Privacy Policy
Last updated: April 11, 2026
NeverCram ("we", "us", "our") is operated by Gigglestack Private Limited, a company registered in India. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and application at nevercram.app (the "Service").
By creating an account, you consent to the collection and use of information in accordance with this policy. For certain data processing activities, we will seek your explicit consent separately (e.g., via opt-in checkboxes).
Information We Collect
Information You Provide
- Account information — Name, email address, and password when you create an account
- Profile information — Profile picture, display name, and preferences you choose to provide
- Study content — Flashcards, decks, notes, and other learning materials you create
- Payment information — Billing details processed securely through our payment provider (we do not store your full card number)
- Communications — Messages you send to us through support channels
Information Collected Automatically
- Usage data — Pages visited, features used, study session activity, and learning progress
- Device information — Browser type, operating system, device type, and screen resolution
- Log data — IP address, access times, and referring URLs
- Cookies — See our Cookie Policy for details
How We Use Your Information
We use the information we collect to:
- Provide the Service — Deliver spaced repetition scheduling, track your learning progress, and sync your study data across devices
- Personalize your experience — Adapt review intervals and study recommendations based on your performance
- Process payments — Handle subscription billing and invoicing
- Communicate with you — Send account notifications, study reminders, and respond to support requests
- Improve the Service — Analyze usage patterns to improve features and fix issues
- Ensure security — Detect and prevent fraud, abuse, and unauthorized access
How We Share Your Information
We do not sell your personal information. We may share information with:
- Service providers — Third-party companies that help us operate the Service (hosting, email, payment processing, analytics)
- Legal requirements — When required by law, legal process, or to protect our rights
- Business transfers — In connection with a merger, acquisition, or sale of assets
Third-Party Services We Use
| Service | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Database hosting | supabase.com/privacy |
| Resend | Transactional email | resend.com/legal/privacy-policy |
| Vercel | Application hosting | vercel.com/legal/privacy-policy |
| Polar | Payment processing | polar.sh/legal/privacy |
| OAuth authentication | policies.google.com/privacy | |
| Mixpanel | Product analytics | mixpanel.com/legal/privacy-policy |
Data Retention
- Account data — Retained while your account is active. You can request deletion at any time.
- Study data — Retained while your account is active to maintain your learning progress.
- Payment records — Retained for up to 8 years as required by the Indian Companies Act and applicable tax laws.
- Log data — Retained for up to 90 days for security and debugging purposes.
Your Rights
Depending on your location, you may have the right to:
-
Access your personal data
-
Correct inaccurate information
-
Delete your account and associated data
-
Export your data in a portable format
-
Object to certain processing activities
-
Withdraw consent where processing is based on consent
-
Lodge a complaint with your local data protection supervisory authority
To exercise any of these rights, contact us at support@nevercram.app.
For EU/EEA Users (GDPR)
Our legal basis for processing your data includes:
- Contract performance — To provide the Service you signed up for
- Legitimate interests — To improve the Service and ensure security
- Consent — For optional features like marketing emails
For California Users (CCPA)
You have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information. We do not sell personal information.
Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Encryption of data in transit (TLS) and at rest
- Secure authentication mechanisms
- Regular security assessments
- Access controls limiting employee access to personal data
Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users without undue delay and, where required by GDPR, within 72 hours of becoming aware of the breach. We will also notify the relevant supervisory authority as required by law.
Children's Privacy
NeverCram is intended for users aged 16 and older. We do not knowingly collect information from children under 16. If we learn we have collected such information, we will delete it promptly.
International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy, contact us at:
Gigglestack Private Limited Email: support@nevercram.app