Privacy Policy - Sam The Wise

← Back to Sam The Wise

Last Updated: December 11, 2025

Effective Date: December 11, 2025

Version: 1.0

1. Introduction

Welcome to Sam The Wise ("we," "us," "our," or "the App"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information.

This Privacy Policy explains:

What personal information we collect
How we use your information
Who we share your information with
Your rights and choices
How we protect your information

By using Sam The Wise, you agree to the collection and use of information in accordance with this Privacy Policy.

Important: You must be at least 16 years old to use Sam The Wise. If you are under 16, you may not create an account or use our services.

2. Data Controller Information

Name: Hanan Hebibovic (operating Sam The Wise as an individual)

Email: [email protected]

Location: Eching, Germany

Contact: For privacy inquiries, email us at [email protected]

As Sam The Wise is operated from Germany, German and EU data protection laws apply to our processing of your personal information.

3. Information We Collect

3.1 Information You Provide

Account Information:

Email address (required for account creation and recovery)
Username (unique identifier, publicly visible by default)
Password (encrypted using bcrypt, never stored in plain text)
Profile photo/avatar (optional, stored in Firebase Storage)
Bio/description (optional)
Date of birth (for age verification only, not displayed publicly)

Study Content:

Decks (collections of study cards) you create
Questions and answers you input or generate
Files you upload (images, PDFs) for AI quiz generation
Study session results and progress
Spaced repetition review history
Exam sessions and performance data

Device Permissions (iOS):

Photo Library Access: To upload images from your photo library for quiz generation
Camera Access (Optional): To take photos of notes directly for quiz generation
File Access: To upload PDFs and documents

Note: Permissions can be managed in device settings (iOS: Settings > Sam The Wise > Photos/Camera)

3.2 Information Collected Automatically

Usage Data:

Study session metrics (questions answered, accuracy, time spent)
Feature usage and interaction patterns
App performance and crash data (only if you consent)
Spaced repetition review patterns
Offline mode usage and sync events

4. How We Use Your Information

We use your information to:

Provide the Service: Create your account, generate quizzes, track progress, schedule reviews
Improve the Service: Analyze usage patterns, fix bugs, develop new features
Communicate with You: Send important updates, respond to support requests
Ensure Security: Detect fraud, prevent abuse, enforce Terms of Service
Comply with Law: Fulfill legal obligations, respond to valid legal requests

5. AI Processing and Third-Party Services

5.1 AI Providers

We use third-party AI services to generate quiz questions:

Anthropic Claude: Primary AI for quiz generation and AI Tutor feature
OpenAI GPT-4: Fallback AI for quiz generation

Zero Data Retention Policy:

Both Anthropic and OpenAI have committed to Zero Data Retention for API usage:

Your uploaded files are NOT used to train their AI models
Your content is NOT stored by AI providers beyond processing time
We have Data Processing Agreements with both providers

5.2 File Processing and Storage

Files you upload for AI quiz generation are temporarily stored in Firebase Cloud Storage
Files are automatically deleted after 30 days
You can manually delete uploaded files anytime in Settings > Data Management

Do NOT upload:

Medical records or health information
Government-issued IDs or passports
Financial documents (bank statements, tax returns)
Any sensitive personal information of others

6. Data Sharing and Disclosure

We do NOT sell your personal information.

We may share your information with:

Service Providers: Firebase (hosting), Stripe (payments), Anthropic/OpenAI (AI processing)
Legal Requirements: If required by law or to protect rights and safety
Business Transfers: In event of merger or acquisition (you will be notified)

We share anonymized, aggregated data for:

Analytics and research
Public statistics (e.g., "10,000 quizzes generated this month")

7. Your Rights (GDPR & German Law)

You have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Delete your account and personal data ("right to be forgotten")
Data Portability: Export your data in machine-readable format (JSON)
Object: Object to processing based on legitimate interests
Restrict Processing: Limit how we use your data
Withdraw Consent: Revoke consent for data processing (may limit functionality)

To exercise these rights:

Email [email protected] with your request
Use in-app tools: Settings > Data Management > Export Data / Delete Account

Response Time: We will respond within 30 days as required by GDPR.

Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority (in Germany: Bundesbeauftragter für den Datenschutz und die Informationsfreiheit).

8. Data Retention

Data Type	Retention Period
Account Information	Until account deletion
Study Content (Decks, Questions)	Until account deletion or manual deletion
Uploaded Files (Images, PDFs)	30 days (automatic deletion)
Usage Analytics	2 years (anonymized after 90 days)
Payment Records	7 years (German tax law requirement)
Support Communications	2 years

9. Security Measures

We protect your data using:

Encryption: All data transmitted via HTTPS/TLS, passwords encrypted with bcrypt
Firebase Security Rules: Strict access control on database
Regular Security Audits: Ongoing monitoring and updates
Minimal Data Collection: We only collect what's necessary

No system is 100% secure. While we implement industry-standard security measures, we cannot guarantee absolute security. You are responsible for keeping your password secure.

10. Cookies and Tracking

We use minimal tracking:

Essential Cookies: Required for authentication and app functionality
Analytics: Firebase Analytics (can be disabled in Settings > Privacy)
No Advertising Trackers: We do not use cookies for advertising

How to Control Cookies:

iOS: Settings > Sam The Wise > Limit Ad Tracking
In-App: Settings > Privacy > Analytics (toggle off)

11. Children's Privacy

Sam The Wise is NOT intended for children under 16.

We do not knowingly collect personal information from anyone under 16. If we discover a user is under 16, we will immediately delete their account and data.

Parents: If you believe your child has created an account, contact [email protected] immediately.

12. International Data Transfers

Sam The Wise is operated from Germany (EU). Your data is primarily stored in EU data centers (Firebase Europe West).

For AI processing, data may be transferred to:

Anthropic (US): Claude API processing - covered by EU-US Data Privacy Framework
OpenAI (US): GPT-4 API processing - covered by EU-US Data Privacy Framework

We ensure appropriate safeguards (Standard Contractual Clauses, Data Processing Agreements) are in place for all international transfers.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

How we notify you:

Material Changes: Email notification + in-app notice 30 days before
Minor Changes: Update "Last Updated" date at top

Continued use after changes means you accept the updated Privacy Policy.

14. Contact Us

For privacy questions or concerns:

Email: [email protected]

Subject line: "Privacy Inquiry"

We will respond within 30 days.