Privacy Policy

Moventa Services (owner: Mohamed Myassar) operates the website rethoria.com (the "Service").

This page informs you of our policies regarding the collection, use, and disclosure of personal information when you use our Service, as well as the choices available to you.

We do not sell personal data of our users. All information provided to us during the use of our Service is used solely to provide and improve the Service.

When you create an account, we store the data necessary to operate the Service: email address, a username you choose, a securely hashed password, uploaded documents, generated flashcards and quizzes, and your study progress. You may optionally upload a profile avatar.

When using our Services, we may additionally collect non-personal information such as your IP address, browser type and device information for analytical purposes. This information is not linked to identifiable individuals.

To prevent fraud and abuse, we check the email address you provide at registration against known disposable or temporary email providers (so-called temp-mail services). Registrations using such addresses may be refused, and affected accounts may be suspended or deleted. Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in protecting the Service against abuse.

When you make a purchase on our platform, your payment information is processed securely by our trusted payment provider Stripe. We do not store credit card data or payment details on our servers. Please refer to Stripe’s Privacy Policy for more information.

Our website may contain links to third-party websites or services. Please note that we are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party websites you visit.

We implement industry-standard security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. All data is encrypted in transit (TLS) and at rest on our EU-hosted Supabase infrastructure. Please note, however, that no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

We may collect and analyze data related to your use of our Services, including created flashcards and learning progress, for analytical purposes and to improve the functionality of our platform. This data may also be used to improve our AI models and algorithms. However, this analysis is carried out in aggregated and anonymized form to protect your privacy.

The data controller responsible for the processing of personal data on this Service is: Moventa Services, owner Mohamed Myassar (sole proprietorship), Akazienstr. 81, 41239 Mönchengladbach, Germany. Phone: +49 176 60853204. Email: support@rethoria.com.

We process your personal data on the following legal bases under the GDPR:

• Performance of a contract (Art. 6(1)(b) GDPR): for account management, providing the Service, processing payments, and customer support.
• Legal obligation (Art. 6(1)(c) GDPR): for retaining invoices and tax records pursuant to German tax and commercial law (e.g. § 147 AO, § 257 HGB).
• Legitimate interests (Art. 6(1)(f) GDPR): to ensure the security and stability of the Service, prevent abuse and fraud, and improve our platform through aggregated and anonymized analysis.
• Consent (Art. 6(1)(a) GDPR): where you have given specific consent (e.g. for optional features). You may withdraw your consent at any time with effect for the future.

We store your personal data only as long as necessary for the purposes described:

• Account data (email, username, password hash, profile): until you delete your account.
• Uploaded documents and study data (flashcards, quizzes, progress): until you delete them or your account.
• Server logs (e.g. IP address, user agent): up to 14 days for security purposes; longer in case of security incidents.
• Invoices and payment records: 10 years pursuant to § 147 AO and § 257 HGB.
• Backups: rolling, typically up to 30 days.

Under the GDPR you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) — you may request information about the personal data we process about you.
• Right to rectification (Art. 16 GDPR) — you may request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17 GDPR) — you may request deletion of your data, subject to statutory retention obligations.
• Right to restriction of processing (Art. 18 GDPR).
• Right to data portability (Art. 20 GDPR) — you may receive your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21 GDPR) — you may object to processing based on legitimate interests.
• Right to withdraw consent (Art. 7(3) GDPR) — without affecting the lawfulness of prior processing.

To exercise these rights, please contact us at support@rethoria.com. We will respond without undue delay and at the latest within one month.

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for our company is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestraße 2-4, 40213 Düsseldorf, Germany — https://www.ldi.nrw.de

Some of our service providers (e.g. Stripe Inc., USA) process data outside the European Economic Area. Such transfers are based on Standard Contractual Clauses approved by the European Commission (Art. 46(2)(c) GDPR) and additional safeguards required by law. By using our payment functions, you acknowledge that data necessary for payment processing is transferred to our payment provider.

We only use cookies and browser storage that are strictly necessary to provide the Service you have requested. We do not use cookies or storage for advertising, marketing, profiling, cross-site tracking, or third-party analytics. Pursuant to § 25(2) No. 2 TTDSG, no consent is required for the technically necessary storage listed below; you are informed about it through this Policy. Legal basis: Art. 6(1)(b) and (f) GDPR.

• Authentication (Supabase): session and refresh tokens are kept in your browser's local storage so you stay signed in. Without these the Service cannot function. Duration: until you sign out or the token expires.
• Application state: user preferences (e.g. language, theme, study progress, draft input) are kept in your browser's local storage so the Service remembers your settings between sessions. Duration: until you clear your browser storage.
• Security: where applicable, short-lived cookies are set to prevent CSRF and abuse. Duration: session.
• Payment processing: when you start a checkout, our payment provider (Stripe) may set its own cookies on its hosted checkout pages to process the payment you requested and to detect fraud. These cookies are set on Stripe's domain and are governed by Stripe's privacy policy.

You can delete cookies and local storage at any time via your browser settings. Doing so may sign you out and reset your preferences. Should we introduce optional cookies (e.g. analytics or marketing) in the future, we will obtain your prior consent through a separate consent banner before they are set.

To prevent the repeated claim of free quotas, trial benefits and one-off discounts by the same natural person operating several accounts, we run a heuristic check that estimates whether two or more accounts in our system are likely operated by the same person. The check is performed only on demand by an administrator and serves the sole purpose of preventing fraud and abuse. Legal basis: Art. 6(1)(f) GDPR — legitimate interest.

For this purpose we re-use data already collected for other purposes and do not enrich it with information from external sources. The data categories considered are: your email address (including normalised forms such as removing dots and "+"-aliases for Gmail-style addresses), your name (if provided), your phone number (if provided), the IP addresses of your sessions, browser and device identifiers (user-agent, push-notification token), your Stripe customer ID (if you have paid) and the time of your registration.

This processing constitutes profiling within the meaning of Art. 4(4) GDPR because matching signals between accounts are weighted into a risk score. However, it does not result in an automated individual decision within the meaning of Art. 22 GDPR: the score is only a hint for our administrators, and every consequence (such as account suspension or limitation) is decided manually by a human after individual review. We do not store the analysis results; only an access-log entry (which administrator queried which account at which time) is retained for 180 days for accountability purposes.

You may object to this processing at any time pursuant to Art. 21 GDPR by writing to support@rethoria.com. Upon a justified objection we will permanently exclude your account from this check. You also retain all rights described in section 10 above.

Our website may contain links to third-party websites or services. Please note that we are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party websites you visit.

We implement industry-standard security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. However, please note that no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

We may collect and analyze data related to your use of our services, including flashcards created and learning progress, for analytical purposes and to improve the functionality of our platform. This data may also be used to enhance our AI models and algorithms. However, this analysis is performed in aggregated and anonymized form to protect your privacy.

If you have questions or concerns regarding this Privacy Policy or our data practices, please contact us at support@rethoria.com.

support@rethoria.com