Privacy Policy

Last updated: February 13, 2025

1. Who We Are (Data Controller)

Temar ("Temar", "we", "us", or "our") operates a spaced repetition and knowledge management platform (the "Service").

For purposes of applicable data protection laws, Temar is the data controller of your personal information.

If you have any questions regarding this Privacy Policy or our data practices, you may contact us at:

Email: [email protected]

2. Scope of This Policy

This Privacy Policy applies to all users of the Service, including:

  • Visitors to our website
  • Registered users
  • Free-tier users
  • Paid subscribers

This Policy describes how we collect, use, store, transfer, and protect your personal information.

3. Legal Basis for Processing (GDPR Compliance)

Where applicable under the General Data Protection Regulation (GDPR) or similar laws, we process your personal data based on one or more of the following legal bases:

  • Performance of a contract – to provide you with the Service you request.
  • Legitimate interests – to improve the Service, prevent fraud, and ensure security.
  • Legal obligations – to comply with applicable laws and regulatory requirements.
  • Consent – where required (e.g., marketing communications or optional integrations).

4. Information We Collect

4.1 Information You Provide Directly

Account Information

  • Name
  • Email address
  • Encrypted password (hashed using industry-standard algorithms)
  • Profile information

User Content

  • Notes, flashcards, topics, learning schedules
  • Attachments and uploaded files
  • Study history and progress tracking data
  • Any content stored within your workspace

You retain ownership of your User Content.

Payment Information

Subscription payments are processed through secure third-party providers such as Stripe. We do not store full credit card numbers.

Communications

Messages, support inquiries, and feedback.

4.2 Information Collected Automatically

When you use the Service, we collect:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Log data and timestamps
  • Feature usage data
  • Study session activity and interaction metrics

We use cookies and similar technologies for:

  • Authentication
  • Session management
  • Performance analytics
  • Preference storage

4.3 Information from Third Parties

If you authenticate via third-party providers such as:

  • Google
  • GitHub

We may receive basic profile information (such as name and email address) as permitted by your account settings with those services.

5. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Generate personalized spaced repetition schedules
  • Synchronize data across devices
  • Process subscription payments
  • Improve platform performance and reliability
  • Prevent fraud and unauthorized access
  • Comply with legal obligations

We do not sell your personal data.

We do not use your User Content to train machine learning models without your explicit consent.

6. Automated Processing and Profiling

The Service uses automated processing to generate study schedules and optimize learning intervals.

However:

  • We do not engage in automated decision-making that produces legal or similarly significant effects.
  • You may contact us if you have questions about how personalization features operate.

7. Data Storage and Infrastructure

7.1 Hosting and Database Architecture

  • User data is stored in a secure PostgreSQL database environment.
  • Infrastructure is hosted on secure cloud servers located in the United States.
  • We use logical access controls to restrict internal access.
  • Data is separated between users through application-level authorization controls.

7.2 Security Measures

We implement:

  • TLS encryption for data in transit
  • Encryption of sensitive data at rest
  • Secure password hashing
  • Role-based access controls
  • Infrastructure monitoring
  • Regular vulnerability assessments
  • Automatic database backups

While we implement industry-standard security safeguards, no system can guarantee absolute security.

8. Data Retention

We retain personal information:

  • For as long as your account remains active
  • As necessary to fulfill contractual obligations
  • As required by law

If you delete your account:

  • Active system data is deleted within 30 days
  • Backup copies may persist for up to 90 days for disaster recovery
  • Certain minimal records may be retained for fraud prevention or legal compliance

Backups are maintained for disaster recovery and are not intended as long-term archival storage.

9. Data Sharing and Subprocessors

We share personal information only with:

9.1 Service Providers

Including:

  • Cloud hosting providers
  • Payment processors
  • Email delivery providers
  • Analytics tools
  • Infrastructure monitoring services

These providers process data on our behalf under contractual confidentiality and security obligations.

We maintain a list of subprocessors available upon request.

9.2 Legal and Safety Reasons

We may disclose data if required by law or to:

  • Comply with court orders
  • Protect rights and safety
  • Prevent fraud or abuse

9.3 Business Transfers

In the event of merger, acquisition, restructuring, or asset sale, user information may be transferred. We will notify users of material changes in ownership or control.

10. International Data Transfers

Our Service operates in the United States.

If you access the Service from outside the United States, your data may be transferred and processed in the United States.

Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent legal mechanisms.

11. Data Breach Notification

In the event of a security breach affecting personal data, we will:

  • Investigate promptly
  • Mitigate impact
  • Notify affected users and relevant authorities as required by applicable law

12. Your Privacy Rights

Depending on your location, you may have rights including:

  • Access
  • Correction
  • Deletion
  • Data portability
  • Restriction of processing
  • Objection to processing
  • Withdrawal of consent

To exercise these rights, contact: [email protected]

We will respond in accordance with applicable law.

13. California Privacy Rights

If you are a California resident, you have rights under the CCPA/CPRA, including:

  • Right to know
  • Right to delete
  • Right to correct
  • Right to opt out of sale (we do not sell data)
  • Right to non-discrimination

We do not respond to "Do Not Track" browser signals.

14. Children's Privacy

The Service is not directed to children under 13 (or 16 where applicable). We do not knowingly collect personal data from children.

15. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated through the Service or via email.

16. Contact Information

Email: [email protected]