Protecting your personal data is important to us. Below we inform you about what data we collect, how we use it, and what rights you have.

1. Controller

The controller for data processing on this platform is the operator named in the Legal Notice.

2. Data Collected

We process the following categories of personal data:

Account data: Name, email address, date of birth, hashed password, role (student/teacher/admin).
Learning data: Subject enrolment, assignments, flashcards and learning progress (SM-2 algorithm), quiz attempts and results, grades.
Usage data: Login timestamps, session cookies, IP address (in server logs).
Communication data: Messages sent via the platform.
AI interactions: Inputs to and responses from AI-assisted features (e.g. quiz generation, summaries).

3. Purpose of Processing

Data is processed exclusively for the following purposes:

Provision and personalisation of the learning platform
Authentication and access control
Calculation of learning intervals and learning progress
Generation of AI-assisted learning content (quiz questions, summaries)
Grade overview and performance evaluation
Communication between teachers and learners

4. Legal Basis

Processing is carried out on the basis of Art. 6 para. 1 GDPR:

Lit. b (contract performance): Provision of platform features within the scope of the Terms of Use.
Lit. a (consent): Use of AI features where these are optional.
Lit. f (legitimate interest): Platform security, abuse prevention.

5. Third-Party Providers

For AI-assisted features we use the service OpenRouter (OpenRouter, Inc., USA). The relevant input data (e.g. topic text for quiz generation) is transmitted to OpenRouter. OpenRouter processes this data in accordance with its own privacy policy. No personal account data is transmitted to OpenRouter — only the subject-matter content of the request.

Transfer to the USA is carried out on the basis of standard contractual clauses (Art. 46 para. 2 lit. c GDPR).

6. Payment Processing via PayPal

For processing subscription payments we use the service PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg).

When concluding a subscription, the following data is transmitted to PayPal:

Name and email address
Payment information (processed directly by PayPal)
Subscription details (plan, amount, term)
An internal user ID to associate the payment with your account

Legal basis: Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR (contract performance). Payment processing is necessary for the performance of the subscription contract.

PayPal processes your data in accordance with its own privacy policy: PayPal Privacy Statement.

Right to object: You can object to the processing of your data by PayPal by cancelling your subscription. Cancellation is possible at any time via your user profile.

7. Retention Period

Your data is stored for as long as your account is active. After deletion of your account, personal data will be completely removed within 30 days. Anonymised, aggregated usage statistics may be retained beyond this period.

8. Server Location

All personal data is stored and processed exclusively on servers in Germany — fully under German and EU law (GDPR). No data is transferred to third countries outside the EU, with the exception of the AI services and payment processing described in sections 5 and 6.

9. Your Rights

Pursuant to Art. 15–21 GDPR you have the right to:

Access your stored data (Art. 15)
Rectification of inaccurate data (Art. 16)
Erasure of your data (Art. 17) — you can delete your account at any time in your profile
Restriction of processing (Art. 18)
Data portability (Art. 20) — export your data via your profile
Objection to processing (Art. 21)

You also have the right to lodge a complaint with a supervisory authority.

10. Cookies & Tracking

We use only technically necessary session cookies for authentication. No tracking, analytics, or advertising cookies are used. Specifically, we do not run Google Analytics, the Meta/Facebook Pixel, or any other third-party analytics service. No external tracking scripts run on this platform. Cookie consent is therefore not required — we show no cookie banner.

11. Minors

The platform is intended for use by school students. For the use of AI-assisted features by persons under 16 years of age, consent from a parent or guardian is required (Art. 8 GDPR).

12. Changes

We reserve the right to update this privacy policy as necessary to reflect changes in the law or changes to the platform. The current version is always available on this page.

Last updated: May 2026

10.2 Passwörter, 2FA & Kontosicherheit — Quiz