Privacy Policy

Data protection declaration

We are pleased that you have visited our website studyflash.ai and that you are interested in our company.

The protection of your personal data, such as your date of birth, name, telephone number, address, etc., is important to us.

The purpose of this data protection declaration is to inform you about the processing of your personal data that we collect from you when you visit our website. Our data protection practice is in line with the legal provisions of the Swiss Federal Data Protection Act (DSG) and the EU General Data Protection Regulation (GDPR). The following data protection declaration serves to fulfill the information obligations under the DSG and the GDPR. These can be found, for example, in Art. 19 ff. DSG and Art. 13 ff. of the GDPR.

Owner or responsible person

The owner or responsible person within the meaning of Art. 5(j) DSG or Art. 4 No. 7 GDPR is the person who alone or jointly with others decides on the purposes and means of processing personal data. The person responsible according to Art. 4 No. 7 GDPR is also the recipient of the personal data within the meaning of Art. 4 No. 9 GDPR. Any third-party recipient is shown separately.

With regard to our website, the owner or person responsible is:

Studyflash GmbH

Kräyigenweg 89

3074 Muri near Bern Switzerland

Email:  info.studyflash@gmail.com

Tel.: +41787291022

Provision of the website and creation of log files

Every time our website is accessed, our system automatically records data and information from the device being accessed (e.g. computer, mobile phone, tablet, etc.).

What personal data is collected and to what extent is it processed?

(1) User's email (if logged in);

(2) Date and time of access;

(3) Websites and resources (images, files, other page content) accessed on our website;

(4) Websites from which the user's system accessed our website (referrer tracking);

(5) Notification as to whether the retrieval was successful;

(6) Amount of data transferred

This data is stored in the log files of our system. A link between this data and the personal data of a specific user only occurs if the user is logged in.

Legal basis for the processing of personal data

Personal data is processed in accordance with the principle of legality (Art. 6 Para. 1 DSG) and the principle of good faith (Art. 6 Para. 2 DSG or Art. 2 ZGB) as well as Art. 6 Para. 1 lit. f GDPR (legitimate interest).

Purpose of data processing

The temporary (automated) storage of data is necessary for the course of a website visit in order to enable the website to be delivered. The storage and processing of personal data is also carried out to maintain the compatibility of our website for as many visitors as possible and to combat misuse and troubleshooting. For this purpose, it is necessary to log the technical data of the retrieving computer in order to be able to react as soon as possible to display errors, attacks on our IT systems and/or errors in the functionality of our website. We also use the data to optimize the website and to generally ensure the security of our information technology systems.

Duration of storage

The aforementioned technical data is deleted as soon as it is no longer required to ensure the compatibility of the website for all visitors, but no later than 20 days after our website is accessed.

Possibility of objection and deletion

You can request the restriction of processing in accordance with Art. 18 GDPR at any time or object to processing in accordance with Art. 21 GDPR and request deletion of the data in accordance with Art. 16 or 17 GDPR. You can find out what rights you are entitled to and how you can assert them at the bottom of this privacy policy.

Special functions of the website

Our website offers you various functions, when using which we collect, process and store personal data. Below we explain what happens to this data:

Login area / registration
  • Scope of processing of personal data and personal data collected

The registration and login data you have entered with us or that we have provided to you.

  • Legal basis for the processing of personal data

The processing of personal data is carried out in accordance with the principle of legality (Art. 6 para. DSG) and the principle of good faith (Art. 2 ZGB) as well as Art. 6 para. 1 lit. b GDPR (implementation of (pre)contractual measures).

  • Purpose of data processing

You have the option of using a separate login area on our website. So that we can check your authorization to use the protected area or the protected documents, you must enter your login details (email or user name and password) in the corresponding form. If required, we can send you your login details or the option to reset your password by email upon request.

  • Duration of storage

The data collected will be stored as long as you maintain a user account with us.

  • Possibility of objection and deletion

You can request the restriction of processing in accordance with Art. 18 GDPR at any time or object to processing in accordance with Art. 21 GDPR and request deletion of data in accordance with Art. 16 or 17 GDPR. You can find out what rights you are entitled to and how you can assert them at the bottom of this data protection declaration.

  • Necessity of providing personal data

Certain pages and their content are not publicly accessible. Certain users can gain access to the protected area via the login area on our site. Using the content protected by the login area is not possible without entering personal data. If you want to use our login area, you must fill in the fields marked as mandatory (user name and password). Entering the data requires that you have a user account. You cannot log in if the data you have entered is incorrect. If you enter the data incorrectly or do not enter it at all, the protected area cannot be used. The rest of the site can still be used without logging in.

