Recall
Privacy Terms Help

Contents

  1. Who we are
  2. Scope
  3. Data we collect
  4. How we use data
  5. Data sensitivity
  6. Legal bases
  7. Sharing & processors
  8. International transfers
  9. Retention
  10. Your rights
  11. Children
  12. Security
  13. App permissions
  14. Changes
  15. Contact

Ripple Labs · Recall

Privacy Policy

Effective: 19 July 2026 · Last updated: 19 July 2026
This Policy explains how Ripple Labs (“we”, “us”) handles personal data when you use Recall.

This Policy is written to match how Recall actually works (including Google Play Data safety disclosures). It is not a substitute for independent legal advice. If anything here conflicts with a mandatory consumer protection law that applies to you, that law prevails.

1. Who we are

The controller of personal data for Recall is Ripple Labs, operating the product Recall (spaced-repetition study app for iOS and Android, and related websites).

  • Product site: https://ripplelabs.in/recall
  • Privacy contact: contact@ripplelabs.in
  • Related documents: Terms of Service · Help

2. Scope

This Policy covers personal data processed when you:

  • Create or use a Recall account in the mobile apps;
  • Visit ripplelabs.in/recall and related Ripple Labs pages for Recall;
  • Receive transactional emails from us (sign-in links, onboarding, support replies).

It does not control how Apple, Google, or other independent platforms process data under their own policies (for example App Store / Play billing identity), except where those platforms act as our processors.

3. Data we collect

We collect only what is needed to run Recall. Categories:

3.1 Account & identity

  • Email address — when you sign in with magic link, Google, or Apple.
  • User ID — a unique identifier created by our auth provider.
  • Sign-in provider data — tokens/identifiers required to complete Google or Apple sign-in.
  • Profile fields — timezone and locale (from your device, to schedule reviews and drops correctly); optional display name if set.

3.2 Study content (user-generated)

  • Buckets (subjects), nodes/cards (titles, notes, links, YouTube references, PDFs, images), tags, extracted text, and link-preview metadata.
  • Reviews, stacks, scheduling state (for example stability, due times), quiz configs/attempts, and related learning metrics (for example streak, XP, adherence).

You decide what to put in cards. Do not upload content you are not allowed to store.

3.3 AI feature inputs & outputs

When you use Aura (AI) features, we process the content required for that feature — for example note text, chat questions, quiz material, and generated cards or answers — and may store interaction metadata (feature used, timing, success/failure). Full prompt/response capture for product improvement is off by default unless you have opted in where offered, or where temporary capture is required for security/abuse investigation.

3.4 Device, notifications & app activity

  • Push token (for example FCM) and push preferences (opt-in, quiet hours, drop frequency) so we can send Recall Drops.
  • App session records — platform, app version, session start/end (service operation and onboarding emails).
  • Notification delivery events — sent / delivered / opened style events for Drop reliability.

3.5 Purchases

If you subscribe or buy AI credits, we receive subscription and entitlement events from Apple, Google Play, and our billing partner (RevenueCat). We do not receive or store your full payment card number.

3.6 Diagnostics

If diagnostics/analytics are enabled in Settings (default on), we may receive crash reports and related technical diagnostics via Sentry (device/app context, stack traces, breadcrumbs). You can turn this off in Settings; when off, we do not send those events.

3.7 Local / offline storage on your device

Recall caches study data and may queue reviews offline on your device. That cache is cleared when you delete your account from the app (after successful server deletion).

3.8 Website

Our marketing site may process waitlist emails you voluntarily submit and standard server/CDN technical logs. We do not run third-party advertising trackers on the Recall product experience.

CategoryExamplesPrimary purpose
AccountEmail, user ID, timezoneSign-in & account
Study contentCards, reviews, filesCore learning features
AINotes / questions you sendAura features you request
Device / pushFCM token, Drop prefsReminders
PurchasesEntitlement eventsPremium / credits
DiagnosticsCrash logs (if on)Stability

4. How we use data

We use personal data to:

  • Provide, sync, and improve Recall (including offline sync and spaced-repetition scheduling);
  • Send Recall Drops and other notifications you enable;
  • Run Aura AI features you invoke;
  • Process subscriptions and entitlements;
  • Provide support when you contact us;
  • Secure the service, prevent abuse, and comply with law;
  • Send essential service emails (authentication, security, account).

