Privacy Policy

Last updated: 13 June 2026 (consent-based analytics added)

Sokrat Study ("we", "us") is a free study platform available at www.sokratstudy.com, operated by Leon Kreso (Croatia). This policy explains what personal data we process, why, and what rights you have under the EU General Data Protection Regulation (GDPR).

1. Data we collect

• Without an account: we collect no personal data. Your study progress (flashcards learned, quiz scores, study statistics) is stored only in your browser's local storage, on your device. It never leaves your device.
• With an account (optional): if you create an account, we store your name (shown on your profile), your email address, your password (stored only as a secure cryptographic hash by our authentication provider — we never see or store the password itself) and your study progress (so it can sync across your devices). That's all — no payment data, no tracking profiles.

2. How we use your data

• To sign you in (email + password; we also send a one-time confirmation email when you register and password-reset emails when you request them).
• To back up and synchronise your study progress across devices.
• We do not sell or share your data with third parties for marketing.

3. Legal basis

Processing is based on the performance of a contract (providing the account and sync features you request, Art. 6(1)(b) GDPR). Creating an account is entirely optional — the platform is fully usable without one.

4. Where your data is stored

Account and progress data are stored with Supabase (our database and authentication provider) on servers in the European Union. Data in transit is encrypted (HTTPS), and database access is restricted so each user can only access their own records. The website is hosted on Vercel.

5. Cookies and analytics

Essential local storage (always on): we use your browser's local storage strictly for the platform to function — your study progress, interface preferences, and (if signed in) your session token. This stays on your device and requires no consent.

Analytics cookies (optional, consent-based): with your consent we use Google Analytics (GA4) to understand how visitors use the site (for example, which pages are viewed and roughly where visitors come from) so we can improve it. These cookies are loaded only after you click "Accept" in the cookie banner; if you click "Reject" (or do nothing), no analytics cookies are set. We use Google Consent Mode and IP-anonymisation, and we do not use this data to identify you personally. The legal basis is your consent (Art. 6(1)(a) GDPR).

You can change or withdraw your choice at any time via the "Cookie settings" link in the website footer. Analytics data is processed by Google; see Google's own privacy documentation for details. We use no advertising cookies; if that ever changes (e.g. if we show ads), we will update this policy and ask for your consent first.

6. Data retention

Your account data is kept for as long as your account exists. If you delete your cloud data or your account, the corresponding records are removed from our database.

7. Your rights

Under the GDPR you have the right to access, rectify, export, and erase your personal data, and to lodge a complaint with a supervisory authority (in Croatia: AZOP).

• Delete cloud data: available directly in the app under Profile → Privacy & data → Delete cloud data.
• Delete your entire account or exercise any other right: email us at leonkreso784@gmail.com — we respond within 30 days.

8. Children

The platform is intended for university students. We do not knowingly collect data from children under 16.

9. Changes to this policy

We may update this policy as the platform evolves. Material changes will be announced on the website. The date above always reflects the latest version.

10. Contact

Data controller: Leon Kreso · leonkreso784@gmail.com · Contact page