Legal

Privacy Policy

Effective date: May 1, 2026

1. What RecallAI is

RecallAI is an AI-powered tool that processes academic question papers using Google Gemini AI. You supply your own Gemini API key; we extract, structure, and render the results back to you as a searchable Markdown document and a formatted PDF.

2. Information we collect

Account data (via OAuth)

When you sign in with Google or GitHub, we receive your name, email address, and profile picture from that provider. We store these to identify your account.

Uploaded files

PDFs you submit are stored on our servers during processing and for a reasonable period after, so you can retrieve results from your dashboard. We never use your uploaded content to train AI models.

Gemini API key (optional)

By default, your API key is sent per-request in a request header and is never written to disk or logged. If you choose to save your key on our servers via Settings, it is encrypted using HKDF key derivation and Fernet symmetric encryption before being stored. You can delete it at any time.

Job metadata

For each processing job we store: the Gemini model selected, page count, job status, timestamps, and the Markdown output we generate.

Analytics

We use self-hosted Umami analytics, which collects basic page-view and session data without cookies or cross-site tracking. No data is sent to third-party analytics services.

3. How we use it

  • To authenticate you and retrieve your account and job history.
  • To run the AI processing pipeline on your documents and store the results.
  • To enforce per-user rate limits and concurrency limits.
  • To understand aggregate usage patterns so we can improve the service.

4. What we share

Google Gemini API

The text and optional images extracted from your PDFs are sent to the Google Gemini API using your own API key. Google processes this data under its own terms. We do not send your documents to any other AI provider.

Google / GitHub OAuth

Authentication is handled by these providers. We receive only your name, email, and profile picture. We do not share your data back with them beyond the normal OAuth flow.

We do not sell your data. We do not share it with advertisers or data brokers. We will only disclose data if required to do so by law.

5. Data retention

Your account and job history are retained until you delete your account. Uploaded source PDFs may be deleted from our servers after processing completes. Generated PDFs and Markdown output are retained so you can retrieve them from your dashboard. To delete your account and all associated data, contact us at vynride@gmail.com.

6. Security

  • All traffic is served over HTTPS in production.
  • Authentication uses stateless JWTs signed with a secret shared only between our Next.js frontend and FastAPI backend.
  • If you save your Gemini API key, it is encrypted with a per-user derived key before being written to the database; the plaintext key is never stored.

7. Children

RecallAI is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us and we will delete the account.

8. Your rights

You can view and update your profile via your Google or GitHub account. You can delete your saved Gemini API key at any time in Settings. For account deletion or any data access request, email us at vynride@gmail.com.

9. Changes to this policy

We may update this policy from time to time. If we make material changes we will update the effective date at the top of this page.

10. Contact

Questions about this policy? vynride@gmail.com