Newsletter Registration Form
  • Which personal data is collected and to what extent is it processed?

By registering for the newsletter on our website, we receive the email address you entered in the registration field and, if applicable, other contact details, provided you provide them to us via the newsletter registration form.


  • Legal basis for the processing of personal data

The processing of personal data is carried out in accordance with the principle of legality (Art. 6 para. 2 DSG) and the principle of good faith (Art. 2 ZGB) as well as Art. 6 para. 1 lit. a GDPR (consent through clear confirmatory action or behavior).


  • purpose of data processing

The data entered in the registration form for our newsletter will be used exclusively to send our newsletter, in which we inform you about all our services and news. After registration, we will send you a confirmation email containing a link that you must click to complete the registration for our newsletter (double opt-in).


  • duration of storage

You can unsubscribe from our newsletter at any time by clicking on the unsubscribe link that is included in every newsletter. Your data will be deleted immediately after you unsubscribe, unless there are legal retention requirements. Likewise, your data will be deleted immediately if you have not completed your registration. We reserve the right to delete your data without giving reasons and without prior or subsequent information.


  • possibility of objection and deletion

You can request the restriction of processing in accordance with Art. 18 GDPR at any time or object to processing in accordance with Art. 21 GDPR and request deletion of data in accordance with Art. 16 or 17 GDPR. You can find out what rights you are entitled to and how you can assert them at the bottom of this data protection declaration.


  • necessity of providing personal data

If you would like to use our newsletter, you must fill in the fields marked as mandatory and confirm your email address by clicking on the double opt-in link. The details for newsletter registration are necessary in order to be able to use the newsletter offer. The information is used exclusively to send our newsletter. If you do not fill in the mandatory fields, we cannot provide you with our newsletter service.

Disclosure of information to third parties

Personal data is processed in accordance with the principle of legality (Art. 6 Para. 2 DSG) and in accordance with the principle of good faith (Art. 2 ZGB).

The disclosure of information to third parties depends on the scope of the activities or offers on our website or our business model described below.

In principle, we only keep your information for as long as necessary and treat it confidentially. Exceptions to this are the transfer of personal data to debt collection service providers, to public bodies and authorities, and to private individuals who are entitled to it due to legal provisions, court decisions or official orders, as well as the transfer to authorities for the purpose of initiating legal proceedings or for law enforcement purposes if our legally protected rights are attacked.


  • Stripe

On our website we use the Stripe service from Stripe Payments Europe Limited, The One Building, 1, Grand Canal Street Lower, D02 HD59 Dublin, Ireland, email: [privacy@stripe.com](mailto:privacy@stripe.com), website: https://stripe.com/. According to the assessment of the Swiss authorities, the processing takes place in safe third countries. The list of Swiss states and further information can be found under the following link:

https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html. From the EU's point of view, the data processing takes place in a third country for which there is no adequacy decision from the EU Commission. Therefore, the usual level of protection for the GDPR cannot be guaranteed during transmission, as it cannot be ruled out that authorities in the third country, for example, may access the data collected. Your data can only be transferred to these third countries if it is ensured that the personal data is adequately protected by the recipient. This can be done through the use of standard contractual clauses, in the case of data transfers within a group through so-called Binding Corporate Rules, through an obligation to comply with codes of conduct that have been declared generally valid by the Commission or through the certification of the processing operation.

The legal basis for the transmission of personal data is the contract already concluded or still to be concluded between you and us in accordance with Art. 31 Para. 2 Letter a DSG and Art. 6 Para. 1 Letter b GDPR.

The plugin allows us to implement the services of Stripe, an online payment service provider that enables companies and individuals to accept payments over the Internet, on our website. This simplifies and automates payment processes.

The parent company’s certification under the EU-US Data Privacy Framework can be found at https://www.dataprivacyframework.gov/list.

You will find out what rights you have with regard to processing at the end of this privacy policy.

Further information on the handling of the transferred data can be found in the provider's privacy policy at https://stripe.com/de/privacy.

Transfer of uploaded data to third parties

As part of our services, it may be necessary for us to pass on data provided by you to third parties in order to offer special functions. This includes in particular external service providers who support us in processing uploaded learning materials, such as providers of artificial intelligence (AI) used to automate the creation of learning materials.

