Data Retention & Security

1. How long we keep your data

We keep personal data only for as long as we need it for the purpose it was collected, or for as long as the law requires us to. The table below sets out the main categories, together with the concrete retention period or the criteria we use to determine it.

• Account & sign-in details (your name, email, profile picture from an OAuth provider, and the birth year used for age verification) are kept for the life of your account and are then erased within about 30 days of you deleting your account (a short window that lets the deletion propagate across our systems and backups). If an account stays inactive for an extended period we may delete it after giving you notice first.
• Scores, ranks and learning history (your scores, rating, rank changes and concept mastery) are kept for the life of your account, or until you reset your progress, and are then deleted within the same ~30-day window.
• Your answers and feedback (the question, your free-text answer, and the rubric-based feedback) are kept for the life of your account and deleted within the same ~30-day window after account deletion.
• Handwriting photos are not stored. When you submit a photo for grading it is sent to our grading provider, processed, and then discarded — we do not keep a copy on our servers. The recognized answer text, however, is stored as described above.
• Subscription & billing records. We store basic subscription status and identifiers (no card details); our local subscription records are deleted when your account is deleted. Payments are handled by our merchant of record, Polar, which — as the seller of record — retains the underlying tax and invoicing records for the periods German statutory law requires: broadly 8 years for invoices and up to 10 yearsfor other accounting records (§ 257 HGB, § 147 AO). These statutory periods are set by law and take precedence over the deletion of our local records.
• Security & event logs(such as a request’s IP address and the route accessed) are kept on a short-lived basis so we can protect the Service against abuse, investigate incidents and meet our security obligations. Where an event is flagged for abuse (for example a suspected prompt-injection attempt), the log additionally retains a short, length-capped snippet of the typed text that triggered the flag, alongside the IP address. We prune these logs periodically on a best-effort basis, targeting about 90 days; because the prune runs opportunistically rather than on a fixed schedule, some records may persist somewhat longer before they are removed.
• Analytics (aggregate page views and performance) are retained for up to 14 months and then deleted or fully aggregated; see our Cookie Policy.

Where a specific statutory retention period applies (for example, the tax and accounting records held by our payment provider described above), that period overrides the general rule and we — or the provider — keep the relevant records for as long as the law requires. When the purpose for keeping a category of data ends and no statutory period applies, we delete or anonymise it.

2. Deleting your data

You stay in control of your data and can remove it directly within the app:

• Reset progress. You can reset your learning data — scores, attempts and mastery — from within your account at any time, without deleting the account itself.
• Delete your account. Deleting your account removes your account record and the associated per-user data, including your scores, attempts, answers and local subscription record, and cancels any active Pro subscription. Because no copy is kept, this action cannot be undone.

You also have the right to request access to, correction of, or erasure of your personal data, and to ask for a copy in a portable format. We aim to respond to such requests within one month. See the Privacy Policy for the full list of your rights and how to exercise them.

3. How we protect your data

We use technical and organizational measures appropriate to the risk to keep your data secure, including:

• Encryption in transit. Traffic between you and the Service is encrypted using HTTPS/TLS.
• Row-level access controls. Our database uses row-level security so that your records are only accessible to you and to the parts of the Service authorized to handle them.
• Server-side handling of sensitive operations. Sensitive actions — such as account deletion and operations that use privileged credentials — are performed on the server and are never exposed to the browser.
• Access on a need-to-know basis and rate limiting and abuse detection to help protect against unauthorized or automated misuse.

No method of transmission or storage is completely secure, so while we work hard to protect your data we cannot guarantee absolute security.

4. If a data breach occurs

If a personal-data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hoursof becoming aware of it, in line with Article 33 of the GDPR. Where notification is delayed beyond 72 hours, we accompany it with the reasons for the delay, and we may provide the required information in phases as it becomes available.

Where a breach is likely to result in a high risk to your rights and freedoms, we will also inform affected users without undue delayand in clear, plain language, describing what happened and the steps we are taking, in line with Article 34 of the GDPR. We document the facts of any breach, its effects and the remedial action taken.

Our lead supervisory authority is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestraße 2–4, 40213 Düsseldorf, Germany.

5. Changes to this page

We may update this page as our practices, providers or the law change. We will revise the "Last updated" date above when we do.

6. Contact

Questions about data retention or security: [email protected] — noobtopro, Cologne (Köln), Germany.