Privacy Policy
Last updated: 2026-05-27 (revision 2: geofenced cookie defaults) Operator: Ambedo Labs LLC, a Utah limited liability company. Address: PO Box 97, Orderville UT 84758, United States. Contact: hello@dialedstudy.com
The short version
Dialed is a study app. We try to collect as little about you as we reasonably can.
- You can use Dialed without an account. We give your browser an anonymous device id so your work stays on your device. We do not link that id to anyone unless you sign in.
- If you sign in, we store the bare minimum: a Clerk user id, an email, and the study data you create.
- We do not sell your personal data. We do not share it for cross-context behavioral advertising.
- AI features send the text you ask about to model providers (OpenRouter, Google, Inworld for voice). Their privacy policies apply to that transit. We don't store your prompts; we only store a one-way hash for cost auditing.
- You can delete everything we hold about you at any time. Anon: one click and gone. Signed in: 30-day soft delete, then hard purge.
- We use only the cookies that are essential to running the app, plus any analytics or marketing trackers you explicitly opt in to.
If anything below contradicts the short version, the long version wins, but tell us, because the short version is what we are actually trying to do.
1. Who we are
Dialed (the "Service") is operated by Ambedo Labs LLC ("Dialed", "we", "us"), a Utah limited liability company. Our mailing address is PO Box 97, Orderville UT 84758, United States. Any question about this Privacy Policy goes to hello@dialedstudy.com.
For users in the European Economic Area, United Kingdom, or Switzerland: we do not currently appoint an Article 27 representative because Dialed's processing of EU resident data is limited and not targeted at the EU market. If you are an EU resident and would like to exercise your rights, email hello@dialedstudy.com and we will respond within 30 days.
2. What we collect, and why
2.1 If you use Dialed without an account
- An anonymous device id stored as an httpOnly cookie (
dialed_did) and inside the app's local database. It is not linked to anything else about you. Its only job is to let your study data persist on your device and (when you sign in) be moved into your account. - The study content you create (subjects, materials, notes, flashcard decks, quiz decks, study guides) stays on your device in your browser's IndexedDB. We do not send it to our servers unless you sign in.
- Anonymous AI usage counters (per-day request counts, per-day token counts, per-day cost) keyed to the device id, so we can enforce daily quotas and stop bills from spiking.
2.2 If you sign in with Google via Clerk
We get from Clerk:
- Your Clerk user id (an opaque string).
- The email address on your Google account.
- Your display name if you set one.
We do not get your Google contacts, Drive files, calendar, or any other Google data.
Once signed in, the study content you create syncs to our Postgres database keyed to your account, so you can use Dialed on more than one device.
2.3 Cost + abuse audit log for AI calls
Every time you trigger an AI feature, we log:
- A non-reversible hash of your prompt (not the prompt itself).
- The model used, input/output token counts, cost in micros, latency.
- The HTTP status of the call.
We use this to enforce per-user daily budgets, detect runaway loops, and figure out which features cost what. The log is not used for advertising or sold to anyone. It is retained for 90 days and then purged.
2.4 If you join the waitlist (newsletter)
The marketing site asks for your email and (optionally) a referral code. We store:
- Your email.
- A hashed IP address (one-way, salted).
- The page you signed up from.
- A timestamp.
This is in a separate database table from the app. If you ask us to delete you, both get wiped.
2.5 What we deliberately do not collect
- Government identifiers, financial account numbers, health data, biometric data, precise geolocation, religious or political opinions, sexual orientation. We have no use for them.
- Information about other people from your address book or social graph.
- Anything from third-party trackers unless you have explicitly opted in (see §5).
3. How we use what we collect
Only for these purposes:
- Run the Service. Render the app, sync your data, generate flashcards/quizzes/summaries when you ask.
- Keep the Service working and safe. Diagnose errors via Sentry, rate-limit abusive traffic, enforce AI quotas, ban accounts that violate our terms.
- Talk to you. Account emails, occasional service updates (transactional only), the waitlist newsletter you opted into.
- Get better. Aggregate, de-identified usage trends. Crash reports.
- Comply with law. Respond to lawful requests, defend our rights.
We do not use your personal data for automated decision-making with legal effects, profiling for advertising, training of foundation models, or any other purpose not listed above.
4. Who we share it with
We use a small set of vendors ("subprocessors") to run the Service. Each one only gets what they need.
| Vendor | What they get | What for |
|---|---|---|
| Clerk | Email, name, Clerk user id | Sign-in / account management |
| Railway | Everything stored in our database (encrypted at rest by the provider) | Database + app hosting |
| Vercel | The HTTP traffic you generate when you load the site | Static hosting + CDN |
| OpenRouter | The text you submit to AI features, plus the model response | AI generation routing |
| Google (Gemini) | The text + images you submit to multimodal AI features | AI generation |
| Inworld | The text you submit for text-to-speech | Voice synthesis |
| YouTube Data API (Google) | Search keywords you type into the YouTube ingester | Video search |
| Mailtrap / Listmonk | Your email for the waitlist + transactional sends | Email delivery |
| Sentry | Crash reports, error stack traces, the URL you were on, request metadata (cookies, IP, headers), and a sampled session replay of your interactions | Error monitoring + debugging |
We do not share with:
- Ad networks
- Data brokers
- Anyone else
We disclose information to law enforcement only when legally required (subpoena, court order). We will give you notice unless the law forbids it.
If Ambedo Labs LLC is acquired, your data may transfer to the buyer under the same Privacy Policy. We will tell you before that happens.
5. Cookies and trackers
- Essential cookies (auth session, device id, sync state) are always on. Without them the app can't function.
