This privacy policy describes how personal data may be processed when you use the StudyBrief website, contact us, or use the app and its AI-based study note generation flow.
The controller for the data processing described on this website and in the StudyBrief app is:
Jannik Brose
Kasernengasse 32
88416 Ochsenhausen
Germany
Email: support@getstudybrief.com
Privacy contact: privacy@getstudybrief.com
This policy covers the public website at getstudybrief.com, the StudyBrief mobile app, support contact by email, and the production API used to generate study notes. The app is designed for students who upload or photograph learning material and receive a concise study summary in return.
When you access the website, technical connection data may be processed automatically to deliver the site securely. This may include IP address, date and time, requested URL, referrer, user-agent, and status information. The processing is required to operate the website, prevent abuse, and maintain technical security.
The legal basis is Article 6(1)(f) GDPR. Our legitimate interest is the secure and reliable operation of the website.
The website is currently designed as a lean marketing site and does not intentionally use analytics, advertising pixels, or separate marketing cookies. If technically necessary cookies are introduced later, this privacy policy should be updated accordingly.
If you contact us by email, we process the information you provide to handle your request. This may include your name, email address, and the contents of your message.
The legal basis is Article 6(1)(b) GDPR if the request relates to pre-contractual or contractual communication, and Article 6(1)(f) GDPR for general inquiries and support.
StudyBrief currently works without a mandatory user account. Instead, the app uses a locally stored anonymous installation identifier so that monthly usage limits and API requests can be assigned to a single installation. This reduces the amount of identity data required to operate the product.
The legal basis is Article 6(1)(b) GDPR where the identifier is necessary to provide the requested app functionality and Article 6(1)(f) GDPR for abuse prevention and quota enforcement.
When you use the generation function, the app processes the pages you submit, optional context such as subject, grade level, or note mode, and the resulting generated study notes. The data is used to create the requested summary and to return it to your device.
Uploaded source material is intended to be used only for generation and is not meant to be stored longer than necessary for processing and short-term operational security. Generated study notes may be stored locally on your device so that you can reopen them later.
The legal basis is Article 6(1)(b) GDPR because the processing is necessary to provide the core app function you request.
StudyBrief uses OpenAI through the API platform to generate study notes from submitted material. Source images, extracted text, prompts, and generated outputs may therefore be transmitted to OpenAI to the extent necessary for the generation request.
According to OpenAI's published API data controls, API customer data is not used to train OpenAI models by default. OpenAI also publishes endpoint-specific retention information for abuse and misuse monitoring. For commonly used API endpoints such as the Responses API, OpenAI currently states that data may be retained for up to 30 days unless stricter enterprise controls apply.
The legal basis is Article 6(1)(b) GDPR. If OpenAI processes data outside the European Economic Area, the transfer is based on the safeguards offered in the applicable contractual framework with the provider.
The production API is operated on Railway. Railway may process technical infrastructure data such as server logs, runtime information, network metadata, and deployment-related records to host and secure the service.
Railway documents HTTPS for public services and encrypted private networking for internal traffic where Railway private networking is used. The legal basis for using Railway is Article 6(1)(f) GDPR for secure technical operation and Article 6(1)(b) GDPR where the infrastructure is necessary to provide requested app functionality.
To operate monthly quotas and monitor service stability, StudyBrief may process installation IDs, timestamps, plan status, request counts, source page counts, API error states, and technical request metadata. This helps enforce limits, prevent abuse, and understand whether the service is functioning correctly.
The legal basis is Article 6(1)(f) GDPR. Our legitimate interests are cost control, fraud prevention, service reliability, and the secure operation of the API.
We retain personal data only as long as necessary for the stated purposes or to comply with legal obligations. Technical logs are kept only as long as required for operational security and troubleshooting. Support emails may be retained for as long as necessary to handle the request and document the communication.
Subject to the applicable legal requirements, you have the right to request access, rectification, erasure, restriction of processing, data portability, and objection to processing. You also have the right to lodge a complaint with a supervisory authority.
To exercise your rights, contact us at privacy@getstudybrief.com.
We use reasonable technical and organizational measures to protect personal data. No system can be guaranteed to be completely secure, but the service is designed to minimize unnecessary data, transmit requests securely, and separate app logic, API logic, and infrastructure responsibilities clearly.
We may update this privacy policy when the service changes, when processors are added or replaced, or when legal requirements require an update.
Last updated: March 22, 2026
