Privacy Policy — StudyCool

Effective date: 2025-10-22 · Data Controller: Enjoy Network KFT.

Contact (privacy requests): hello@enjoynetwork.hu

1. Summary

StudyCool is an educational application that helps learning through AI-generated and user-provided test materials. We collect only the minimal personal data necessary to provide the service. We do not sell personal data, and access is restricted. This policy explains what we collect, why we process it, how we protect it, retention periods and how you can exercise your rights.

2. What data we collect

We process the following categories of data when necessary to deliver the service:

Account and authentication data: username, email address, password (hashed) — for account creation and authentication.
Uploaded content: photos, images, documents uploaded for test generation — these are processed temporarily through our AI pipeline.
Profile & personalization: avatar, grade level, chosen subjects, settings — to personalize the user experience.
Purchase / billing metadata: subscription status, receipts (we do not store card numbers — payments are processed by a third-party payment provider).
Usage and diagnostic data: usage metrics, crash logs, anonymous analytics for product improvement.
Communication / chat content: messages you send via support or chat features if used.

3. Children and parental supervision

StudyCool is intended for school-age learners as well. Parental accounts and supervision features are available; where the law requires parental consent we will request it. If you believe we have processed a child's data without required consent, contact us at hello@enjoynetwork.hu.

4. Purposes of processing

We process personal data for the following purposes:

Account creation, authentication and recovery.
Generating, storing and presenting tests (including temporary processing of uploaded files).
Managing subscriptions and the token/credit system.
Providing support and chat functionality.
Application maintenance, diagnostics and product development (analytics).
Security, fraud prevention and legal compliance.

5. Legal bases

The legal basis for processing may vary by jurisdiction. Typical bases include:

Contract / performance of a service: to operate accounts and provide the core functionality.
Consent: where a feature requires explicit consent (for example some communications or optional sharing).
Legitimate interests: fraud prevention, security and service improvement, balanced against user rights.
Legal obligation: where retention or disclosure is required by law.

6. Retention & uploaded files

Account data (name, username, email) is retained while the account exists. After account deletion we retain only data necessary for legal compliance and dispute resolution. Uploaded files are retained only as long as needed for test generation and are not kept permanently unless the user explicitly saves content or a legal/financial requirement applies. We will delete data upon request subject to applicable legal limits.

7. Sharing and third parties

We share data only in limited circumstances:

Service providers / subprocessors: hosting, analytics, payment processors, AI processing providers, email providers — always under contractual safeguards.
Legal obligations: disclosure to courts or authorities when required by law.
Aggregated or anonymized data: used for product improvement and analytics.

We do not sell personal data.

8. Security

We implement technical and organizational measures to protect data, including:

TLS (HTTPS) for data in transit;
Access controls and role-based permissions;
Password hashing and industry-standard encryption practices;
Monitoring, backups and incident response procedures.

In the event of a data breach we will follow applicable notification rules.

9. Your rights

Depending on applicable law, you may have the right to:

Request access to your personal data;
Request correction of inaccurate data;
Request deletion, subject to legal limitations;
Request restriction or object to processing;
Request portability of your data;
Withdraw consent where processing is based on consent.

To exercise your rights, contact us at hello@enjoynetwork.hu. We will respond without undue delay and, where applicable, within 30 days.

10. Data security summary (for Google Play / App Store)

The key points you can use for store listings:

Collected data: account identifiers (email, username), user content (uploaded images/documents), messages, device/usage data, crash and diagnostic logs, payment metadata (receipts, subscription status).
Purposes: core functionality (test generation), authentication, purchases, analytics, support and security.
Sharing: limited sharing with service providers (hosting, analytics, payments). No sale of personal data.
Encryption: data in transit is encrypted (HTTPS/TLS); at-rest protections are implemented where applicable.

11. Contact & privacy requests

If you have questions or wish to exercise your rights, please contact: hello@enjoynetwork.hu. We will process your request promptly.

12. Changes to this policy

We may update this policy from time to time. Material changes will be published with a new effective date. This document was last updated on: 2025-10-22 (previous version: 2025-08-19).