Gistra

Privacy Policy

We built Gistra to be useful without being creepy. This Privacy Policy explains what we collect, why we collect it, and what choices you have.

Last updated: December 23, 2025

TL;DR

  • We collect the information we need to run Gistra and improve it.
  • We use PostHog for analytics. We identify sessions using a random identifier, and for signed-in users we may identify with your internal user ID.
  • If you use AI features, we send the text needed to generate the result (for example, transcript text/excerpts and your chat messages) to OpenRouter and the underlying model provider it routes to.
  • If you sign in with Google or GitHub, the information needed to complete sign-in is handled by those providers and our auth provider.
  • When you paste a YouTube link, we may make requests to YouTube (and related services) to fetch transcript and video metadata.
  • We do not sell your data, and we do not share your data with third parties for advertising.
  • Your saved content (like transcripts and AI outputs) is private to your account and not publicly accessible.

Who we are

This Privacy Policy applies to Gistra (the “Service”), available at https://gistra.io. Gistra is operated by DataParty LLC.

If you have questions, email us at [email protected].

What we collect

Account information

If you create an account, we store what we need to authenticate you and keep your account working. Our authentication and database are provided by Supabase. This typically includes an internal user ID and login-related data needed to sign you in and keep your session active.

Content you provide

When you use Gistra, you may provide content such as:

  • YouTube URLs you submit
  • Transcripts you extract and save
  • Notes/annotations you write (currently stored locally on your device, not on our servers)
  • AI outputs you generate (for example: study guides, flashcards, quizzes, translations)
  • Messages you send in chat

We store this content so you can view it later and use the features you asked for. Notes/annotations are currently stored locally on your device (not on our servers). If you use AI features, we also process the relevant text to generate the output you requested.

Usage & analytics data

We use analytics to understand how people use Gistra and to fix bugs. This can include information like:

  • Pages visited and buttons clicked
  • Basic device/browser information
  • Approximate location (derived from IP, depending on configuration)
  • Performance and error data (for example: crashes)

We use PostHog for analytics. Users are tracked with a random identifier, and signed-in users may also be tied to an internal user ID. We do not use analytics to build advertising profiles.

We also use Sentry for error monitoring (to detect crashes and fix bugs). Error reports may include technical details like page URL, device/browser info, and error messages.

Payment information

If you purchase a paid plan or credits, payments are processed by Dodo Payments. We do not store your payment card details on our servers. We may store your plan status and purchase history to ensure continuity of service.

Sign-in providers (OAuth)

You can sign in using providers like Google or GitHub. If you choose one of these options, they will process the information needed to authenticate you. We receive confirmation that you signed in and the account identifier needed to link that sign-in to your Gistra account.

YouTube links and transcript fetching

When you submit a YouTube URL, we use it to retrieve transcript and video information. This may involve making requests to YouTube (and related services) from our servers. The requests typically include the URL or video ID you provided.

AI features

If you use AI features (like chat, flashcards, study guides, quizzes, translations, or summaries), we send the text needed to generate that result to OpenRouter and the underlying model provider it routes to.

Examples of what may be sent:

  • Your chat messages
  • Transcript text (or relevant excerpts)
  • Instructions needed to generate the output you requested
  • Basic technical metadata needed to run the request (for example, an internal request ID)

We do not send your password or full payment card details to AI providers. Your AI inputs and outputs may be stored in your account so you can view them later.

What we do not collect

We do not intentionally collect sensitive personal information (like government IDs). Please do not put sensitive information into transcripts, notes, or chat.

We do not use third-party advertising cookies and we do not sell personal information.

How we use your information

We use information we collect to:

  • Provide the Service (accounts, transcripts, AI features)
  • Maintain security and prevent abuse
  • Fix bugs and improve performance
  • Understand usage patterns to improve the product
  • Provide support when you contact us

To help prevent spam and automated abuse (for example, during sign-up and password reset), we use Cloudflare Turnstile.

How we share your information

We do not sell your data.

We share limited information with service providers that help us run Gistra. This includes:

  • Analytics: PostHog (to understand usage and fix bugs).
  • Error monitoring: Sentry (to detect crashes and help us fix issues).
  • Payments: Dodo Payments (to process purchases). We do not store your full card number.
  • AI processing: OpenRouter (to generate chat responses and other AI outputs you request).
  • Authentication & database: Supabase (to run user accounts, store your saved content, and keep the Service working).
  • Abuse prevention: Cloudflare Turnstile (to reduce spam and automated abuse).

These providers are only allowed to process data to provide services to us (not to advertise to you).

We may also share information if required by law or to protect the safety, rights, or security of users and the Service.

Cookies and similar technologies

We use cookies and similar technologies where needed to keep you signed in, keep the Service working, and understand basic usage.

If you prefer, you can limit cookies in your browser settings. Some features may stop working correctly if you block required cookies.

Where your data is processed

Gistra uses service providers (like analytics, error monitoring, payments, AI processing, and hosting). That means your data may be processed in the countries where these providers operate.

No matter where processing happens, we only use these providers to run and improve Gistra, not to sell your data or advertise to you.

Data retention

We keep your account and saved content for as long as you keep your account (or as needed to provide the Service). We may keep limited records longer where required for security, legal, or operational reasons.

Security

We take reasonable steps to protect your data. No system is perfectly secure, but we work to prevent unauthorized access, loss, and misuse.

Your choices

  • You can stop using Gistra at any time.
  • You can limit cookies in your browser settings (may affect functionality).
  • If you want to request access to or deletion of your data, contact us at [email protected].

Changes to this policy

We may update this Privacy Policy from time to time. If we make changes, we’ll update the “Last updated” date at the top of this page.