Privacy Policy

Thank you for choosing SuperMemo. Welcome to our Privacy Policy. It regulates the issues
related to how we (hereinafter: SuperMemo, we, us) process the personal data of the Users of
the SuperMemo.com Service (hereinafter: Service). When processing the personal data of the
Users, we abide by the guidelines regulated in European Union law and legal acts of the Republic
of Poland.

1. The most important information on personal data

We process any personal data that are shared with us in order to provide services in our Service
and marketing tasks only to the extent and for the purpose to which the User has agreed. Without
the User’s consent to any specific activity, we will not be able to carry out those tasks. The User’s
personal data are processed as long as the User’s account in the Service is active.

2. Personal data administrator

The administrator of the personal data, or the party responsible for the security of the Users’
personal data, among others, is: SuperMemo World sp. z o.o., with the registered office in
Poznań, 60-598, Poland, ul. Wesoła 3, entered into the Register of Entrepreneurs kept by
the District Court of Poznań – Nowe Miasto i Wilda in Poznań, 8th Economic Department of the
National Court Register under the (KRS) no. 0000027598, VAT no (NIP): PL7822216681,
company ID (REGON): 634210318, initial capital: 70,000.00 PLN.

3. Protecting Users’ personal data

A Personal Data Security Policy is in effect at SuperMemo, which is adhered to by those duly
authorized by the Data Administrator. Only those who are duly authorized by the Data
Administrator have access to Users’ personal data. The Personal Data Security Policy details the
rules for the protection and supervision of personal data processing.
In order to protect our Users’ personal data we have implemented technical and organisational
measures which guarantee the protection of the processed data in accordance with the
requirements specified in European Union law and legal acts of the Republic of Poland.

4. The objective and scope of collecting personal data

In this Privacy Policy, the “personal data” term stands for the information or fragments of
information that can be used to identify a User. User’s personal data are necessary for us to
provide services in the Service, which includes creating a User account.In order to do that, we
obtain the following categories of personal data from the Users: email address or phone number,
first and last name, address, geolocation data, information about the devices and software used
to use the Service, data about the history and characteristics of the services of the Service used.
When registering in the Service, you will be required to provide us with your email address. It is
used to create a User account, log in, as well as to contact the User as part of the services
provided.
Alternatively, the User can register on the Website using a Facebook, Apple, or Google account.

5. Data automatically collected when accessing SuperMemo.com

The IT system used by the SuperMemo automatically collects log data associated with the device
the User uses to access the Service. These data are collected for the purpose of service
documentation and statistics, and include: the type of device, operating system, web browser
type, screen resolution, colour depth, IP address, Internet service provider, and the entry address
to SuperMemo.com. The data are used to optimise the Service and provide services.

a. Cookies

The Service uses the so-called cookies (hereinafter: Cookies). These are small text files placed
on Users’ devices (e.g. computers) via web browsers. These files allow to store certain
information on a User’s device, to be accessed later by the Service that created them. Cookies
usually contain the name of the Service they come from, as well as the time of their storage on
the end device, a unique number, as well as other information useful for the functioning of the
Service. Because of their features, two types of Cookies are distinguished: internal (used by the
Service) and external (used by other entities cooperating with SuperMemo). Some Cookies are
used while the User is using the connection to the Service (so-called session Cookies) and are
deleted after the browser session or end device session is ended. Some Cookies are so-called
permanent Cookies, and are stored on the device and remain there until deleted.


We can use Cookies to:
o Adjust the contents of the Service to User’s individual preferences, and optimise the Users’ use of
the websites (in particular, Cookies allow to recognize one’s device and display the Service
properly, so that it is best adjusted to User’s individual needs)
o Compile statistics (so that we can better understand how our Users use the Service)
o Provide our Users with ads relevant to their individual preferences.


In accordance with Google’s guidelines on improved remarketing lists, based on the Cookies files
used, the Service can display ads to Users who access the Service on one device, and then
search or browse websites on another device.


Web browsers usually allow to store Cookies on the end User’s device by default. However, the
Users can and are allowed to change their Cookies settings at any time. In order to change the
Cookies settings, the User should read the detailed information on what Cookies make possible
and how to manage Cookies that are available in their web browser’s settings.


If the User does not want Cookies to be installed on their device, they can block them by
changing the configuration of their web browser. The information on how to do it can be found in
the help section of the web browser. Blocking Cookies may cause some functionalities of the
Service to cease working properly

b. Other Technologies

The Service also uses Other Technologies that are functionally identical or similar to Cookies.
These are technologies used by SuperMemo and our cooperating entities, which can store
additional information and access the data stored in the end device of the User (e.g. files buffered
in a User’s end device, Local Storage, Session Storage etc.). The above-mentioned information
concerning Cookies applies to Other Technologies.

c. Geolocation

Data on the location of the device that is used to connect to the Service are used in order to
provide services of the Service properly, which includes adjusting the content and transaction
currency. The location is established on the basis of the IP address, the information provided by
the browser, and the User’s declaration.

