Privacy Policy

Last Updated: January 2026

1. Introduction

Welcome to SuperMemo. We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how SuperMemo World ("we", "us", or "our") collects, uses, discloses, and safeguards your information when you visit our website or use our services (collectively, the "Service"). We process your data in accordance with the Regulation (EU) 2016/679 (General Data Protection Regulation, or "GDPR") and applicable Polish data protection laws.

2. Data Controller

The data controller responsible for your personal information is: SuperMemo World. If you have any questions about this Privacy Policy or our data practices, please contact us using the information in Section 9.

3. Information We Collect

We collect only the information necessary to provide and improve our Service.

3.1 Information You Provide to Us

  • Account Information: When you register for an account, we collect your email address. This is required to identify you, provide access to your licensed software, and communicate with you about your account.

3.2 Information Automatically Collected

When you access or use the Service, we may automatically collect certain information, including:

  • Usage Data: IP address, browser type and version, operating system, referral sources, page views, and the dates and times of your visits.
  • Device Data: Information about your computer or mobile device.

3.3 Payment Information

We do not collect or store payment card information. All payments are processed by our third-party payment processor, Stripe. When you make a purchase, your payment data is sent directly to Stripe and is governed by their privacy policy. We may receive confirmation of payment success or failure, but we never see or store your full payment credentials.

4. Legal Basis for Processing (GDPR)

Under GDPR, we must have a legal basis to process your information. We rely on the following bases:

  • Performance of a Contract: To fulfill our obligations under the Terms of Service (e.g., creating your account, providing the Software).
  • Legitimate Interests: To improve and secure our Service, analyze usage, and prevent fraud (e.g., collecting technical data).
  • Legal Obligation: To comply with applicable laws and regulations.
  • Consent: Where required by law, we will obtain your consent before processing your data (e.g., for certain cookies).

5. How We Use Your Information

We use the information we collect for the following purposes:

  • To create and maintain your account.
  • To process your software license and deliver the Service.
  • To communicate with you about updates, security alerts, and support messages.
  • To monitor and analyze usage and trends to improve your experience.
  • To detect, prevent, and address technical issues or fraudulent activity.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following limited circumstances:

  • Service Providers: We engage trusted third parties (e.g., Stripe for payments, hosting providers) to perform functions on our behalf. They access only the data necessary to perform their functions and are contractually bound to protect your data.
  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. You will be notified via email of any change in ownership.

7. Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (e.g., for tax, legal, or accounting purposes).

  • Account Data: Retained for as long as your account is active.
  • Usage Data: Retained for a period of [e.g., 12 months] for analytical purposes.
  • Deletion: You may request deletion of your account and associated data at any time by contacting us.

8. Your Data Protection Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request that we correct inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): You may request that we delete your personal data, subject to certain legal exceptions.
  • Right to Restrict Processing: You may request that we limit the processing of your data.
  • Right to Data Portability: You may request that we transfer your data to another organization in a structured, commonly used format.
  • Right to Object: You may object to our processing of your data based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw it at any time.

To exercise any of these rights, please contact us at smradmin@supermemo.org. We will respond to your request within one month. You also have the right to lodge a complaint with a supervisory authority (in Poland, the Personal Data Protection Office (UODO)).

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

10. International Data Transfers

Your information may be transferred to and processed in countries outside of the European Economic Area (EEA) where our service providers operate. We ensure that such transfers are protected by appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without verification of parental consent, we will take steps to delete that information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational reasons. We will notify you of any material changes by posting the new policy on this page with an updated "Last Updated" date and, where appropriate, via email.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: smradmin@supermemo.org