Welcome to Cerebra! We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information. This Privacy Policy explains our practices in detail.
1. Introduction#
Cerebra ("we," "us," or "our") operates an AI-powered study companion mobile application that helps students transform documents into quizzes, flashcards, and summaries. This Privacy Policy applies to all users of the Cerebra mobile application (iOS and Android).
Service Provider: Cerebra
Location: Accra, Ghana
Contact: dev.richdodzi@gmail.com
When you create an account with Cerebra, we collect:
- Google Sign-In: Name, email address, profile picture (provided by Google)
- Apple Sign-In: Name (optional), email address or private relay email (provided by Apple)
- User Preferences: Educational level, study goals, subject areas
2.2 Content You Upload#
We process and store the following content you provide:
- Document files (PDF, Word, PowerPoint, images, text files)
- Manual topic inputs and study notes
- Generated quizzes, flashcards, and summaries
- Quiz responses and performance data
- Custom annotations and notes
2.3 Usage Data#
We automatically collect information about how you use Cerebra:
- Study session duration and frequency
- Quiz scores and completion rates
- Flashcard review patterns and spaced repetition data
- Feature usage statistics (which tools you use most)
- Study streaks and achievement progress
- Performance trends and analytics
We collect standard device information:
- Device type, model, and operating system version
- Unique device identifiers (for authentication purposes)
- App version and crash reports
- Language and timezone settings
- Network information (WiFi vs cellular, for optimization)
2.5 Analytics Data#
We use third-party analytics services to improve our app:
- Google Analytics: User behavior, session analytics, conversion tracking
- Firebase Analytics: App performance, crash reporting, user engagement
- Mixpanel: Feature adoption, user flow analysis, retention metrics
Payment processing is handled securely by Apple App Store and Google Play Store. We do not directly collect or store your payment card details. We receive only:
- Subscription status (active, expired, canceled)
- Purchase receipts and transaction IDs
- Subscription tier (Free, Premium, Premium Plus)
3.1 To Provide Our Services#
- Process your documents using AI to generate quizzes, flashcards, and summaries
- Store your study materials and sync across your devices
- Track your learning progress and provide personalized recommendations
- Implement spaced repetition algorithms for optimal learning
- Enable offline mode (Premium feature)
3.2 To Improve Our Services#
- Analyze usage patterns to enhance features
- Identify and fix bugs and technical issues
- Develop new features based on user behavior
- Optimize AI generation quality and speed
- Conduct A/B testing for feature improvements
3.3 To Communicate With You#
- Send study reminders and streak notifications (if enabled)
- Provide customer support and respond to inquiries
- Send important service updates and security alerts
- Notify you about new features (you can opt out)
3.4 For Safety and Security#
- Prevent fraud, spam, and abuse
- Enforce our Terms of Service
- Protect against security threats
- Comply with legal obligations
4. AI Processing and Your Content#
4.1 AI Service Providers#
We use the following AI providers to process your documents and generate study materials:
- Google Gemini AI - Document analysis and content generation
- OpenAI (GPT models) - Quiz and flashcard generation
- Anthropic Claude - Summary generation and content refinement
Your Content Remains Private
Zero-Knowledge Architecture: Your documents and study materials are NOT used to train any AI models. We implement strict data isolation:
- AI providers process your content only for generation purposes
- No data retention by AI providers beyond processing time
- Your content is encrypted in transit when sent to AI services
- AI-generated content belongs exclusively to you
4.2 OCR Processing#
When you upload images or scanned documents (Premium feature), we use Optical Character Recognition (OCR) technology to extract text. This processing happens securely on our servers and follows the same privacy standards as all other content.
