clamly

Privacy Policy

Last updated: May 21, 2026

1. Introduction

Welcome to Clamly ("we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.

Clamly is operated from Romania and is the data controller responsible for your personal data. As Romania is part of the European Union, your data is handled in accordance with the EU General Data Protection Regulation (GDPR).

By using Clamly at clamly.xyz(the "Service"), you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and display name
  • Email address
  • Password (securely hashed — we never store plaintext passwords)
  • Profile preferences (country, study purpose, theme, and notification settings)

2.2 Social Login

If you sign in with Google, we receive your name, email, and profile picture. We do not access any other data from your Google account unless you explicitly grant additional permissions (e.g., Google Calendar sync).

2.3 Content You Create

We store data you create within the Service, including:

  • Quizzes, quiz attempts, and scores
  • Flashcard decks and review history
  • Notes and todos
  • Exam calendar entries
  • AI chat conversations
  • Uploaded files (PDFs, documents) for AI quiz generation
  • Study group memberships and shared content
  • Pomodoro session history
  • Achievement progress and coin transactions

2.4 Automatically Collected Data

When you use the Service, we automatically collect:

  • Session cookies for authentication
  • Your IP address, used for security and rate limiting
  • Browser and device information (e.g., browser type, screen size)
  • Product analytics and error diagnostics — but only if you consent via our cookie banner (see Section 11)

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Generate AI-powered quizzes and study materials from your uploads
  • Power AI chat conversations to help you study
  • Schedule flashcard reviews using spaced repetition
  • Facilitate study groups and shared quizzes
  • Sync exam data with Google Calendar (only when you explicitly connect)
  • Send verification emails, push notifications, and study reminders
  • Track study streaks, coins, achievements, and progress
  • Process subscription payments through Stripe (we never store card details)

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

4. Google Calendar Integration

If you choose to connect Google Calendar, we request access to read and write calendar events. This is used exclusively to sync your Clamly exam schedule with your Google Calendar. You can disconnect at any time from the Exams page, which revokes our access and deletes your stored tokens.

5. AI Features

When you use AI features (quiz generation, highlights, or chat), the content you provide (text, uploaded documents, or messages) is sent to Mistral AI, our AI processing provider, for processing. We do not use your content to train AI models, and Mistral does not train on data submitted through their API. AI-generated results are stored in your account for your convenience.

6. Payments

Subscription payments are processed by Stripe. When you subscribe to a paid plan, your payment information is collected and processed directly by Stripe — we never see or store your card details. Please refer to Stripe's Privacy Policy for how they handle payment data.

7. Push Notifications

If you opt in, we send push notifications for study reminders, exam alerts, and achievement updates. You can manage notification preferences from your Profile page or disable them at any time through your browser settings.

8. Data Storage & Security

Your data is stored in secure, encrypted databases. Passwords are hashed using industry-standard algorithms. Authentication sessions use secure, HTTP-only cookies. We take reasonable measures to protect your information, though no system is 100% secure.

9. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

10. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Withdraw consent for optional features (e.g., Google Calendar sync)
  • Export your data

You can export all your data directly from your Profile page using the "Export Data" button. To exercise any other rights, please contact us at support@clamly.app.

11. Cookies & Analytics

We use essential cookies for authentication, session management, and theme preferences. These are always active because the Service cannot function without them.

We also use analytics cookies— PostHog (product analytics) and Sentry (error and performance diagnostics) — but only after you opt in through our cookie consent banner. If you decline, neither is loaded. You can change your choice at any time using the "Cookie settings" link in the footer or on your Profile page. We do not use advertising cookies or share analytics data with third parties for marketing.

12. Third-Party Service Providers

We share the minimum data necessary with the following service providers ("subprocessors") to operate the Service. Each processes data only on our instructions:

  • Vercel — application hosting and request logs
  • Neon — database hosting (EU region)
  • Mistral AI — AI quiz generation and chat (your submitted text and documents)
  • Stripe — subscription payments (email, name, billing details — card data handled entirely by Stripe)
  • Resend — transactional emails (verification, password reset)
  • Cloudflare R2 — storage of files you upload
  • Upstash — rate limiting (IP address)
  • Google — sign-in and, if you connect it, Calendar sync
  • PostHog — product analytics (only with your consent)
  • Sentry — error and performance diagnostics (only with your consent)

13. Legal Bases for Processing (EEA/UK)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR:

  • Performance of a contract — to create your account, store your content, and deliver the features you sign up for
  • Consent — for analytics cookies, optional Google Calendar sync, and push notifications (you may withdraw consent at any time)
  • Legitimate interests — for security, rate limiting, and fraud prevention
  • Legal obligation — to keep records required by law (e.g., payment records) and to respond to lawful requests

14. International Data Transfers

Our database and rate-limiting infrastructure are hosted in the European Union. Some of our service providers (such as Stripe, Resend, and Vercel) are based in the United States and may process your data there. Where data is transferred outside the EEA/UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

15. Children's Privacy

Clamly is not directed at children under 13 (or under 16 in some EEA countries, where a higher digital-consent age applies). We do not knowingly collect personal data from children below the applicable age. If you believe a child has provided us with personal data, please contact us and we will delete it.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service. Your continued use after changes constitutes acceptance of the updated policy.

17. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@clamly.app.