Privacy Policy

Last Updated: March 20, 2026

1. Data Collection & "Local-First" Architecture

Study Tracker is built on a Privacy by Design, "local-first" architecture to ensure maximum user privacy. Even offline, your study hours, goals, notes (Engrams), and calendar events are stored entirely within your own device's browser memory (Local Storage). We do not own or operate any central databases or servers to horde your data.

2. Cross-Device Synchronization (Google Drive Integration)

To view your PC sessions on your phone seamlessly, we offer a "Cross-Device Sync" feature. This does not pass through our cloud servers; instead, it relies entirely on your personal, secure Google Drive using the BYOC (Bring Your Own Cloud) model:

• When logging in via Google (OAuth 2.0), your device data is continuously encrypted and pushed into a hidden folder (Google Drive AppData) existing solely within your account, syncing instantly across devices.
• Your data is hosted by you, securely on Google’s infrastructure. Neither we nor any third parties can access these backups.
• The app only requests read access to your basic profile (name, email, avatar) for explicit authentication purposes.

3. Cookies and Local Tracking

We utilize strictly functional Cookies and Local Storage to preserve app operability (e.g., keeping your session active, retaining theme preferences, UI colors, and Cookie consent). We absolutely do not use targeted ad-networks or invasive third-party tracking scripts.

4. Friend System and Firebase Usage

If you optionally create an account to connect with friends, only the exceptionally limited data you explicitly allow via "Visibility" settings (e.g., your chosen nickname, online pulse, or generic stat badges) is temporarily processed via a secured Firebase layer, strictly restricted for peer-to-peer communication. Undesired data is never broadcast.

5. Data Deletion & Right to be Forgotten (GDPR & KVKK)

Under the provisions of the EU General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK), the "Right to be Forgotten" is hardcoded into our architecture. You can instantly execute a point-of-no-return data purge via the "Delete Account & All Data" button in Settings. This action wipes local traces, terminates session tokens, and irrevocably dissolves your backup structure.

6. Transparency & Contact

This policy was written in good faith to clarify complex engineering matters. If you harbor any doubts or have inquiries concerning your data management, we encourage you to directly reach out to our open-source community managers or developer team.

7. Data Controller Contact

To exercise your rights under GDPR and KVKK, request information, or file a complaint regarding the processing of your personal data, you may contact the Data Controller directly at [email protected].