Privacy Policy
Last updated: May 2026
TentaGen cares about your privacy. This policy describes how we collect, use, and protect your data in accordance with the EU General Data Protection Regulation (GDPR).
1. Personal Data We Process
We process: email address and name via Clerk authentication, subjects and questions you generate, and uploaded documents and URLs for question generation. We do not intend to collect sensitive personal data as defined in GDPR Article 9. We urge users not to upload material containing real patient data or other sensitive personal information. If such material is nevertheless uploaded, it is only processed for question generation and is not stored.
2. AI Processing
Uploaded documents, URLs, and videos are processed by Anthropic Claude AI to generate exam questions. These source materials are not stored after questions are generated — they are only processed during generation. Via Anthropic's commercial API, your material is not used to train the AI model, in accordance with Anthropic's current API terms.
3. Authentication
We use Clerk for authentication. Clerk handles login, session management, and stores your credentials. See Clerk's privacy policy for details: clerk.com/legal/privacy.
4. Storage of Personal Data
Your generated questions are stored in a Convex database (USA). Each user only has access to their own questions. Data is stored securely with encryption in transit (TLS).
5. Cookies
We use essential cookies for authentication (Clerk) and optional cookies for product analytics (Vercel Analytics, PostHog — EU-hosted) and error reporting (Sentry, EU-hosted). Essential cookies cannot be disabled as they are required for login. Analytics cookies are only activated after your consent via the cookie banner. If you decline, no analytics cookies are loaded. We also log action data (e.g. generation attempts, saved questions, exports) in our own database to improve the product — this logging does NOT include question or document content, only the action type and metadata. During the pilot phase, PostHog collects interaction data (page views and clicks) so we can understand how the tool is used and where it causes friction.
6. Your Rights (GDPR)
Under the GDPR, you have the right to: request access to your personal data (Article 15), request correction of inaccurate data (Article 16), request deletion of your account and data (Article 17), request restriction of processing (Article 18), data portability — export your questions (Article 20), and object to data processing (Article 21). Contact us to exercise these rights. We respond to requests within 30 days.
7. Legal Basis for Processing
We process your personal data based on: contract (GDPR Article 6.1b) — to provide the TentaGen service to you as a registered user; legitimate interest (Article 6.1f) — to improve the service through anonymous analytics; consent (Article 6.1a) — for optional analytics cookies, which you may decline.
8. Data Processors
We share data with the following third-party providers who process data on our behalf: Anthropic (Claude AI — question generation, USA), Clerk (authentication, USA), Convex (database, USA), Vercel (hosting and analytics, USA), Sentry (error tracking incl. error-bound session replay with all text fields masked, data in EU), PostHog (product analytics incl. interaction tracking, data in EU), Upstash (performance monitoring, data in EU), Resend (email notifications, USA), AssemblyAI (video transcription, USA). Data processing is carried out in accordance with each provider's data processing terms.
9. International Data Transfers
Some of our service providers are based in the USA. Transfer of personal data to the USA is carried out in accordance with EU Standard Contractual Clauses (SCC) and/or the EU-US Data Privacy Framework, ensuring an adequate level of protection under GDPR Chapter V. Sentry and Upstash store data within the EU.
10. Contact
For privacy questions, contact us at support@tentagen.se.
11. Retention and Deletion
Your generated questions are stored as long as you have an active account. Uploaded documents and URLs are deleted immediately after question generation. When you delete your account via the account settings, all your personal data, saved questions, and other data are automatically deleted from our systems. You can also contact us at support@tentagen.se to request deletion.
12. Data Controller
The data controller is GeniusMotion Koncern AB (org.nr 559236-1389). Contact person for data protection matters: Parviz Mammadzada, support@tentagen.se. Our processing of personal data is not of a nature or scale that requires a Data Protection Officer (DPO) under GDPR Article 37. For data protection inquiries, contact us at support@tentagen.se. We do not use automated profiling or automated individual decision-making under GDPR Article 22. For complaints, you have the right to contact the Swedish Authority for Privacy Protection (IMY), imy.se.