- Analytics and marketing cookies follow a geofenced default:
- EU/EEA, UK, Switzerland, Brazil, and Canada (incl. Quebec): off by default. We enable them only after you click "Accept all" or "Customize" in the banner. This matches the consent rules in those regions (ePrivacy / GDPR / LGPD / Law 25 / PIPEDA). - United States and elsewhere: on by default. The banner is informational, and you can opt out any time from /cookies.
- When analytics is on, we run Google Analytics 4 with anonymized IP and Google signals disabled (no ad personalization).
- When marketing is on, we run the Meta Pixel to measure whether an ad you saw led to a sign-up.
Region detection uses your browser's timezone and language (no IP geolocation). If the signals are ambiguous, we default to the stricter setting.
You can change your choices any time at /cookies or by clicking "Cookies" in the footer.
We do not respond to the obsolete Do Not Track header. We do honor Global Privacy Control as an opt-out signal for sale/sharing for users in jurisdictions that recognize it (California, Colorado, Connecticut).
6. Where your data is stored
- App database: Railway, currently US-East region.
- Static hosting: Vercel global edge network.
- Auth: Clerk's infrastructure.
- AI providers: per the provider's own infrastructure (US-based for OpenRouter and Google).
If you are outside the United States, your data will be transferred to the United States to be processed by us and these vendors. We rely on Standard Contractual Clauses where applicable.
7. How long we keep it
| Data | Retention |
|---|---|
| Anon device data | While your device cookie is valid (up to 2 years from last activity) |
| Signed-in account data | Until you delete your account |
| Deleted account data | 30 days after deletion request (recovery window), then hard purged |
| AI cost audit log | 90 days |
| Sentry crash reports | 30 days |
| Waitlist email | Until you unsubscribe + 30 day cleanup window |
| Backup snapshots | Up to 30 days, then expired |
8. Your rights
Regardless of where you live, you can:
- Access the data we hold about you by hitting
/me/exportin-app or emailing us. - Delete your account from Settings → Account → Delete account (or
/me/forgetfor anonymous). - Correct your data by editing it in-app or emailing us.
- Object to a specific kind of processing by emailing us.
If you live in California, the EU, the UK, Virginia, Colorado, Connecticut, Utah, Texas, or Iowa, or other states with comprehensive privacy laws, you also have:
- The right to know what we collect, why, and who we share with (this document).
- The right to portability (export endpoint returns JSON).
- The right to limit the use of sensitive personal information (we don't collect any).
- The right to opt out of sale or sharing for cross-context behavioral advertising. We do not sell or share for that purpose.
- The right to non-discrimination for exercising any of these rights.
- The right to appeal a denied request. Email hello@dialedstudy.com with "Privacy appeal" in the subject.
To make a request, email hello@dialedstudy.com from the email on your account. We will respond within 30 days (extendable by 60 days for complex requests, with notice).
9. Children and Dialed
Dialed is for users 13 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has registered, email us and we will delete the account.
If you live in an EU country whose digital-consent age under GDPR Article 8 is higher than 13, you should get parental approval before using Dialed if you are under that age. We do not verify this; we rely on your honest answer at sign-up.
If you live in California and you are under 18, you may request that we delete content you have publicly posted. Email us.
10. Security
We use industry-standard technical and organizational measures:
- TLS in transit (HTTPS everywhere).
- Postgres encryption at rest via Railway.
- HSTS, anti-CSRF (SameSite cookies), tight CORS, helmet-issued security headers, per-IP rate limits.
- Per-user circuit breakers on AI calls so a stolen credential cannot drain your quota silently.
- Server-side-only API keys for AI providers. They are never sent to the browser.
No system is perfectly secure. If we have a breach involving your personal information, we will notify you and the relevant authorities within 72 hours of discovery, per GDPR Article 33 (where applicable) and US state breach-notice laws.
10.1 Error monitoring + session replay (Sentry)
We use Sentry to catch bugs and improve the app. When an error happens in the app, Sentry receives:
- The error message and a stack trace.
- The URL you were on and the action you were attempting.
- Request metadata: IP address, user agent, cookies (excluding our auth cookie), and the path you hit.
- A session replay — a video-like reconstruction of your interaction with the page leading up to the error. We capture 100% of sessions where an error occurs, and a random 10% sample of all sessions even when nothing goes wrong, so we can spot UX problems we wouldn't otherwise see.
Replays are redacted by default: text input contents (passwords, anything you type into a field) are masked, and images are blurred unless we explicitly mark them as safe. Replay storage is set to Sentry's standard 30-day retention.
If you don't want any of this to happen, you can:
- Sign out and use the app as an anonymous device (we still capture replays for anon users, but with no account identity attached).
- Email hello@dialedstudy.com to ask us to delete your specific replays. We can identify them by the device id or user id we attach to each replay.
11. AI features and transparency
Dialed uses third-party AI models to generate flashcards, quizzes, summaries, and tutor responses. We are transparent about this per EU AI Act expectations:
- The content you generate via these features is AI-generated. It is not authored by a human. It can contain errors, omissions, and confident-sounding mistakes. Verify anything important.
- The text you submit is sent to the model provider (OpenRouter / Google / Inworld) to produce the response. We do not control how those providers handle the data once they receive it; review their own privacy policies.
- We do not use your inputs to train any foundation model.
12. Changes to this policy
We will update this policy when we add features that change what we collect or who we share with. The "Last updated" date at the top will change. For material changes we will notify you in-app and by email before they take effect.
13. How to reach us
For privacy questions, requests, or complaints: hello@dialedstudy.com
For postal mail: Ambedo Labs LLC, PO Box 97, Orderville UT 84758, United States.
If you live in the EU/UK and are unhappy with our response, you have the right to lodge a complaint with your local data protection authority.
Need to talk to us? Email hello@dialedstudy.com.
Ambedo Labs LLC, PO Box 97, Orderville UT 84758, United States.