Privacy Policy
Privacy Policy
Last updated: June 26, 2026
This Privacy Policy explains how [Operator Legal Name](“Aristotree”, “we”, “us”) collects, uses, and protects your personal data when you use Aristotree (the “Service”). We are committed to complying with the GDPR and similar laws. If you do not agree with this policy, do not use the Service.
1. Data we collect
Account data: your email address and display name. We do not store payment card details — billing is handled by Paddle as the Merchant of Record.
Your graph data: the concepts, edges, sources, reviews, mastery states, badges, streaks, and challenge entries you create.
Usage and billing data: credit ledger entries and (if you opt in) a public leaderboard alias.
Technical data: a signed session cookie, a cookie that remembers your consent choice, request identifiers, and limited server logs. We use your IP address only for rate limiting and abuse prevention.
2. How we use your data
- to provide the concept graph, spaced reviews, and AI-assisted features you request;
- to manage your account and credit balance;
- to enforce rate limits and protect against abuse;
- to operate an opt-in public leaderboard when you choose to participate;
- to maintain security, reliability, and support.
3. Legal bases (GDPR)
We process your data on the following bases: performance of a contract (running the Service for you), your consent (where you opt into features like the leaderboard), compliance with legal obligations, and our legitimate interests in security and abuse prevention. You can withdraw consent for optional features from your settings at any time.
4. AI processing and external sources
To generate concept suggestions, summaries, and media, Aristotree sends your queries to third-party services, which may include Google Gemini and Wikimedia (Wikipedia and Wikidata). We send only what is needed to fulfill your request (for example, a search term or a concept title), not your entire graph. These providers process data under their own terms and may be located outside the EEA.
5. Sharing
We do not sell your data. We share it only with processors that help operate the Service: our database and hosting providers, Paddle for billing, and the AI/source providers named above. Each is bound by processor obligations where required by law.
6. International transfers
Your graph data is stored in the European Union (database hosting in Frankfurt). Some processors, including AI providers, may transfer data outside the EEA under appropriate safeguards such as Standard Contractual Clauses.
7. Retention
We keep your data for as long as your account is active. You can delete your account at any time, which erases your account and associated graph, reviews, badges, leaderboard profile, and credit ledger. We may retain limited data where required by law or to prevent abuse.
8. Your rights
Depending on where you live, you may have the right to:
- access the personal data we hold about you;
- receive a portable copy of your data (downloadable from account settings);
- rectify inaccurate data;
- erase your account and associated data;
- object to or restrict certain processing;
- withdraw consent for optional features at any time.
To exercise these rights, use the in-app controls (download your data, delete your account) or contact [privacy contact email]. We respond within the timeframes required by law.
9. Security
We use secure, signed session cookies, same-origin protections, rate limiting, and validated configuration that fails closed in production. No method is fully secure, but we work to protect your data and to respond promptly to issues.
10. Children
Aristotree is not intended for children under 16. We do not knowingly collect their data.
11. Changes
We may update this policy and will note the new “Last updated” date. Material changes take effect after reasonable notice.
12. Contact
Questions or requests? Contact [privacy contact email]. The data controller is [Operator Legal Name], [address / jurisdiction].