These third-party providers are carefully selected and obliged to comply with high data protection and security standards. Your data is processed and forwarded for the purpose of providing and improving the services you have requested.

Statistical analysis of visits to this website - web tracker

When you access this website or individual files on the website, we collect, process and store the following data: user's email address (if logged in), website from which the file was accessed, name of the file, date and time of access, amount of data transferred and message about the success of the access (so-called web log). We use this access data exclusively in non-personalized form for the continuous improvement of our internet offering and for statistical purposes.

Any personal data will be processed in accordance with the principle of legality (Art. 4 DSG) and in accordance with the principle of good faith (Art. 2 ZGB). We also use the following web trackers to evaluate visits to this website:


  • Google

We use the Google service on our website from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, email: [support-deutschland@google.com](mailto:support-deutschland@google.com), website: http://www.google.com/. According to the assessment of the Swiss authorities, the processing takes place in safe third countries. The list of Swiss states can be found at the following link: https://www.edoeb.admin.ch/edoeb/de/home/datenschutz/handel-und-wirtschaft/uebermittlung-ins-ausland.html. From the EU's point of view, the data processing takes place in a third country for which there is no adequacy decision from the EU Commission. Therefore, the level of protection usual for the GDPR cannot be guaranteed during transmission, as it cannot be ruled out that authorities in the third country, for example, may access the data collected.

The legal basis for the transmission of personal data is your consent in accordance with Art. 4 Para. 5 DSG or Art. 13 Para. 2 DSG and in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR, which you have given on our website.

We use Google to load additional Google services onto the website. The service is used to provide additional Google services, such as the data processing required when providing streams and fonts and relevant Google search content. It is technically required in order to be able to exchange the information already available to Google about the site visitor between Google services and to be able to provide the site visitor with individual content tailored to their Google account.

For the processing itself, the service or we collect the following data: Background data stored in the Google user account or in other Google services about the site visitor, background data for the provision of Google services such as streaming data or advertising data, data about the site user's use of Google search, information on the device used, the user's IP address and browser and other data from Google services for the provision of Google services related to our website.

If the service is activated on our website, our website establishes a connection to the servers of the company Google Ireland Limited and transfers the required data. As part of the order processing, personal data may also be transferred to the servers of the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. The processing then also takes place in a third country for which there is no adequacy decision from the Commission. Therefore, the usual level of protection for the GDPR when transmitting the data cannot be guaranteed, as it cannot be ruled out that authorities in the third country, for example, may access the data collected. When using the Google service on our website, Google may transmit and process information from other Google services in order to provide background services for the display and data processing of the services provided by Google. For this purpose, data may also be transferred to the Google services Google Apis, Doubleclick, Google Cloud, and Google Ads and Google Fonts in accordance with the Google privacy policy.

You can revoke your consent at any time. Further information on revoking your consent can be found either in the consent itself or at the end of this privacy policy.

Further information on the handling of the transferred data can be found in the provider's privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

Integration of external web services and processing of data outside the EU

We use active content from external providers, so-called web services, on our website. When you access our website, these external providers may receive personal information about your visit to our website. In this case, data processing outside Switzerland and the EU may be possible. You can prevent this by installing an appropriate browser plug-in or deactivating the execution of scripts in your browser. This may lead to functional restrictions on the websites you visit.

Information on the use of cookies
Scope of processing of personal data

We integrate and use cookies on various pages to enable certain functions of our website and to integrate external web services. So-called "cookies" are small text files that your browser can save on your access device. These text files contain a characteristic string of characters that uniquely identifies the browser when you return to our website. The process of saving a cookie file is also known as "setting a cookie". Cookies can be set by the website itself as well as by external web services.

Legal basis for the processing of personal data

Relevant are Art. 4 ff. DSG (principles) and Art. 6 Para. 1 lit. f GDPR (legitimate interest) or Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR (consent).

Which legal basis is relevant can be seen from the cookie table listed later in this point.

In general, for cookies that are collected on the basis of a legitimate interest, our legitimate interest is to ensure the functionality of our website and the services integrated into it (technically necessary cookies). In addition, the cookies may increase its user-friendliness and enable a more personalized approach. Here we have weighed up your interests and our interests.

With the help of cookie technology, we can only identify, analyze and track individual website visitors if the website visitor has consented to the use of cookies in accordance with Art. 6. Para. 2 DSG or Art. 6 Para. 1 lit. a GDPR.