5. Data Storage and Security#
5.1 Where We Store Your Data#
Your data is stored on secure servers provided by:
- Google Cloud Platform (US regions) - Primary data storage
- Firebase (Google) - Real-time sync, authentication, analytics
5.2 Security Measures#
We implement industry-standard security practices:
- Encryption in Transit: All data transmitted using TLS 1.3
- Encryption at Rest: All stored documents and user data encrypted
- Access Controls: Role-based access for our team members
- Regular Security Audits: Vulnerability assessments and penetration testing
- Secure Authentication: OAuth 2.0 for Google/Apple sign-in
- Optional Two-Factor Authentication (2FA): Additional account security
5.3 Data Retention#
| Data Type |
Retention Period |
| Free Tier Content |
30 days (automatic deletion) |
| Premium Content |
Unlimited (while subscription active) |
| Account Data |
Until account deletion requested |
| Deleted Account Data |
30 days (then permanently deleted) |
| Analytics Data |
26 months (anonymized) |
| Backup Data |
90 days in encrypted backups |
6.1 We Do NOT Sell Your Data#
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
6.2 When We Share Information#
We only share your information in these limited circumstances:
Service Providers
We share data with trusted third-party service providers who help us operate Cerebra:
- Cloud Infrastructure: Google Cloud Platform (hosting, storage)
- AI Processing: Google Gemini, OpenAI, Anthropic Claude
- Analytics: Google Analytics, Firebase, Mixpanel
- Payment Processing: Apple App Store, Google Play Store, RevenueCat
- Advertising: Google Ads (for free tier users who see ads)
All service providers are contractually obligated to protect your data and use it only for specified purposes.
User-Initiated Sharing
When you choose to share content:
- Shared quizzes/flashcards via public links (view-only or interactive)
- QR codes for classroom sharing
- Exported PDFs, images, or Anki files
- Social media shares (Instagram, Twitter, Facebook, WhatsApp)
Legal Requirements
We may disclose your information if required by law or in response to:
- Valid legal processes (subpoenas, court orders)
- Government investigations
- Protection of our rights, property, or safety
- Prevention of fraud or illegal activities
Business Transfers
If Cerebra is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice in the app before any transfer.
7. Your Privacy Rights#
7.1 Access and Control#
You have the following rights regarding your data:
Access Your Data#
- View all your study materials in the app's "My Library"
- Download your data (GDPR/CCPA right) - contact us at dev.richdodzi@gmail.com
Modify Your Data
- Edit quizzes, flashcards, and summaries directly in the app
- Update account preferences and settings
- Change notification preferences
Delete Your Data#
- Delete individual quizzes, flashcards, or documents
- Archive content (hide from view but keep saved)
- Request full account deletion via Settings → Account → Delete Account
- Email us to request account deletion: dev.richdodzi@gmail.com
How to Delete Your Account and Data#
You have the right to request deletion of your account and all associated data at any time.
Method 1: In-App Deletion (Recommended)
- Open the Cerebra app
- Go to Settings → Account
- Tap "Delete Account"
- Confirm your decision
- Your account and all data will be permanently deleted within 30 days
Method 2: Email Request
If you cannot access the app, send an email to dev.richdodzi@gmail.com with:
- Subject: "Account Deletion Request"
- Your registered email address
- Your account name (if you remember it)
We will process your request within 30 days and confirm when your data has been deleted.
What Gets Deleted:
- Your account profile and login credentials
- All uploaded documents
- All generated quizzes, flashcards, and summaries
- Study history, performance data, and analytics
- Subscription information (your subscription will be canceled)
- All personal preferences and settings
Timeline:
- Your account is immediately deactivated
- Data is removed from active systems within 30 days
- Backup copies are purged within 90 days
- Once deleted, your data cannot be recovered
Note: If you have an active subscription, please cancel it through the App Store or Play Store before deleting your account to avoid future charges.
