PRIVACY POLICY - ROCKETLEARN
Last Updated: 20.11.2025
INTRODUCTION
RocketLearn ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and web services. Please read this policy carefully to understand our practices regarding your personal data.
INFORMATION WE COLLECT
Information You Provide Directly
Account Information: When you create an account, we collect your email address and an optional name. If you choose to sign in with Google, we collect information provided by Google OAuth.
User Content: We collect and store all content you create or upload, including notes, folders, documents (PDFs, text files, Word documents, presentations), audio recordings, video files, web links, and any text or content you add to your notes.
Onboarding Information: If you complete our onboarding process, we may collect information about your student status, study preferences, learning styles, academic goals, and time commitments. This information is used to personalize your experience.
Subscription Information: If you purchase a subscription, we collect payment information through our third-party payment processor, RevenueCat. We do not store your full payment card details on our servers.
Information Automatically Collected
Device Information: We collect information about your device, including device type, operating system, browser type, device identifiers, and mobile network information.
Usage Data: We collect information about how you interact with our services, including pages viewed, features used, time spent on features, study session duration, and navigation patterns.
Log Data: When you access our services, we automatically collect certain information, including your IP address, access times, pages viewed, and error logs.
Analytics Data: We collect anonymized analytics data about feature usage, performance metrics, and app crashes. This data does not include personally identifiable information.
Information from Third-Party Services
Authentication Services: If you sign in with Google, we receive information from Google OAuth as permitted by your Google account settings.
Subscription Services: RevenueCat provides us with information about your subscription status, purchase history, and subscription entitlements.
HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:
Service Provision: To create, store, and manage your notes, folders, documents, and study materials. To process your audio recordings and transcribe them using AI services. To generate AI-powered summaries, flashcards, quizzes, exercises, and other study content based on your materials. To provide AI chat functionality that answers questions about your notes.
Account Management: To create and manage your account, authenticate your identity, and provide customer support.
Subscription Management: To process subscription purchases, manage your subscription status, and provide access to premium features.
Service Improvement: To analyze usage patterns, understand how features are used, improve our services, and develop new features. This includes using anonymized analytics data.
Security and Fraud Prevention: To detect, prevent, and address security threats, fraud, unauthorized access, and other malicious activities. To monitor for abuse and ensure compliance with our terms of service.
Communication: To send you service-related notifications, such as account verification emails, password reset emails, and important service updates. We do not send marketing emails without your consent.
Legal Compliance: To comply with applicable laws, regulations, legal processes, and government requests.
DATA STORAGE AND SECURITY
Where Your Data is Stored
Database: Your account information, notes, folders, and metadata are stored in Supabase PostgreSQL databases. The location of these servers depends on your Supabase project configuration, which may be in the United States, European Union, or other regions.
File Storage: Your uploaded documents, audio files, and other files are stored in Supabase Storage buckets. Files are encrypted at rest.
Authentication: User authentication is managed by Supabase Auth, which uses secure token management and password hashing.
Third-Party Processing: Your content may be processed by OpenAI for transcription and AI content generation. OpenAI processes data according to their privacy policy and data processing agreements.
Security Measures
We implement industry-standard security measures to protect your information:
Encryption: All data is encrypted in transit using HTTPS/TLS 1.2 or higher. Data stored in our databases and file storage is encrypted at rest.
Access Controls: We use Row Level Security (RLS) policies to ensure that users can only access their own data. Each user's data is isolated and protected.
Authentication Security: We use secure password hashing and OAuth integration. We implement leaked password protection to prevent the use of compromised passwords.
Audit Logging: We maintain audit logs of security events, authentication attempts, and data access for monitoring and security purposes.
Regular Backups: We maintain automated backups of our databases to prevent data loss.
However, no method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
DATA SHARING AND DISCLOSURE
We do not sell your personal information to third parties.
We may share your information in the following circumstances:
Service Providers: We share information with third-party service providers who perform services on our behalf:
Supabase: Provides database, storage, and authentication services. Supabase processes your data according to their privacy policy.
OpenAI: Processes your audio recordings for transcription and your content for AI-powered feature generation. OpenAI processes data according to their privacy policy and data processing agreements.
RevenueCat: Manages subscription purchases and payment processing. RevenueCat processes payment information according to their privacy policy.
Vercel: Provides web hosting and content delivery services. Vercel processes data according to their privacy policy.
Google: If you choose to sign in with Google, Google processes authentication information according to their privacy policy.
Legal Requirements: We may disclose your information if required by law, regulation, legal process, or government request. We may also disclose information to protect our rights, property, or safety, or that of our users or others.
Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control of your personal information.
With Your Consent: We may share your information with your explicit consent or at your direction.
