Cereby (“Cereby,” “we,” “us,” or “our”) operates the Cereby web application at cereby.ai (the “Service”). This Privacy Policy explains what information we collect, how we use it, how long we keep it, and the choices you have. By using the Service you agree to this policy.

1. Information we collect

We collect the following categories of information:

• Account information. When you sign up we receive your name, email address, and a unique account identifier from our authentication provider (Clerk). If you sign in with Google, we also receive your Google profile name, email, and avatar image.
• Content you create. Notes, documents, study materials, transcripts, chats, and uploaded files (PDFs, audio, video, images) that you create or import into the Service. We process this content to generate summaries, flashcards, study plans, and other study materials at your direction.
• Google user data (optional integration). If you choose to connect Google Calendar, we request the https://www.googleapis.com/auth/calendar.readonly scope. This scope provides read-only access to your calendar events (titles, start/end times, locations) so the Service can suggest study sessions in available time slots. We do not access attendee lists, attachments, or event descriptions, and we never write to or delete events.
• Payment information. When you subscribe, payment details are collected and processed by Stripe. We receive only the metadata needed to manage your subscription (plan, status, renewal date) — never your full card number.
• Usage and device data. We log standard request metadata (IP address, browser, OS, page paths, timestamps) and product analytics events to operate, debug, and improve the Service.

2. How we use your information

• To provide, maintain, and improve the Service.
• To generate study materials at your request (summaries, flashcards, quizzes, learning paths, transcripts, etc.) using AI models from Anthropic, OpenAI, and Google.
• To suggest study sessions and surface upcoming deadlines based on calendar data you have connected.
• To process payments, manage subscriptions, and provide customer support.
• To detect, investigate, and prevent fraud, abuse, and security incidents.
• To comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not use your content or Google user data to train, retrain, or improve generalized AI models.

3. How we share your information

We share data only with vetted subprocessors who help us operate the Service. These include:

• Clerk — authentication and user management.
• Supabase — primary database, file storage, and backend infrastructure.
• Stripe — payment processing and subscription billing.
• Anthropic, OpenAI, Google — AI model providers that process your prompts and content to generate responses. These providers are contractually prohibited from training their models on your data.
• Vercel and DigitalOcean — application hosting and compute infrastructure.
• Analytics and error monitoring — to measure product usage and diagnose bugs.

We may also disclose information when required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets (in which case we will notify you).

4. Data retention and deletion

• Account data is retained for as long as your account is active.
• Content you create is retained until you delete it or close your account.
• Google Calendar data is fetched on demand and cached for up to 24 hours to reduce API calls. Cached data is removed when you disconnect the integration. OAuth refresh tokens are stored encrypted at rest and revoked immediately on disconnect.
• Logs and analytics are retained for up to 90 days, then deleted or anonymized.
• Backups may persist deleted data for up to 30 days before being purged on the standard backup rotation.

To delete your account and all associated content, email us at privacy@cereby.ai. We will complete the deletion within 30 days.

5. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to withdraw consent for processing. To exercise any of these rights, email privacy@cereby.ai. You can also revoke Cereby's access to your Google account at any time at myaccount.google.com/permissions.

6. Security

We use TLS in transit, encryption at rest for sensitive fields (including OAuth tokens), short-lived signed URLs for file access, and least-privilege access controls. No system is perfectly secure, but we work hard to protect your data and notify you promptly in the event of a breach affecting your information.

7. Children's privacy

Cereby is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

8. Google API Services User Data Policy

Cereby's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we affirm the following Limited Use commitments:

• We only use access to Google user data to provide or improve user-facing features that are prominent in the Service's user interface.
• We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with user notice.
• We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
• We do not allow humans to read Google user data unless we have the user's affirmative agreement for specific messages, doing so is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for internal operations where the data has been aggregated and anonymized.
• We do not use Google user data to train or fine-tune generalized or non-personalized AI or machine-learning models.

9. International transfers

We are based in the United States. By using the Service, you understand that your information may be transferred to and processed in the United States and other countries where our subprocessors operate. We rely on Standard Contractual Clauses or other valid transfer mechanisms where required.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service before the changes take effect, and update the “Last updated” date above.

11. Contact us

Questions or requests? Email us at privacy@cereby.ai.