Firestore and in the leagueBuckets Firestore collection, readable by all authenticated users.
Controls: Delete your public profile in Settings, remove friends, decline requests, or disable social features entirely.
Sharing Features: The app lets you create shareable screenshots (PNG, temporarily stored on-device, auto-cleaned after 24 hours, never uploaded to our servers) and share referral links.
6. AI Processing and Automated Decision-Making
6.1 AI Question Generation
We use Google Gemini 3.1 Flash Lite via Firebase Vertex AI to generate study questions.
- Your topics, prompts, and uploaded documents are sent to Google's servers (US-based) for real-time processing
- Data is not permanently stored by us or Google after generation
- Results cached in-memory on your device (50 entries, 2-hour TTL)
- Rate limited: 20/minute, 200/hour, 500/day per subscriber
- Does not profile you for marketing or train AI models (per Google's Vertex AI terms)
- Google's Privacy Policy: https://policies.google.com/privacy
6.2 Adaptive Difficulty
The app adjusts question difficulty based on your performance (accuracy, response times). This is processed locally on your device and does not make decisions with legal or significant effects. You can manually override difficulty in Settings.
Right to Human Intervention (GDPR Article 22): If you believe the adaptive system is unfair, contact info@bingestudy.app to request human review, obtain an explanation of how the decision was reached, express your point of view, contest the decision, or request manual adjustment. We will respond within 30 days.
6.3 AI Content Labeling (EU AI Act & California SB 942)
Starting August 2, 2026, AI-generated content will be labeled per EU AI Act (Article 50) and California SB 942 (as amended by AB 853). Labels will be mandatory and always visible for users in the EU and California as required by law. For all other users, AI content labeling is available as an optional feature in Settings > Display > Show AI Content Labels.
7. Data Storage and Security
7.1 Cloud Storage
All cloud data is stored via Firebase services on Google Cloud (US multi-region): Authentication, Cloud Firestore (database, including league buckets), Cloud Storage (profile photos), and Realtime Database (referrals).
7.2 Local Device Storage
Most data is stored locally for offline access: profile, settings, referral data (with integrity checksum), profile photo, exam attachments, offline cache (90-day expiry), and offline answer queue. Uninstalling deletes all local data. Cloud data persists until you delete your account.
7.3 Security Measures
- Firebase Auth with secure token-based sessions
- All data transmission via HTTPS/TLS 1.3
- One-way SHA-256 HMAC hashing for device identifiers
- Firebase App Check for API security
- Firestore security rules restrict access to user's own data
- Passwords handled by Firebase Auth (never stored by us)
- File integrity checksums and atomic writes
No method of electronic transmission or storage is 100% secure. Use strong passwords and enable two-factor authentication where available.
8. International Data Transfers
Your data may be transferred to the United States where some of our service providers operate (Firebase, RevenueCat). Mixpanel analytics data is routed to EU data residency servers.
For EEA/UK Users: Transfers rely on Standard Contractual Clauses (SCCs), adequacy decisions, and provider certifications. Our providers (Google/Firebase, Mixpanel, RevenueCat) maintain appropriate safeguards as detailed in their respective privacy policies.
9. Data Retention
| Data Type | Retention |
|---|---|
| Firebase Auth account | Active until deletion; removed within 30 days of request |
| Firestore data, Cloud Storage, public profile | Active until deletion; removed immediately on account deletion |
| Friend relationships | Active; removed from both sides on account deletion |
| Referral hashed device IDs | Indefinite (fraud prevention; cannot identify you) |
| Offline cache | Auto-expires after 90 days |
| Recent sessions | Last 100 only (auto-pruned) |
| SRS cards | Up to 2,000 (FIFO when exceeded) |
| Crash logs (Crashlytics) | 90 days |
| Analytics (Mixpanel), Subscriptions (RevenueCat) | Per each provider's retention policy |
| Exam attachments (PDF, images) | Local device only; until removed by user or exam deletion |
| League bucket data | Weekly; reset and reassigned each week |
| AI processing (Vertex AI) | Not retained; real-time only |
10. Your Privacy Rights
10.1 All Users
- Access your data (contact info@bingestudy.app)
- Correct inaccurate data (edit profile/settings or contact us)
- Delete your account: Settings > Account > Delete Account
- Export your data by contacting info@bingestudy.app (provided within 30 days), or via Settings > Privacy > Export My Data
- Opt out of analytics: Settings > Privacy > Analytics
- Withdraw consent for optional features at any time
Account deletion removes: Firebase Auth, all Firestore data, Cloud Storage photos, public profile, all friend relationships, referral data, and RevenueCat session. You return to an unauthenticated, local-only state.
Limitations: Third-party analytics data (Mixpanel) retained per their policies. Hashed device IDs retained for fraud prevention.
10.2 EEA and UK Users (GDPR)
Additional rights: data portability, restrict processing, object to processing, withdraw consent, and lodge a complaint with your local data protection authority.
10.3 California Residents (CCPA/CPRA)
Right to Know: See Sections 2-4 for categories, sources, purposes, and third parties. Information is collected directly from you, automatically through app usage, and from third-party providers (payment processors, OAuth providers).
Right to Delete/Correct: Contact us or use in-app deletion.
Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for behavioral advertising.
Right to Limit Sensitive Personal Information: We do not collect sensitive personal information as defined by CPRA (such as Social Security numbers, financial accounts, precise geolocation, or health data).
Right to Non-Discrimination: We will not discriminate for exercising rights.
10.4 Global Privacy Control (GPC)
We honor GPC signals as valid opt-out requests for analytics tracking. Learn more: https://globalprivacycontrol.org
10.5 How to Exercise Your Rights
Email: info@bingestudy.app
We will confirm receipt of your request within 10 business days. Response times: 45 days for CCPA (extendable by 45 days); 30 days for GDPR (extendable by 60 days).
11. Device Permissions
| Permission | Purpose | Required? |
|---|---|---|
| Camera | Scan documents and study materials | Optional |
| Photo Library | Import documents and images | Optional |
| Notifications | Study reminders and streak alerts | Optional |
| App Tracking Transparency (iOS) | Privacy opt-out detection (GPC/CCPA) | Not prompted |
Denying permissions does not affect core functionality.
12. Children's Privacy (COPPA)
Binge Study is for users aged 13 and older. We do not knowingly collect information from children under 13. This policy complies with the FTC's updated COPPA Rule (effective April 22, 2026).
If you are a parent/guardian and believe your child under 13 has used the App, contact info@bingestudy.app with subject "COPPA Parental Request." You may review, request deletion (within 48 hours), or refuse further collection of your child's data. We will verify parental relationship before disclosure.
If we discover an underage user, we will immediately terminate access and delete all associated data within 48 hours.
13. Changes to This Privacy Policy
We may update this policy periodically. Material changes will be communicated via the "Last Updated" date and in-app notifications where feasible. We will obtain consent where required by law.
14. Contact Us
Arseniy Arsentyev PE
- Email: info@bingestudy.app
- Website: https://bingestudy.app
For GDPR-related inquiries, you may also contact your local data protection authority.
This Privacy Policy was last updated on March 12, 2026, and is effective as of March 12, 2026.