Purpose of data processing

The cookies are set by our website or the external web services to maintain the full functionality of our website, to improve user-friendliness or to pursue the purpose specified with your consent. Cookie technology also enables us to recognize individual visitors using pseudonyms, e.g. an individual or random ID, so that we can offer more personalized services. Details are listed in the table below.

Duration of storage

The cookies listed below are stored in your browser until they are deleted or, in the case of a session cookie, until the session has expired. Details are listed in the following list:

  • studyflash-ai_u1_testmain

    • Server: studyflash.ai

    • Provider: Website operator

    • Purpose: This is required to support logging in and out and storing data for the current user.

    • Legal basis: consent

    • Duration of storage: Session

    • Type: Configuration


  • studyflash-ai_test_u2main.sig

    • Server: studyflash.ai

    • Provider: Website operator

    • Purpose: This is required to support logging in and out and storing data for the current user.

    • Legal basis: consent

    • Duration of storage: approx. 24 hours

    • Type: Configuration


  • studyflash-ai_test_u2main

    • Server: studyflash.ai

    • Provider: Website operator

    • Purpose: This is required to support logging in and out and storing data for the current user.

    • Legal basis: consent

    • Duration of storage: approx. 24 hours

    • Type: Configuration


  • sb-access-token

    • Server: .api.studyflash.ai

    • Provider: Website operator

    • Purpose: This is required to support logging in and out and storing data for the current user.

    • Legal basis: consent

    • Duration of storage: 1 day

    • Type: Configuration


  • sb-refresh-token

    • Server: .api.studyflash.ai

    • Provider: Website operator

    • Purpose: This is required to support logging in and out and storing data for the current user.

    • Legal basis: consent

    • Duration of storage: 1 day

    • Type: Configuration


  • __stripe_mid

    • Server: .app.studyflash.ai

    • Provider: Stripe

    • Purpose: This cookie is necessary to carry out credit card transactions on the website via Stripe. The cookie can be used to avoid entering credit card details.

    • Legal basis: consent

    • Duration of storage: 1 year

    • Type: Configuration


  • __stripe_sid

    • Server: .app.studyflash.ai

    • Provider: Stripe

    • Purpose: This cookie is necessary to carry out credit card transactions on the website via Stripe. The cookie can be used to avoid entering credit card details.

    • Legal basis: consent

    • Duration of storage: 30 minutes

    • Type: Configuration


  • m

    • Server: m.stripe.com

    • Provider: Stripe

    • Purpose: Determines the device used to access the web page. This allows the web page to be formatted accordingly.

    • Legal basis: Technically necessary

    • Duration of storage: 2 years

    • Type: Comfort


Possibility of objection, revocation of consent and deletion

You can set your browser according to your wishes so that the setting of cookies is generally prevented. You can then decide on a case-by-case basis whether to accept cookies or accept cookies in principle. Cookies can be used for various purposes, e.g. to recognize that your access device is already connected to our website (permanent cookies) or to save recently viewed offers (session cookies). If you have given us express permission to process your personal data, you can revoke this consent at any time. Please note that the legality of the processing carried out on the basis of the consent until revocation is not affected by this.

Data security and data protection, communication by e-mail

Your personal data is protected by technical and organizational measures during collection, storage and processing so that it is not accessible to third parties. In the case of unencrypted communication by e-mail, we cannot guarantee complete data security during transmission to our IT systems, so we recommend encrypted communication or sending information with a high level of confidentiality.

Duration of data storage and rights of the data subject
Duration of storage

We only store personal data to the extent and for as long as this is necessary to fulfil the purposes for which the personal data was collected, we have a legitimate overriding interest in storing it or are legally obliged to do so.

Right to information

You have the right to request confirmation as to whether we process personal data about you. If this is the case, you have the right to information about the information specified in sections 8 ff. DSG or Art. 15 Para. 1 GDPR, provided that the information cannot be refused, restricted or postponed by the owner of the data collection (cf. Art. 9 f. DSG or Art. 15 Para. 4 GDPR). We would also be happy to provide you with a copy of the data.

Right to rectification

In accordance with Art. 5 Para. 2 DSG or Art. 16 GDPR, you have the right to have any personal data (such as address, name, etc.) that we have stored incorrectly corrected at any time. You can also request that the data we have stored be completed at any time. A corresponding adjustment will be made immediately.

