Legal

Privacy
Policy

Professor Goose is built to help you study, not to trade on your data. Here is exactly what we collect, why, and who sees it.

Last updated: May 13, 2026

00, Who we are

Data controller

Professor Goose is operated by an individual based in the United Kingdom. For the purposes of UK GDPR and the Data Protection Act 2018, the operator of Professor Goose is the data controller.

Contact: professorgooseapp@gmail.com

01, What we collect

The data we hold

  • Account data, your email address and authentication details, managed through Clerk. If you sign in with Google, we receive the email address and name from that account.
  • Session and study content, the topics you type or speak, the Goose's responses, session titles, and your understanding progress score. This is stored so you can resume sessions across devices.
  • Uploaded files, if you use the syllabus mind map feature, you may upload a PDF. The file is processed to extract topic structure and then discarded; we do not retain the original PDF after processing.
  • Usage data, how many sessions you have used today, your subscription tier (Free or Premium), and timestamps used to enforce daily limits.
  • Billing data, if you subscribe to Premium, payment details are handled entirely by Stripe. We never see or store your card number. We store your Stripe customer ID to manage your subscription.
  • IP addresses and device identifiers, for guest (non-logged-in) users, we store a hashed version of your IP address and a browser-generated device identifier to enforce the guest demo limit. These are not linked to any account. For all users, IP addresses may be recorded in server logs for security and abuse prevention.
02, Legal basis

Why we are allowed to use it

  • Contract performance, processing your account data, session content, and usage data is necessary to provide the service you signed up for.
  • Legitimate interests, we process IP addresses and device identifiers to prevent abuse and enforce fair-use limits. We have a legitimate interest in keeping the service functional and fairly available to all users.
  • Legal obligation, we may retain certain records as required by applicable law.
03, Voice and audio

How voice is handled

When you use voice input, your speech is transcribed to text using your browser's built-in speech recognition. In most browsers (including Chrome), this transcription is performed by the browser vendor's servers, typically Google, before the text is sent to us. We do not control this step, and we recommend you review your browser provider's privacy policy if you have concerns about voice data.

Once we receive the transcribed text, it is processed identically to typed input. We do not receive or store the raw audio.

Voice output, the Goose speaking back to you, is generated by our own text-to-speech server from the text of the Goose's reply. We do not use a third-party voice provider for output. Audio is streamed to your device and not retained after playback.

04, AI processing

How responses are generated

The Goose's replies are generated by sending your messages to Groq, a US-based AI inference provider. Groq processes your messages to produce a response and returns it to our servers. Your study content is transmitted to Groq for this purpose.

We use Groq under terms that restrict them from using your data for model training. However, you should be aware that your inputs leave our infrastructure to reach Groq's servers. Do not submit sensitive personal information (such as medical details, financial information, or passwords) during a study session.

05, Cookies and tracking

Analytics and advertising

Our website uses Google Analytics and Google Ads conversion tracking (via Google Tag Manager). These tools use cookies, small files stored in your browser, to measure how visitors interact with the site and whether ad clicks lead to sign-ups.

Google may use this data in accordance with its own privacy policy. The data collected includes pages visited, approximate location (derived from IP address), browser type, and referral source. We use this information to understand which marketing is working and to improve the site.

You can opt out of Google Analytics tracking using the Google Analytics opt-out browser add-on. You can manage or delete cookies through your browser settings at any time.

We do not use cookies inside the study app itself for tracking purposes.

06, Our providers

Who we share data with

We do not sell your personal data. We share only what is necessary for each provider to perform their function:

Clerk
Authentication, manages your login, email address, and account credentials
Stripe
Payments, processes subscription billing and stores payment methods securely
Cloudflare
Hosting and database, runs the application and stores session data in their D1 database
Groq
AI inference, receives your study messages to generate the Goose's Socratic responses
Google
Analytics and ads, receives anonymised site usage data via cookies for traffic analysis and conversion tracking
Browser vendor
Voice transcription, your browser converts speech to text, typically via the browser vendor's servers (e.g. Google for Chrome)
07, International transfers

Data leaving the UK

Some of our providers are based in the United States (Groq, Cloudflare, Clerk, Stripe, Google). Transfers to these providers are made on the basis of the UK-US Data Bridge (an adequacy decision by the UK Secretary of State) where applicable, or under the International Data Transfer Agreement (UK IDTA) incorporating UK addenda to the EU Standard Contractual Clauses.

All providers listed above have data processing agreements that include appropriate safeguards for international transfers.

08, Retention

How long we keep it

Account and session data is kept for as long as your account is active. Free plan accounts are capped at 3 stored sessions; older ones are replaced when you create new ones. Premium accounts have no session limit.

Hashed IP addresses and guest device identifiers used for demo limiting are retained for up to 7 days, after which they are purged on a rolling basis.

If you delete your account, we will remove your personal data from our database within 30 days. Residual copies in backups are purged on our normal backup rotation cycle.

09, Your rights

What you can do

If you are in the UK or EU, you have the following rights under UK GDPR and the Data Protection Act 2018:

  • Access, you can request a copy of the personal data we hold about you.
  • Correction, you can ask us to correct inaccurate data. You can update your email and account settings directly from the app's settings panel.
  • Erasure, you can ask us to delete your data. To delete individual sessions, use the sessions panel in the app. To delete your entire account and all associated data, email professorgooseapp@gmail.com.
  • Restriction and objection, you can ask us to restrict or stop processing your data in certain circumstances.
  • Portability, you can ask for your data in a machine-readable format.
  • Complaint, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

We will respond to data subject requests within one calendar month.

10, Contact

Questions

If you have any privacy questions or wish to exercise your rights, email professorgooseapp@gmail.com. We aim to respond promptly and will always reply within one calendar month.