Pilot Recall

Privacy Policy

Last updated: 30 March 2026

1. Who we are

Pilot Recall is operated by Pilot Recall ABN [your ABN], based in Australia. When we say "we", "us", or "our", we mean Pilot Recall. When we say "you", we mean you as a user of our Service.

2. What we collect

We collect the following information:

  • Account information: Your name and email address when you sign up.
  • Study data: Flashcard review history, quiz scores, streak data, and progress metrics. This data powers your dashboard, recommendations, and the spaced repetition algorithm.
  • Preferences: Your selected licence, daily card goal, study reminder settings, and theme preference.
  • Payment information: Payment is processed by Stripe. We do not store your card number, CVV, or full card details. Stripe provides us with a payment confirmation, your billing email, and subscription status.
  • Push notification tokens: If you enable push notifications, we collect a device token to deliver notifications to your device. This token does not identify you personally and is deleted if you disable notifications.
  • Technical data: Basic server logs including IP address, browser type, and request timestamps. We use this for security and to diagnose errors.

3. How we use your data

  • To provide and personalise the Service (flashcards, quizzes, progress tracking, recommendations).
  • To send you account-related emails (welcome, study reminders, streak notifications, weekly digests). You can unsubscribe from non-essential emails at any time via the link in any email.
  • To process payments and manage your subscription.
  • To improve the Service based on aggregate, anonymised usage patterns.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

4. Third-party services

We use the following third-party services to operate Pilot Recall:

  • Supabase (database and authentication). Stores your account and study data. Hosted in Australia/US regions.
  • Stripe (payment processing). Processes payments securely. See Stripe's Privacy Policy.
  • Resend (email delivery). Sends transactional and notification emails on our behalf.
  • Vercel (hosting). Hosts and serves the application.
  • HubSpot (customer relationship management). Stores your name, email, and subscription status to help us manage communications. See HubSpot's Privacy Policy.

Each provider has access only to the data necessary to perform their function and is bound by their own privacy policies.

5. Cookies and local storage

We use essential cookies for authentication (managed by Supabase). We use browser local storage to persist your theme preference (light/dark mode). We do not use advertising or third-party tracking cookies.

6. Data retention

We retain your account and study data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days. Anonymised, aggregate data (e.g. total quiz count across all users) may be retained indefinitely.

7. Your rights

Under Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your account and associated data.
  • Unsubscribe from non-essential emails at any time.

To exercise any of these rights, contact us at support@pilotrecall.com.

8. Security

We take reasonable steps to protect your data, including encryption in transit (HTTPS), secure authentication via Supabase, and restricted database access. No system is 100% secure, and we cannot guarantee absolute security.

9. Cross-border data transfers

Your data may be stored and processed in the United States through our third-party service providers (including Supabase and HubSpot). By using the Service, you consent to the transfer of your data to these jurisdictions. We take reasonable steps to ensure our providers maintain appropriate data protection standards.

10. Data breach notification

In the event of a data breach that is likely to result in serious harm to you, we will notify affected users and the Office of the Australian Information Commissioner (OAIC) as soon as practicable. Notification will include the nature of the breach, the type of information involved, and recommended steps you can take in response.

11. International users

If you are located in the European Economic Area (EEA), you may have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing of, and port your personal data, as well as the right to lodge a complaint with a supervisory authority. Contact us at support@pilotrecall.com to exercise these rights.

12. Children

The Service is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or via a notice within the Service. The "Last updated" date at the top of this page will reflect the most recent revision.

14. Contact

If you have questions or concerns about this policy or your data, contact us at support@pilotrecall.com.