Right to deletion

According to Art. 17 Paragraph 1 GDPR, you have the right to have us delete the personal data collected about you if

  • the data is either no longer needed;

  • due to the withdrawal of your consent, the legal basis for processing no longer applies;

  • there are no longer any legitimate reasons for processing;

  • your data is processed unlawfully;

  • a legal obligation requires it


According to Art. 17 para. 3 GDPR, this right does not exist if

  • the processing is necessary for the exercise of the right to freedom of expression and information;

  • your data has been collected based on a legal obligation;

  • the processing is necessary for reasons of public interest;

  • the data are necessary to assert, exercise or defend legal claims.


Right to restriction of processing

According to Art. 18 para. 1 GDPR, you have the right in individual cases to request the restriction of the processing of your personal data.

This is the case if

  • you contest the accuracy of the personal data;

  • the processing is unlawful and you do not consent to deletion;

  • the data are no longer required for the purpose of processing, but the data collected serve to assert, exercise or defend legal claims;

  • an objection to the processing has been lodged in accordance with Art. 21 Para. 1 GDPR and it is still unclear which interests prevail.

Right of revocation

If you have given us your express consent to process your personal data (Art. 4 Para. 5 DSG and Art. 13 Para. 2 Lt. a DSG; Art. 6 Para. 1 Lt. a GDPR or Art. 9 Para. 2 Lt. a GDPR), you can revoke this at any time. Please note that this does not affect the legality of the processing carried out on the basis of the consent until the revocation. Information that we are legally obliged to retain will be deleted after the deadline has expired.

Right to object

According to Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you that has been collected on the basis of Art. 6 Para. 1 Lt. f GDPR (within the scope of a legitimate interest). If you have given us your express consent to process your personal data (Art. 4 Para. 5 DSG and Art. 13 Para. 2 Lt. a DSG), you can revoke this at any time. Please note that the legality of the processing carried out on the basis of the consent until revocation is not affected by this. You are only entitled to this right if there are special circumstances that speak against the storage and processing. Information that we are legally obliged to store will be deleted after the deadline has expired.

How do you exercise your rights?

You can exercise your rights at any time by contacting the contact details below:

Studyflash GmbH Kräyigenweg 89

3074 Muri near Bern Switzerland

E-mail:  info.studyflash@gmail.com

Tel.: +41787291022

Right to data portability

According to Art. 20 GDPR, you have the right to have the personal data concerning you transmitted to us. We will make the data available in a structured, common and machine-readable format. The data can be sent either to you or to a person responsible named by you.

We will provide you with the following data on request:

  • Data collected on the basis of consent (Article 13 paragraph 1 DSG and Article 6 paragraph 1 letter a GDPR);

  • Data that we have received from you within the framework of existing contracts (Art. 13 para. 2 letter a DSG as well as Art. 6 para. 1 letter b GDPR and Art. 9 para. 2 letter a GDPR);

  • Data that has been processed as part of an automated procedure.


We will transfer the personal data directly to a responsible party of your choice, provided this is technically feasible. Please note that we are not permitted to transfer data that interferes with the overriding interests of third parties, or are only permitted to do so to a limited extent, in accordance with Art. 9 Para. 1 Letter b DSG and Art. 20 Para. 4 GDPR.

Notifications to the FDPIC and possibility of legal action

According to Art. 29 DSG, affected persons have the right to lodge a complaint with a competent supervisory authority for data protection. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

For further information, please use the FDPIC contact form: https://www.edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/kontaktformular.html

If you suspect that your data is being processed unlawfully on our website, you can bring about a judicial clarification of the issue in accordance with Art. 15 DSG. As a rule, a lawsuit should be filed in accordance with Art. 28 ff of the Swiss Civil Code. If you are affected by the processing of your data by federal bodies, the procedure is governed by Art. 25 of the Data Protection Act. In this case, too, you can contact the FDPIC (see reference to the contact form above).

Right to complain to the supervisory authority in accordance with Art. 77 Para. 1 GDPR

If you suspect that your data is being processed unlawfully on our website, you can of course seek judicial clarification of the issue at any time. In addition, any other legal option is open to you. Irrespective of this, you have the option of contacting a supervisory authority in accordance with Art. 77 Para. 1 GDPR. You have the right to complain in accordance with Art. 77 GDPR in the EU member state of your residence, your place of work and/or the place of the alleged violation, i.e. you can choose the supervisory authority you contact from those listed above. The supervisory authority to which the complaint was submitted will then inform you of the status and results of your submission, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.