TROZUN

Privacy Policy

Last updated: May 1, 2026

Short version: your stuff is yours. We don't sell it. We don't train AI models on it. We encrypt it. You can leave with a copy of everything, or delete it permanently.

Long version below, organized by what most students want to know first.

What we store about you

  • Account basics:your email and the OAuth profile (name + avatar) from Google or Microsoft when you sign in. If you sign in with the magic-link email option, we'll only have your email.
  • Study material: lectures, syllabi, notes, and any PDFs you upload. Extracted text, generated flashcards, and AI-built summaries derived from those uploads.
  • Activity: which features you used, when, what you got right or wrong on practice problems, your study streak, and the answers you typed in chat surfaces.
  • Preferences: the answers you gave during onboarding (school, subjects, goals, AI mode).
  • Billing (paid tiers only): Stripe customer ID + subscription status. We never see your card number — that stays inside Stripe.

What we do with it

  • Run the features you asked for. To build flashcards from your lecture, we send the lecture text to Anthropic's Claude API. To grade a practice answer, same thing. The AI call's the only way the feature works.
  • Personalize your experience across surfaces. Mistakes you made yesterday show up in tomorrow's coach session; that's by design.
  • Track aggregate product usage (e.g. “X% of users finish onboarding”) so we know what's working. These aggregates don't identify you.
  • Send you transactional email (magic-link sign-in, billing receipts, account-deletion confirmations). No marketing email by default.

Things we don't do

  • We don't sell your data. Not to ad networks, not to data brokers, not to AI training companies.
  • We don't train AI models on your content. Anthropic's API terms (which we're bound by) commit the same — your prompts and responses don't enter their training pipeline.
  • We don't share your study material with other students.Each user's lectures, notes, and chats are scoped to their account.
  • We don't profile or behavior-target you. Personalization is for your study, not for ads.

Subprocessors

These are the third-party services your data passes through. Each is listed with what they see:

  • Anthropic — receives the lecture / chat / quiz text we send for AI processing. Their API terms forbid training on it.
  • Vercel — hosts the app servers. Sees request metadata (URLs, IP, headers).
  • Turso— runs the database. Stores everything listed under “What we store.” Encrypted at rest.
  • Stripe— handles payments. Sees your card, billing address, and email if you upgrade. We don't see your card.
  • Resend — sends transactional email (magic links, receipts). Sees your email address.
  • PostHog — product analytics. Sees pseudonymous user ID and which features you used (no answer content, no uploaded text).
  • Google / Microsoft— when you sign in via their OAuth, they see that you're using Trozun.

Encryption

Data in transit is TLS 1.2+ everywhere. Data at rest is encrypted by Turso (database) and Vercel (file/blob storage).

Your data, your call

  • Export.Settings → Data → “Export all data” downloads everything we have for you as a JSON file. Anytime.
  • Delete.Settings → Account → “Delete my account.” 7-day grace period (so you can change your mind). After 7 days, every record we have for you is removed except anonymized aggregate metrics that don't identify you.
  • Correction. Edit your name, school, and other profile fields directly in Settings. For anything else, email us.

Retention

Active accounts: we keep your data as long as your account exists. Closed accounts: 7-day grace, then permanent deletion. Stripe billing records are kept 7 years for tax purposes.

Children

Trozun is for students 13 and older. If you're under 13, don't sign up — and if you signed up by mistake, email us and we'll close the account.

Where data lives

US-based servers (Vercel + Turso). If you're signing up from outside the US, your data crosses borders to reach our servers — same as for most American SaaS products.

Changes

If we change this policy in a way that meaningfully reduces your protections, we'll email you 30 days before it takes effect. The latest version always lives at this URL, dated.

Contact

Privacy questions, data requests, or anything that smells off: support@trozun.xyz.