Export Your Data#
- Export flashcards to Anki format
- Export quizzes and summaries as PDF
- Export flashcards as PowerPoint presentations
- Request complete data export in machine-readable format
Opt-Out Rights#
- Disable study reminders and notifications (Settings → Notifications)
- Opt out of analytics collection (Settings → Privacy → Share Usage Data)
- Remove yourself from leaderboards (Settings → Privacy → Leaderboard Participation)
- Hide activity status from friends (Settings → Privacy → Activity Status)
7.2 Regional Privacy Rights#
GDPR (European Union Users)#
If you are located in the European Economic Area (EEA), you have additional rights:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion ("right to be forgotten")
- Right to Restriction: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
To exercise these rights, contact us at dev.richdodzi@gmail.com
CCPA/CPRA (California Users)#
If you are a California resident, you have the right to:
- Know what personal information we collect and how it's used
- Request deletion of your personal information
- Opt-out of the "sale" of personal information (we don't sell your data)
- Non-discrimination for exercising your privacy rights
8. Children's Privacy#
8.1 Age Restrictions#
Cerebra is designed for users aged 14 years and older. We do not knowingly collect personal information from children under 14.
8.2 Parental Consent for Users Under 16#
For users between 14-15 years old, we recommend parental supervision. If you are under 16, please use Cerebra with the knowledge and consent of your parent or guardian.
For users located in jurisdictions requiring parental consent (such as the EU under GDPR for users under 16), we implement the following safeguards:
- Age verification during account creation
- Parental email verification for users under 16
- Limited data collection for younger users
- Enhanced privacy settings by default
8.3 If You Are a Parent#
If you believe your child under 14 has created an account without permission, please contact us immediately at dev.richdodzi@gmail.com, and we will delete the account within 24 hours.
9. Cookies and Tracking Technologies#
9.1 Mobile App#
Our mobile application does not use traditional browser cookies. Instead, we use:
- Local Storage: To cache study materials for offline access
- Session Tokens: To keep you logged in securely
- Analytics SDKs: Google Analytics, Firebase, Mixpanel (can be disabled in Settings)
9.2 Advertising#
Free tier users may see non-intrusive advertisements powered by Google Ads. These ads may use:
- Device advertising identifiers (IDFA on iOS, AAID on Android)
- General usage patterns (anonymized)
- You can opt out of personalized ads in your device settings
Premium subscribers see no advertisements.
10. International Data Transfers#
Cerebra is based in Ghana, but our servers are located in the United States (Google Cloud US regions). If you access Cerebra from outside the US, your data will be transferred to and processed in the United States.
We ensure adequate protection of your data through:
- Standard Contractual Clauses (SCCs) with service providers
- Compliance with GDPR requirements for international transfers
- Encryption of data in transit and at rest
11. Third-Party Links and Services#
Cerebra may contain links to third-party websites or services (e.g., YouTube for transcript imports, Wikipedia for article imports). We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.
12. Changes to This Privacy Policy#
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:
- We will update the "Last Updated" date at the top of this policy
- For material changes, we will notify you via email or in-app notification
- Continued use of Cerebra after changes constitutes acceptance of the updated policy
We encourage you to review this Privacy Policy periodically.
13. Data Breach Notification#
In the unlikely event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of discovery
- Provide details about the breach and data affected
- Explain steps we're taking to address the breach
- Recommend actions you can take to protect yourself
- Notify relevant authorities as required by law
14. Your Consent#
By using Cerebra, you consent to:
- The collection and use of information as described in this Privacy Policy
- The processing of your data by our AI service providers
- The transfer of your data to servers located in the United States
- The use of analytics to improve our services
You can withdraw consent at any time by deleting your account.
16. Compliance and Certifications#
Cerebra is committed to compliance with:
- GDPR - General Data Protection Regulation (EU)
- CCPA/CPRA - California Consumer Privacy Act
- COPPA - Children's Online Privacy Protection Act
- FERPA - Family Educational Rights and Privacy Act (for educational institutions)
We are actively working toward:
- SOC 2 Type II Certification - Enterprise-grade security audit
- ISO 27001 - Information security management