Histoply Privacy Policy

Last update: October 1, 2025

Welcome to Histoply (the "Service"), operated by Histoply SASU ("us", "we", "our"). Protecting your personal data is our priority. This Privacy Policy explains how we collect, use, store, and share your information.

By using our Service, you agree to the collection and use of information in accordance with this policy.

1. Data Controller

The data controller for data collected via the histoply.app site and the associated application is Histoply, whose headquarters are located in France.

For any questions regarding this policy or to exercise your rights, you can contact us at: privacy@histoply.app.

2. The Data We Collect

We collect several types of data to provide and improve our Service.

A. Data collected via third-party services (Google Sign-In)

To facilitate account creation and authentication, we use third-party authentication services, including Google Sign-In.

When you choose to log in with Google, we collect the personal information that you authorize Google to share with us via the OAuth consent screen.[28] This information typically includes:

• Your first and last name
• Your email address
• Your Google account ID
• Your profile picture URL (optional)

We never have access to your Google password.

B. Data generated by your use (Learning Data)

The essence of Histoply is tracking your learning. We collect data generated by your activity on the Service:

• Your progress in the history lessons.
• Your quiz answers (correct or incorrect).
• Scores, experience points (XP), and levels achieved.
• Metadata necessary for our Spaced Repetition System (SRS) to function, such as the date of your last review and the memorization status of a fact.

C. Technical Data and Cookies

We automatically collect certain information when you use our Service, such as your IP address, browser type, operating system, and error logs, to ensure the security and maintenance of the Service.

3. Purposes of Processing (Why we use your data)

We use your data based on specific legal grounds, in accordance with the GDPR.

• To perform our contract with you (Legal basis: Contract performance):
  • Provide, operate, and maintain the Service.
  • Authenticate you (via Google Sign-In) and secure your account.
  • Synchronize your learning progress across your devices.
  • Operate the SRS algorithm to personalize your reviews.
• For our legitimate interests (Legal basis: Legitimate interest):
  • Analyze Service usage to improve it (usability, new lessons).
  • Ensure platform security and prevent fraud.
  • Respond to your support requests.

4. Data Sharing and Recipients

We do not sell your personal data. We only share it with the following recipients:

• Host Provider: Your data is stored on the secure servers of our processor, Google Cloud Platform (GCP), located in the United States. Data transfer outside the EU is governed by transfer mechanisms approved by the European Commission (e.g., Data Privacy Framework or Standard Contractual Clauses), ensuring an adequate level of protection.
• Legal Obligations: We may disclose your information if required by law or to protect our rights.

5. Compliance with Google API Services

Notwithstanding anything else in this Privacy Policy, Histoply's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Data obtained via Google APIs (such as your Google Sign-In account information) is used solely to provide application features (authentication, profile personalization) and is not transferred, sold, or used for advertising purposes.

6. Security of Your Data

We take the security of your data seriously. We implement appropriate technical and organizational measures (HTTPS, data encryption at rest, secure access) to protect your data against unauthorized access, modification, or destruction.

7. Retention Period

We retain your learning data (progress, SRS) as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, unless otherwise required by law.

8. Your Rights (In accordance with GDPR)

You have the following rights regarding your personal data:

• Right of access: Request a copy of the data we hold about you.
• Right to rectification: Correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten"): Request the deletion of your account and your data.
• Right to portability: Request to receive your data in a structured format (e.g., JSON or CSV).

To exercise these rights, please contact us at contact@histoply.app.

9. Changes to this Policy

We may update this policy. We will notify you of any major changes. The "Last update" date at the top of the page indicates the date of the last revision.