Your data,
your call.

Study With Lily is built with a privacy-first approach. You can request access, correction, or deletion of your personal data by contacting us at privacy@studywithlily.com. In-app account deletion removes your profile, study sessions, and performance data. Some records (such as payment history and security logs) may be retained as required by law or for fraud prevention. To request complete deletion of all data including authentication records, contact the privacy address above. We will process complete deletion requests within 30 days.

We collect the following categories of information to operate Study With Lily and give you a personalized study experience:

• Account information: email address, phone number (if used for authentication), full name, and Google account email (if Google sign-in is used).
• Educational profile:nursing program type, semester, courses, clinical rotation, NCLEX® timing, study goals, self-reported strengths and weaknesses.
• Study activity: session history, question responses, performance scores, difficulty progression, streak data.
• Uploaded content: study materials you upload or import from Google Drive (file names, metadata, and text content).
• Payment information: subscription status, plan type, and transaction identifiers. Credit card details are handled directly by our payment processor and never stored by Study With Lily.
• Technical data: IP addresses, device information, browser type, security logs, rate-limit metadata.

We use your data to provide core functionality, personalize question difficulty, improve product quality, and protect the platform from abuse.

We do not sell personal data. We share data only with the following service providers, subject to contractual and security controls:

• Supabase: database hosting and user authentication (account data, study records).
• Anthropic (Claude): builds personalized practice questions from study material excerpts and educational profile context. We apply PII masking to remove emails, phone numbers, and sensitive identifiers before transmission.
• Voyage AI: semantic text embeddings (document text excerpts for search functionality).
• Vercel: hosting, analytics, and performance monitoring (page views, web vitals, server-side traces).
• LemonSqueezy: payment processing (subscription management, billing).
• Resend: email delivery (email address for transactional and optional marketing communications).
• Google: OAuth sign-in and Google Drive integration (with your explicit authorization; we request read-only Drive access and store encrypted OAuth tokens).

Each third-party provider listed above operates under a written contract that restricts how they may use, retain, and combine your data. Under the California Consumer Privacy Act (CCPA/CPRA), these providers qualify as service providers, meaning they process data only on our behalf and for the purposes described above.

Study materials you upload and educational profile information are processed by third-party processors to build personalized practice questions. We apply automated PII masking to strip emails, phone numbers, SSNs, and credit card numbers from your content before sending it to any processor.

Document text is also processed by Voyage AI to create semantic embeddings for content retrieval. Our processors handle data according to their respective privacy policies and do not use your data to train their models under our API agreements.

If you connect Google Drive, we request read-only access to browse and import study materials. We store encrypted OAuth tokens to maintain your connection. File metadata (name, type, modification date) and text content are stored for study material processing.

An automated sync checks for updates to your connected folders periodically. You can disconnect Google Drive at any time, which revokes our access.

Cookies we use:

• Authentication cookies: required for login sessions (Supabase auth).
• Preference cookies: email consent preference, beta access status.
• Referral cookies: track referral codes for our referral program.
• Analytics: Vercel Analytics collects anonymous page view and performance data; Vercel SpeedInsights measures web performance metrics. These are only loaded with your consent.

We do not use third-party advertising cookies. On your first visit, a cookie consent banner lets you choose which optional cookies to accept. You can change your preferences at any time from account settings.

Emails we send:

• Transactional emails: account confirmations, password resets, subscription changes (cannot be opted out).
• Weekly study digests: summary of your study progress (unsubscribe link in each email).
• Marketing emails: study tips and product updates (only sent with your explicit consent; opt out anytime).

Emails are delivered via Resend.

If you participate in our referral program, we track referral codes and conversion status. Affiliate program data may link external affiliate identifiers to Study With Lily accounts.

We retain personal data for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods:

• Study data: retained while your account is active and deleted upon account deletion.
• Audit logs: retained for 180 days, then automatically deleted.
• Security and rate-limit data: retained for 24 hours, then automatically cleaned up.
• Question build context logs: retained for 90 days, then automatically deleted.
• Email unsubscribe tokens: retained for 90 days after generation.
• Payment records:retained per LemonSqueezy's data retention policy as our payment processor.
• Analytics cookies: used under legitimate interest to improve your experience, managed by Vercel Analytics and PostHog. Always active.
• Advertising cookies: subject to your consent preferences, used to measure ad campaign performance.

You can export all your data or delete your account at any time from your account settings.

Depending on your location, you may have the following rights regarding your personal data:

• Right to access your personal data.
• Right to correct inaccurate data.
• Right to delete your account and data.
• Right to data portability.
• Right to opt out of marketing emails.

California residents: Under the CCPA/CPRA, you have additional rights including the right to know what personal information is collected and the right to opt out of the sale of personal information. We do not sell your personal information.

To exercise any right, email privacy@studywithlily.com.

Study With Lily uses transport encryption, authentication controls, rate limiting, and access policies to protect user data.

In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by applicable law.

Study With Lily is intended for users who are at least 18 years old and is not directed to children under 13.

Instructors can create a cohort on Study With Lily and share an invite code with their students. If you choose to redeem a cohort invite code, a small amount of information becomes visible to the instructor who owns that cohort. This section explains exactly what moves and what does not.

What we share with the cohort instructor:

• Roster information: your name, email address, and the date you joined the cohort.
• Cohort-wide aggregate statistics: counts and averages across the whole cohort, such as how many students have joined, how many are active this week, and the typical number of questions practiced per student. Aggregates are never tied to an identified student.

What we do not share with instructors (without a separate institutional agreement):

• Individual scores or accuracy tied to you by name.
• Your question-level activity or specific answer history.
• Time-on-task or session timing tied to an identified student.
• Content you upload to your personal account.

Your controls:

• Explicit consent at redemption: before we write your enrollment to a cohort, you see a summary of what the instructor will see and you must confirm enrollment. You can decline at that step and nothing is shared.
• Leave cohort anytime:you can leave a cohort from Settings at any time. After you leave, your name and email are removed from the instructor's roster, and you no longer count toward cohort aggregates going forward.
• Account deletion: our standard data-deletion flow applies. Deleting your account removes your roster entry from any cohort you joined. See the Retention section above.

Study With Lily is a consumer product that students use directly. Creating or joining a cohort on Study With Lily does not by itself make Study With Lily a school official or institutional service provider. See the Educational Records (FERPA) section below for more on that distinction, or read the instructor help article on cohort data.

Study With Lily is a direct-to-consumer study tool and does not operate as a school official or institutional service provider under the Family Educational Rights and Privacy Act (FERPA). We do not receive education records from schools or universities. If your institution directs you to use Study With Lily, please be aware that your usage data is governed by this Privacy Policy, not by FERPA.

We may update this policy from time to time. If we make material changes, we will update the "Last updated" date on this page.