Ripple Labs · Recall
Privacy Policy
This Policy is written to match how Recall actually works (including Google Play Data safety disclosures). It is not a substitute for independent legal advice. If anything here conflicts with a mandatory consumer protection law that applies to you, that law prevails.
1. Who we are
The controller of personal data for Recall is Ripple Labs, operating the product Recall (spaced-repetition study app for iOS and Android, and related websites).
- Product site: https://ripplelabs.in/recall
- Privacy contact: contact@ripplelabs.in
- Related documents: Terms of Service · Help
2. Scope
This Policy covers personal data processed when you:
- Create or use a Recall account in the mobile apps;
- Visit ripplelabs.in/recall and related Ripple Labs pages for Recall;
- Receive transactional emails from us (sign-in links, onboarding, support replies).
It does not control how Apple, Google, or other independent platforms process data under their own policies (for example App Store / Play billing identity), except where those platforms act as our processors.
3. Data we collect
We collect only what is needed to run Recall. Categories:
3.1 Account & identity
- Email address — when you sign in with magic link, Google, or Apple.
- User ID — a unique identifier created by our auth provider.
- Sign-in provider data — tokens/identifiers required to complete Google or Apple sign-in.
- Profile fields — timezone and locale (from your device, to schedule reviews and drops correctly); optional display name if set.
3.2 Study content (user-generated)
- Buckets (subjects), nodes/cards (titles, notes, links, YouTube references, PDFs, images), tags, extracted text, and link-preview metadata.
- Reviews, stacks, scheduling state (for example stability, due times), quiz configs/attempts, and related learning metrics (for example streak, XP, adherence).
You decide what to put in cards. Do not upload content you are not allowed to store.
3.3 AI feature inputs & outputs
When you use Aura (AI) features, we process the content required for that feature — for example note text, chat questions, quiz material, and generated cards or answers — and may store interaction metadata (feature used, timing, success/failure). Full prompt/response capture for product improvement is off by default unless you have opted in where offered, or where temporary capture is required for security/abuse investigation.
3.4 Device, notifications & app activity
- Push token (for example FCM) and push preferences (opt-in, quiet hours, drop frequency) so we can send Recall Drops.
- App session records — platform, app version, session start/end (service operation and onboarding emails).
- Notification delivery events — sent / delivered / opened style events for Drop reliability.
3.5 Purchases
If you subscribe or buy AI credits, we receive subscription and entitlement events from Apple, Google Play, and our billing partner (RevenueCat). We do not receive or store your full payment card number.
3.6 Diagnostics
If diagnostics/analytics are enabled in Settings (default on), we may receive crash reports and related technical diagnostics via Sentry (device/app context, stack traces, breadcrumbs). You can turn this off in Settings; when off, we do not send those events.
3.7 Local / offline storage on your device
Recall caches study data and may queue reviews offline on your device. That cache is cleared when you delete your account from the app (after successful server deletion).
3.8 Website
Our marketing site may process waitlist emails you voluntarily submit and standard server/CDN technical logs. We do not run third-party advertising trackers on the Recall product experience.
| Category | Examples | Primary purpose |
|---|---|---|
| Account | Email, user ID, timezone | Sign-in & account |
| Study content | Cards, reviews, files | Core learning features |
| AI | Notes / questions you send | Aura features you request |
| Device / push | FCM token, Drop prefs | Reminders |
| Purchases | Entitlement events | Premium / credits |
| Diagnostics | Crash logs (if on) | Stability |
4. How we use data
We use personal data to:
- Provide, sync, and improve Recall (including offline sync and spaced-repetition scheduling);
- Send Recall Drops and other notifications you enable;
- Run Aura AI features you invoke;
- Process subscriptions and entitlements;
- Provide support when you contact us;
- Secure the service, prevent abuse, and comply with law;
- Send essential service emails (authentication, security, account).
We do not sell your personal data. We do not show third-party ads in Recall. We do not use your study content to train our own foundation models. Third-party AI providers process content as our processors to generate the feature output you requested, under their terms and our configuration.
5. Data sensitivity
- Your notes are under your control. They may include sensitive academic or personal information if you choose to store it. Treat Recall like any cloud notebook: do not store secrets you are prohibited from cloud-storing.
- AI processing. Content you send to Aura is transmitted to AI processors for that request. Avoid pasting passwords, government ID numbers, or others’ confidential data into AI prompts.
- Soft deletion. Some content may be soft-deleted (hidden) before permanent removal. Account deletion is designed to purge your account data from our primary systems as described in §9.
6. Legal bases (EEA / UK and similar)
Where GDPR / UK GDPR (or similar) applies, we rely on:
- Contract — to provide the account and core study features you request;
- Consent — for optional push notifications and optional diagnostics (and any other consent-gated features);
- Legitimate interests — security, fraud/abuse prevention, service reliability, and limited product analytics that are not overridden by your rights;
- Legal obligation — where we must retain or disclose data by law.
8. International transfers
We are based in India. Processors may store or process data in other countries (including the United States and the EEA). Where required, we use appropriate safeguards (for example contractual clauses offered by processors) for cross-border transfers.
9. Retention
- Account & study data — retained while your account is active.
- Exports — temporary download files are short-lived (on the order of hours) and then cleaned up.
- Account deletion — when you delete your account in Settings, we delete your auth user and associated primary data (including stored files), clear billing subscriber records where applicable, and instruct the app to clear local cache. Residual backups may persist for a limited period before rolling deletion.
- Legal holds — we may retain limited records if required for disputes, security, or law.
10. Your rights
Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing, and to withdraw consent.
- Export — use in-app data export where available.
- Delete — use in-app Delete account (permanent).
- Push — disable Recall Drops / revoke OS notification permission.
- Diagnostics — turn off analytics/diagnostics in Settings.
- Other requests — email contact@ripplelabs.in. We may need to verify your account before acting.
If you are in the EEA/UK, you may lodge a complaint with your local supervisory authority.
11. Children
Recall is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child under 13 has created an account, contact us and we will delete it. Where local law sets a higher digital consent age, that higher age applies.
12. Security
We use industry-standard measures appropriate to our size and risk profile, including encryption in transit (TLS), authenticated access, and database access controls (including row-level security patterns). No method of transmission or storage is 100% secure; please use a strong device lock and protect your email inbox (used for magic links).
13. App permissions (Android / iOS)
Depending on platform and OS version, Recall may request:
- Notifications — Recall Drops;
- Internet / network — sync and AI features;
- Photos / files — when you attach images or PDFs to cards, or save a share image to your gallery;
- Billing — Premium / credit purchases via the store;
- Vibration / haptics — optional feedback.
We do not request access to your contacts, precise location, SMS, or advertising ID for ads.
14. Changes
We may update this Policy. We will change the “Last updated” date above and, for material changes, provide additional notice where required (for example in-app or by email). Continued use after the effective date means you acknowledge the updated Policy, except where consent is required by law.
15. Contact
Questions about privacy, Data safety disclosures, or rights requests:
Also see our Terms of Service and Help Center.