THIRD-PARTY SERVICES
Our services integrate with the following third-party services. We encourage you to review their privacy policies:
Supabase: Database, storage, and authentication services. Privacy Policy: https://supabase.com/privacy
OpenAI: AI transcription and content generation services. Privacy Policy: https://openai.com/policies/privacy-policy
RevenueCat: Subscription and payment processing. Privacy Policy: https://www.revenuecat.com/privacy
Vercel: Web hosting and content delivery. Privacy Policy: https://vercel.com/legal/privacy-policy
Google: OAuth authentication (if you choose to sign in with Google). Privacy Policy: https://policies.google.com/privacy
YOUR RIGHTS
Depending on your location, you have certain rights regarding your personal information:
GDPR Rights (European Union Users)
If you are located in the European Union, you have the following rights under the General Data Protection Regulation:
Right to Access: You have the right to request a copy of the personal data we hold about you.
Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure: You have the right to request deletion of your personal data ("Right to be Forgotten"), subject to certain exceptions.
Right to Restrict Processing: You have the right to request that we limit how we use your personal data.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
Right to Object: You have the right to object to processing of your personal data for certain purposes.
Right to Withdraw Consent: If we process your data based on consent, you have the right to withdraw that consent at any time.
CCPA Rights (California Users)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
Right to Know: You have the right to know what personal information we collect, use, disclose, and sell.
Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out: You have the right to opt-out of the sale of personal information. We do not sell your personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
How to Exercise Your Rights
To exercise any of these rights, please contact us at:Â
rocketLearn.app@outlook.com
Include the following information in your request:
- Your name and email address associated with your account
- A clear description of the right you wish to exercise
- Any additional information necessary to verify your identity
We will respond to your request within 30 days, or as required by applicable law. We may need to verify your identity before processing your request.
DATA RETENTION
We retain your personal information for the following periods:
Active Accounts: We retain your data for as long as your account is active and you are using our services.
Deleted Accounts: If you delete your account, we will retain your data for 30 days to allow for account recovery. After 30 days, your data will be permanently deleted, except as required by law.
Legal Requirements: We may retain certain information for longer periods as required by law, regulation, or legal process, or to resolve disputes and enforce our agreements.
Audit Logs: We retain audit logs for 90 days for security and monitoring purposes.
Backup Data: Data in backups may be retained for up to 90 days before being permanently deleted.
CHILDREN'S PRIVACY
RocketLearn is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.
If you are between the ages of 13 and 18, you may use our services only with the consent and supervision of a parent or guardian.
INTERNATIONAL DATA TRANSFERS
Your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.
Specifically, your data may be processed and stored in:
- United States (Supabase, OpenAI, RevenueCat, Vercel servers)
- European Union (if you select EU region in Supabase configuration)
- Other regions as determined by our service providers
When we transfer your data internationally, we ensure appropriate safeguards are in place, including:
- Standard contractual clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Other legally recognized transfer mechanisms
By using our services, you consent to the transfer of your information to these countries.
COOKIES AND TRACKING TECHNOLOGIES
We use minimal tracking technologies:
Session Cookies: We use essential session cookies to maintain your authentication state and provide core functionality. These cookies are necessary for the app to function properly.
Analytics: We may use anonymized analytics to understand how our services are used. This data does not include personally identifiable information. You can opt-out of analytics tracking in your device settings.
No Advertising: We do not use advertising cookies or third-party advertising trackers. We do not share your information with advertising networks.
You can control cookies through your device or browser settings. However, disabling essential cookies may affect the functionality of our services.
AUTOMATED DECISION MAKING
We use automated processing for the following purposes:
AI-Powered Features: We use artificial intelligence to transcribe audio recordings, generate summaries, create flashcards, generate quiz questions, and provide AI chat responses. These processes are automated and based on algorithms.
You can control automated processing by choosing not to use AI-powered features. However, some core features of our service rely on automated processing to function.
We do not use automated decision-making for purposes that have legal or similarly significant effects on you, except with your explicit consent or as permitted by law.
DATA BREACH NOTIFICATION
In the event of a data breach that affects your personal information, we will:
Notify you within 72 hours of becoming aware of the breach, if required by law
Provide details about what information was affected
Explain the steps we are taking to address the breach
Offer guidance on steps you can take to protect yourself
CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:
Posting the updated Privacy Policy on this page
Updating the "Last Updated" date at the top of this policy
Sending an email notification to the email address associated with your account (for significant changes)
Displaying a notice in the app (for significant changes)
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
CONTACT US
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: rocketlearn.app@outlook.com
We will respond to your inquiry within 30 days, or as required by applicable law.
DATA PROTECTION OFFICER
For users in the European Union, if you have questions or concerns about our data processing practices under GDPR, you may contact our Data Protection Officer:
Email: rocketlearn.app@outlook.com
CONSENT
By using RocketLearn, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described in this policy. If you do not agree with this Privacy Policy, please do not use our services.
If you have any questions about this Privacy Policy, please contact us using the information provided above.