6. Data collected when using the functionalities of the Service

Within the scope of the services provided, the Service may ask for access to device
functionalities such as e.g. the microphone or camera. The User may refuse to agree to that, thus
resigning from accessing the full functionality of the Service.

7. Sharing Users’ personal data

The personal data Administrator is entitled to process Users’ personal data, including sharing the
personal data with authorized entities based on the applicable law.

If the Service is used as a result of the User’s cooperation with intermediary entities that organize
or provide access to the services of the Service for those Users, delegate them to training
courses carried out through the Service, provide services or sell their own products that use the
Service (e.g. schools, companies, institutions), the personal data of those Users can be shared
with those intermediary entities, in particular as feedback on the process of learning, progress
and results of those Users, among others in the form of breakdowns and reports.

Users’ personal data that are necessary to complete or verify a payment can be shared with
entities that handle payments for the Service. The personal data of Users who use the Service
following a purchase of the services of the Service from intermediary entities can be shared with
those intermediary entities in order to verify the purchase.

AI Assistant and MemoChat Dialogue Services offered on the Website use external technologies that may utilize the content entered into them for training language models, with no guarantee of full data protection. When using the dialogue services, the User agrees not to provide sensitive data and accepts that the entered content may be processed, stored, and transmitted to servers of other entities for service fulfillment.

Users’ personal data may be processed in an automated way, also in the form of profiling. By
having Users’ personal data processed in this way, it is possible to analyse the effects of the
Users’ work in the Service, create anonymous breakdowns and statistics in order to adjust the
offer in the Service to the needs of the Users.

In connection with the processing of data for the purposes indicated in point number 4, Users’
personal data may also be made available to other recipients or categories of recipients of
personal data, but only to entities authorized to receive Users’ data, in legally justified cases and
on the basis of relevant legal provisions or concluded contracts for the provision of services for
Users, business contacts, marketing activities and servicing the activities of the Personal Data
Administrator, that is:

a) service providers who perform services on behalf of and for the Administrator of personal data,
for example: services related to the operation of IT systems, hosting services, data storage
services, telecommunications services, e-mail services, accounting services, consulting,
marketing, mailing and promotional services, transport and courier services, survey research
services,
b) persons practicing regulated professions, such as, for example: legal advisor, attorney-at-law,
notary public,
c) financial or judicial authorities, state agencies or public agencies and other entities authorized
to do so, upon request and to the extent permitted by law,
d) To companies providing automated services to the Website for: payment processing: Przelewy24, PayPal, Worldline Financial Services (Europe) S.A. payment processing and OAuth authentication: Google, Apple, OAuth authentication and analytics: Facebook, AI Assistant and MemoChat dialogue service implementation: OpenAI, geolocation: MaxMind, mailing services: SalesManago, statistical analysis: Google Analytics, improving application stability and performance: Firebase.

8. Right to update and delete personal data

Each User has the right to access their personal data that are processed, in particular the right to
demand that the personal data be edited and updated if they are incomplete, invalid or false, or
the right to delete them (the right to be forgotten). For any of the above, the User has to send an
email message to support@supermemo.com.
Once a User submits a request to have their personal data deleted by SuperMemo, it will render
providing further services in the Service for that User impossible and make it necessary to
permanently delete that User’s account as stipulated in § 6 point 4 of the Terms of Use.

9. Changes to the Privacy Policy

We reserve the right to change the Privacy Policy. When making changes to the Privacy Policy,
we will notify the User about it clearly and as appropriate under the circumstances, e.g. by
displaying a prominent notice within the Service or by sending the User an email. Changes come
into effect as of their entry into force.

10. Contact

If there are any questions or doubts concerning the Privacy Policy and Users’ personal data
security, as well as if the User wishes to update or delete their personal data, please contact us
via the contact form www.supermemo.com/contact or by email at support@supermemo.com. In
the above cases you may also contact us using the address below:

SuperMemo World sp. z o.o.
ul. Wesoła 3
60-598 Poznań

11. Right to file a complaint to the authorities

Due to the processing of Users’ personal data by the Administrator, each User has the right to file
a complaint to the data protection supervisory authorities, i.e. the President of the Personal Data
Protection Office.


Effective date: July 20, 2023.