Privacy Policy

Last updated: 2026-05-10

This Privacy Policy explains how exclam.ai (“we,” “us,” “our”) collects, uses, and shares information when you use the Service at exclam.ai (and the legacy savantapp.com domain, which redirects to it).

1. What we collect

Account data. When you sign in, we collect your email address and a Firebase Auth user ID. If you sign in with Google or Apple, we receive your name and the email you authorized the provider to share — nothing more.

Your Content. The PDFs, notes, slides, flashcards, quizzes, and study plans you upload or create in the Service. We store these so we can show them back to you, run AI features on them, and sync across your devices.

Usage data. Pages viewed, features used, study sessions started, flashcard reviews, quiz attempts, and similar product-telemetry events. We use this to improve the Service and to keep it reliable.

Device and log data. IP address, user agent, device type, timestamps, and error logs. Used for security, abuse prevention, and debugging.

Payment data. If you buy a paid plan, our payment processor (Stripe or the Apple/Google in-app billing system you used) handles your card details. We receive a customer ID, plan, and billing status — never your full card number.

2. What we don’t collect

  • We don’t buy data about you from data brokers.
  • We don’t fingerprint your device beyond what’s needed to operate the Service.
  • We don’t sell Your Content. We don’t use Your Content to train foundation models.

3. How AI providers fit in

When you use AI features (chat, generation, search), we send the relevant portions of Your Content and your prompt to third-party AI providers (e.g., Anthropic, OpenAI, Google). We send only what each request needs. These providers operate as our processors under written data-processing terms; they’re contractually prohibited from using your data to train their public models. We don’t share your account email or identifiers with AI providers unless required to enforce abuse limits.

4. How we use your information

  • To operate, secure, and improve the Service;
  • To process and store Your Content so you can use it across sessions and devices;
  • To run the AI features you trigger;
  • To send transactional emails (sign-in links, receipts, security notices);
  • To send product updates and tips if you’ve opted in — you can opt out at any time from the email footer;
  • To detect, prevent, and investigate fraud or abuse;
  • To comply with legal obligations.

5. Who we share data with

  • Service providers / processors: Firebase (auth, database, storage), Google Cloud (hosting), Stripe (payments), email-delivery providers, error-monitoring providers, and the AI model providers above. They process data on our behalf under contractual restrictions.
  • Legal: When required by law, subpoena, or to protect the rights, safety, or property of exclam.ai, our users, or the public.
  • Business transfers: If we’re involved in a merger, acquisition, or asset sale, your data may be transferred — but the protections in this Policy will continue to apply.
  • With your direction: If you choose to share decks, study plans, or other content via a public link or to a connected service.

We don’t sell your personal information.

6. Cookies and similar technologies

We use first-party cookies and local storage to keep you signed in, remember preferences, and measure product usage. We don’t use third-party advertising cookies on the product. The marketing site may use privacy-friendly analytics (no cross-site tracking).

7. Data retention

We retain Your Content for as long as your account is active, plus a short wind-down window after deletion to allow recovery from accidental loss. Usage and log data are retained for limited periods needed for security, abuse prevention, and reliability. When you delete your account, we delete Your Content from production systems within 30 days, with backups expiring on rolling schedules.

8. Your choices and rights

  • Access, correct, export, delete: You can view, edit, and delete Your Content in the app. To request a full export or to delete your account, email [email protected].
  • Opt out of marketing emails: Use the unsubscribe link in any marketing email. Transactional emails (receipts, security) will still go out.
  • EEA/UK GDPR rights: Right to access, rectification, erasure, data portability, restriction, and objection. Our legal basis is performance of contract (operating the Service), legitimate interests (security, product improvement), and consent (marketing emails). You can lodge a complaint with your local supervisory authority.
  • California (CCPA/CPRA) rights: Right to know, delete, and limit use of sensitive personal information. We don’t sell or “share” personal information for cross-context behavioral advertising as those terms are defined under California law.

9. Children

The Service isn’t directed to children under 13 (or 16 in the EEA/UK). If you believe a child has signed up, email [email protected] and we’ll delete the account.

10. International transfers

We operate primarily on Google Cloud infrastructure based in the United States. If you’re outside the US, your data will be processed in the US (and any other regions listed in our infrastructure provider’s documentation) under appropriate safeguards, including standard contractual clauses where required.

11. Security

Traffic is encrypted in transit (TLS). Data stored in Google Cloud is encrypted at rest. We use Firebase Authentication, least-privilege service accounts, rate limiting, and session hardening. See our security policy for more, and report issues to [email protected].

12. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we’ll notify you in-product or by email before they take effect.

13. Contact

Questions about this Policy or your data? Email [email protected]. See also our Terms of Service.