Privacy Policy

Last updated: 15 March 2026  |  Law Study Tool

This Privacy Policy describes how Charlie Williams ("we", "us", or "our") collects, uses, and protects information when you use Law Study Tool (the "Service"). By using the Service you agree to the practices described here.

1. Who We Are

Law Study Tool is operated by Charlie Williams, an individual developer based in New Zealand. For privacy enquiries, contact us at [email protected].

2. Information We Collect

We collect only the information necessary to provide the Service:

• Account information: When you sign in with Google, we receive your email address and a unique Google account identifier. We do not receive your Google password.
• Notion integration data: When you connect your Notion workspace, we store a Notion OAuth access token (encrypted), your workspace ID, and your workspace name. We do not store the contents of your Notion pages on our servers.
• Document content: When you upload study materials (PDFs, PowerPoint files), the text content is extracted and sent to the Anthropic Claude API for processing. We store the AI-generated output (notes, questions) in our database. Original uploaded files are not retained after processing.
• Usage data: We log job status records (pending, processing, done, failed) associated with your account to allow you to track upload and generation progress.
• Error tracking: We may collect anonymised error and performance data via Sentry to diagnose problems with the Service.

3. How We Use Your Information

We use the information collected solely to:

• Authenticate you and maintain your session
• Connect to your Notion workspace and read/write pages on your behalf
• Process your uploaded documents using AI and return the results to you via Notion
• Generate practice questions and study materials from your notes
• Monitor and improve the reliability of the Service

We do not use your data for advertising, profiling, or any purpose beyond operating the Service.

4. Third-Party Services

To provide the Service, we share data with the following third parties acting as data processors:

• Google — Authentication via Google OAuth. Governed by Google's Privacy Policy. We comply with Google API Services User Data Policy.
• Notion — We access your Notion workspace via the Notion API on your behalf. Governed by Notion's Privacy Policy.
• Anthropic — The text content of your uploaded documents and study notes is sent to Anthropic's Claude API for AI processing. Governed by Anthropic's Privacy Policy. Content you submit is subject to Anthropic's usage policies.
• Railway — Our application and database are hosted on Railway's cloud infrastructure. Governed by Railway's Privacy Policy.
• Sentry (optional) — Anonymised error reporting. Governed by Sentry's Privacy Policy.

We will never sell or share your email address with any third party for marketing purposes. If you contact us directly, we will not share that contact information with third parties.

5. Data Security

We take reasonable steps to protect your information:

• Notion OAuth access tokens are encrypted at rest using AES-128 symmetric encryption (Fernet).
• All data transmitted between your browser, our servers, and third-party APIs is encrypted in transit using TLS/HTTPS.
• Authentication tokens (JWTs) are signed with a secret key and expire after 7 days.
• Access to production systems is restricted and credentials are stored as environment secrets, never in source code.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

• Account data (email, Google ID) is retained for as long as your account exists.
• Notion tokens and workspace data are retained until you disconnect your Notion account via the app settings (which immediately deletes them).
• Upload job records (status, AI-generated output) are retained until your account is deleted.
• When you delete your account, all associated data is permanently removed from our systems.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your account and all associated data. You can disconnect your Notion integration at any time from within the app, which immediately deletes your Notion token.
• Portability: Request your data in a portable format.
• Objection / Restriction: Object to or request restriction of certain processing.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

If you are located in the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.

8. Cookies and Local Storage

The Service does not use tracking cookies. We use browser localStorage to store your session token (JWT) so you remain logged in. This data is stored only on your device and is not transmitted to third parties.

9. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by updating the "Last updated" date above. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For any questions or concerns about this Privacy Policy or our data practices, please contact:

Charlie Williams
[email protected]