We do not sell your personal data. We do not show third-party ads in Recall. We do not use your study content to train our own foundation models. Third-party AI providers process content as our processors to generate the feature output you requested, under their terms and our configuration.

5. Data sensitivity

  • Your notes are under your control. They may include sensitive academic or personal information if you choose to store it. Treat Recall like any cloud notebook: do not store secrets you are prohibited from cloud-storing.
  • AI processing. Content you send to Aura is transmitted to AI processors for that request. Avoid pasting passwords, government ID numbers, or others’ confidential data into AI prompts.
  • Soft deletion. Some content may be soft-deleted (hidden) before permanent removal. Account deletion is designed to purge your account data from our primary systems as described in §9.

6. Legal bases (EEA / UK and similar)

Where GDPR / UK GDPR (or similar) applies, we rely on:

  • Contract — to provide the account and core study features you request;
  • Consent — for optional push notifications and optional diagnostics (and any other consent-gated features);
  • Legitimate interests — security, fraud/abuse prevention, service reliability, and limited product analytics that are not overridden by your rights;
  • Legal obligation — where we must retain or disclose data by law.

7. Sharing & processors

We share personal data with service providers who process it on our instructions, and when required by law or to protect rights. Key processors / platforms:

PartyRole
SupabaseAuthentication, database, file storage, edge functions
GoogleSign-In (if used), Firebase Cloud Messaging, Play Billing
AppleSign-In (if used), App Store billing
RevenueCatSubscription / entitlement management
Email providers (e.g. SMTP2GO, Zoho)Auth and transactional email delivery
SentryCrash diagnostics when enabled
Google Gemini, Anthropic, OpenAIAI generation / embeddings for Aura features

If you add a URL for link preview, our servers may fetch that URL to generate a preview. We may disclose data if required by valid legal process, or in a merger/acquisition under continued confidentiality commitments.

8. International transfers

We are based in India. Processors may store or process data in other countries (including the United States and the EEA). Where required, we use appropriate safeguards (for example contractual clauses offered by processors) for cross-border transfers.

9. Retention

  • Account & study data — retained while your account is active.
  • Exports — temporary download files are short-lived (on the order of hours) and then cleaned up.
  • Account deletion — when you delete your account in Settings, we delete your auth user and associated primary data (including stored files), clear billing subscriber records where applicable, and instruct the app to clear local cache. Residual backups may persist for a limited period before rolling deletion.
  • Legal holds — we may retain limited records if required for disputes, security, or law.

10. Your rights

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing, and to withdraw consent.

  • Export — use in-app data export where available.
  • Delete — use in-app Delete account (permanent).
  • Push — disable Recall Drops / revoke OS notification permission.
  • Diagnostics — turn off analytics/diagnostics in Settings.
  • Other requests — email contact@ripplelabs.in. We may need to verify your account before acting.

If you are in the EEA/UK, you may lodge a complaint with your local supervisory authority.

11. Children

Recall is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, contact us and we will delete it. Where local law sets a higher digital consent age, that higher age applies.

12. Security

We use industry-standard measures appropriate to our size and risk profile, including encryption in transit (TLS), authenticated access, and database access controls (including row-level security patterns). No method of transmission or storage is 100% secure; please use a strong device lock and protect your email inbox (used for magic links).

13. App permissions (Android / iOS)

Depending on platform and OS version, Recall may request:

  • Notifications — Recall Drops;
  • Internet / network — sync and AI features;
  • Photos / files — when you attach images or PDFs to cards, or save a share image to your gallery;
  • Billing — Premium / credit purchases via the store;
  • Vibration / haptics — optional feedback.

We do not request access to your contacts, precise location, SMS, or advertising ID for ads.

14. Changes

We may update this Policy. We will change the “Last updated” date above and, for material changes, provide additional notice where required (for example in-app or by email). Continued use after the effective date means you acknowledge the updated Policy, except where consent is required by law.

15. Contact

Questions about privacy, Data safety disclosures, or rights requests:

contact@ripplelabs.in

Also see our Terms of Service and Help Center.

© 2026 Ripple Labs · Recall Home Privacy Terms Help