Privacy Policy

Last updated: March 10, 2026

StudyDuo ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application ("the App").

1. Data Controller

The data controller responsible for your personal data is:

StudyDuo
Email: support@studyduo.app

2. Information We Collect

Account Information

• Email address (for authentication)
• Display name and nickname
• Country and city (optional, user-provided)
• Avatar selection

Usage Data

• Focus session records (duration, timestamps, completion status)
• Session ratings and feedback (optional)
• Goals and daily targets
• Achievements and streak data
• Scheduled session details

Messages

• Chat messages exchanged with focus partners
• Session descriptions and notes

Device Information

• Push notification tokens (for delivering notifications)
• Device type and operating system (for app compatibility)

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal grounds:

• Contract performance (Art. 6(1)(b)): Processing necessary to provide the App's core functionality — account creation, session management, partner matching, chat, analytics, and achievements.
• Consent (Art. 6(1)(a)): Push notifications, optional profile information (country, city), and calendar sync. You may withdraw consent at any time.
• Legitimate interest (Art. 6(1)(f)): Content moderation, fraud prevention, and service improvement. We balance our interests against your rights and freedoms.

4. How We Use Your Information

We use your information to:

• Provide and maintain the App's functionality
• Match you with focus partners based on your location, timezone, and category
• Display your profile to other users (name, avatar, country)
• Send push notifications (session reminders, chat messages, achievements)
• Generate your personal statistics and analytics
• Track achievement and streak progress
• Process subscription payments (handled by Apple/Google)
• Moderate content and enforce community guidelines
• Improve and develop the App

5. Data Storage & Security

Your data is stored securely using Supabase (hosted on AWS infrastructure in the United States) with the following protections:

• All data is encrypted in transit (TLS/SSL) and at rest
• Database-level Row Level Security (RLS) policies
• JWT-based authentication
• Passwords are hashed and never stored in plain text

6. Data Sharing

We do not sell your personal data. We share information only in these limited cases:

• With other users: Your display name, avatar, country, city, and online status are visible to other users for partner matching and social features
• Service providers: We use the following third-party services that process data on our behalf:
  • Supabase (database hosting, authentication)
  • Resend (transactional emails)
  • Expo Push Notifications (push notification delivery)
  • Apple / Google (payment processing, sign-in)
  These providers process data only as necessary to provide their services and are bound by their own privacy policies.
• Legal requirements: We may disclose data if required by law or to protect the safety of our users

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you
• Correction — Correct inaccurate information via Profile settings or by contacting us
• Deletion — Delete your account and associated data (available in Profile → Delete Account)
• Data portability — Request your data in a structured, machine-readable format
• Restrict processing — Request that we limit how we use your data
• Object to processing — Object to processing based on legitimate interests
• Withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
• Opt out of push notifications via device settings

To exercise these rights, contact us at support@studyduo.app. We will respond within 30 days.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority.

8. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know what personal information we collect, use, and disclose
• Right to delete your personal information
• Right to opt-out of sale — We do not sell personal information
• Right to non-discrimination — We will not discriminate against you for exercising your privacy rights

Categories of personal information we collect are listed in Section 2 above. We do not sell personal information to third parties. To submit a request, contact us at support@studyduo.app.

9. Data Retention

• Account data is retained while your account is active
• When you delete your account, your personal data is removed within 30 days
• Chat messages are deleted when both participants have deleted their accounts
• Anonymized, aggregated analytics may be retained indefinitely

10. Children's Privacy

StudyDuo is not intended for children under 13 (or under 16 in the European Economic Area). We do not knowingly collect data from children under these ages. If we become aware that we have collected data from a child under the applicable age, we will promptly delete it. If you believe a child has provided us with personal data, please contact us at support@studyduo.app.

11. Third-Party Services

The App may integrate with third-party services:

• Apple Sign-In / Google OAuth: Used for optional sign-in (we receive only your email and name)
• Calendar: Optional sync with device calendar (data stays on your device)
• Apple Health / Google Fit: Not integrated

12. International Data Transfers

Your data is stored and processed in the United States (via AWS/Supabase). If you are located outside the United States, your data will be transferred internationally. We protect these transfers using:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with all service providers
• Technical safeguards including encryption in transit and at rest

13. Cookies & Tracking

The App does not use cookies or third-party tracking/analytics SDKs. We do not display advertisements. Our website (studyduo.app) does not use cookies or tracking technologies.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or via email. The "Last updated" date at the top reflects the most recent revision. Continued use of the App after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: support@studyduo.app