Privacy Policy
Last updated: April 2026
1. Who We Are (Data Controller)
Temar ("Temar", "we", "us", or "our") operates a spaced repetition and knowledge management platform (the "Service").
For purposes of applicable data protection laws, Temar is the data controller of your personal information.
If you have any questions regarding this Privacy Policy or our data practices, you may contact us at:
Email: [email protected]
2. Scope of This Policy
This Privacy Policy applies to all users of the Service, including:
- Visitors to our website
- Registered users
- Free-tier users
- Paid subscribers
This Policy describes how we collect, use, store, transfer, and protect your personal information.
3. Legal Basis for Processing (GDPR Compliance)
Where applicable under the General Data Protection Regulation (GDPR) or similar laws, we process your personal data based on one or more of the following legal bases:
- Performance of a contract – to provide you with the Service you request, including the generation of AI-powered study content, schedules, and learning insights. Where you use AI-powered features, the processing of your submitted content by AI model providers is carried out on this legal basis, as it is necessary to provide the features you have requested.
- Legitimate interests – to improve the Service, prevent fraud, and ensure security.
- Legal obligations – to comply with applicable laws and regulatory requirements.
- Consent – where required (e.g., analytics cookies, marketing communications, or optional integrations). You can manage your cookie preferences at any time via the Cookie Settings link in the footer.
4. Information We Collect
4.1 Information You Provide Directly
Account Information
- Name
- Email address
- Encrypted password (hashed using industry-standard algorithms)
- Profile information
User Content
- Notes, flashcards, topics, learning schedules
- Attachments and uploaded files
- Study history and progress tracking data
- Any content stored within your workspace
You retain ownership of your User Content.
Payment Information
Subscription payments are processed by Paddle.net Market Ltd ("Paddle"), acting as our Merchant of Record. We do not receive or store your full credit card details. Paddle collects and processes payment information directly. Please review Paddle's Buyer Privacy Notice for information on how Paddle processes your payment data.
API Keys (BYOK)
If you choose to connect a third-party API key ("Bring Your Own Key"), we store that key in encrypted form solely for the purpose of executing your requested AI operations. API keys are not shared with any party other than the corresponding AI provider when fulfilling your requests.
Communications
Messages, support inquiries, and feedback.
4.2 Information Collected Automatically
When you use the Service, we collect:
- IP address
- Browser type and version
- Device type and operating system
- Log data and timestamps
- Feature usage data
- Study session activity and interaction metrics
We use cookies and similar technologies for:
- Authentication
- Session management
- Performance analytics
- Preference storage
4.3 Cookies and Tracking Technologies
We categorize cookies into two groups:
- Necessary cookies – required for authentication, session management, and core functionality. These cannot be disabled.
- Analytics cookies – used to understand how visitors interact with the Service. We use Google Analytics 4 (operated by Google LLC) to collect anonymized usage data including page views, device information, and approximate geographic region. IP anonymization is enabled by default. Analytics cookies are only set after you provide explicit consent via our cookie banner.
We also set a temar-cookie-consent cookie to remember your cookie preferences. This is classified as a necessary cookie.
You can change your cookie preferences at any time using the "Cookie Settings" link in the footer. For more information about how Google processes analytics data, see Google's Privacy Policy.
4.4 Information from Third Parties
If you authenticate via third-party providers such as Google or GitHub, we may receive basic profile information (such as name and email address) as permitted by your account settings with those services.
5. How We Use Your Information
We use your information to:
- Provide and maintain the Service
- Generate personalized spaced repetition schedules
- Synchronize data across devices
- Process subscription payments through Paddle
- Improve platform performance and reliability
- Prevent fraud and unauthorized access
- Comply with legal obligations
AI-Powered Features: When you use AI-powered features, the content you have submitted (including notes, learning materials, and questions) may be transmitted to third-party AI model providers for processing. These providers process your content solely to generate AI outputs and do not retain your content for their own training purposes unless you have separately consented to such use with that provider. We encourage you to review the privacy policies of any AI provider whose model you select.
We do not sell your personal data.
We do not use your User Content to train our own machine learning models without your explicit consent.
6. Automated Processing and Profiling
The Service uses automated processing to generate study schedules and optimize learning intervals.
However:
- We do not engage in automated decision-making that produces legal or similarly significant effects.
- You may contact us if you have questions about how personalization features operate.
7. Data Storage and Infrastructure
7.1 Hosting and Database Architecture
- User data is stored in a secure PostgreSQL database environment.
- Infrastructure is hosted on secure cloud servers located in the United States (see subprocessors table in Section 9.1 for our current hosting provider).
- We use logical access controls to restrict internal access.
- Data is separated between users through application-level authorization controls.
7.2 Security Measures
We implement:
- TLS encryption for data in transit
- Encryption of sensitive data at rest
- Secure password hashing
- Role-based access controls
- Infrastructure monitoring
- Regular vulnerability assessments
- Automatic database backups
While we implement industry-standard security safeguards, no system can guarantee absolute security.
8. Data Retention
We retain personal information:
- For as long as your account remains active
- As necessary to fulfill contractual obligations
- As required by law
If you delete your account:
- Active system data is deleted within 30 days
- Backup copies may persist for up to 90 days for disaster recovery
- Certain minimal records may be retained for fraud prevention or legal compliance
Backups are maintained for disaster recovery and are not intended as long-term archival storage.
9. Data Sharing and Subprocessors
We share personal information only with:
9.1 Service Providers (Subprocessors)
We use the following subprocessors who process personal data on our behalf. Each is bound by contractual confidentiality and security obligations:
| Subprocessor | Purpose | Location |
|---|---|---|
| OpenAI | GPT model AI processing | USA |
| Google LLC | Gemini model AI processing | USA |
| Anthropic | Claude model AI processing | USA |
| Paddle.net Market Ltd | Payment processing (Merchant of Record) | UK / Ireland |
| Google LLC (Google Analytics) | Website analytics and usage statistics | USA |
When AI features are used, your content is processed by the respective AI provider under that provider's API data usage policies.
9.2 Legal and Safety Reasons
We may disclose data if required by law or to:
- Comply with court orders
- Protect rights and safety
- Prevent fraud or abuse
9.3 Business Transfers
In the event of merger, acquisition, restructuring, or asset sale, user information may be transferred. We will notify users of material changes in ownership or control.
10. International Data Transfers
Our Service operates in the United States.
If you access the Service from outside the United States, your data may be transferred and processed in the United States.
Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent legal mechanisms.
11. Data Breach Notification
In the event of a security breach affecting personal data, we will:
- Investigate promptly
- Mitigate impact
- Notify affected users and relevant authorities as required by applicable law
12. Your Privacy Rights
Depending on your location, you may have rights including:
- Access
- Correction
- Deletion
- Data portability
- Restriction of processing
- Objection to processing
- Withdrawal of consent
To exercise these rights, contact: [email protected]
We will respond in accordance with applicable law.
13. California Privacy Rights
If you are a California resident, you have rights under the CCPA/CPRA, including:
- Right to know
- Right to delete
- Right to correct
- Right to opt out of sale (we do not sell data)
- Right to non-discrimination
We do not respond to "Do Not Track" browser signals.
14. Children's Privacy
The Service is not directed to children under 13 (or 16 where applicable). We do not knowingly collect personal data from children.
15. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated through the Service or via email.
16. Contact Information
Email: [email protected]