1. What information do we collect?
Personal information you disclose to us
In short: We collect limited personal information from you.
We do not directly manage passwords or authentication credentials required for account login. User authentication is handled by Clerk, which processes necessary authentication data independently. However, we may access limited personal information, such as email addresses, where necessary for account management, service operation, or user support.
Sensitive information. We do not process sensitive information.
Payment data. All payment data is handled and stored by Buy Me a Coffee. You may find their privacy notice at https://buymeacoffee.com/privacy-policy.
Authentication Data. If you choose to register or log in, authentication is handled via Clerk. While Clerk manages login credentials and authentication workflows, we may access limited profile information such as your email address for account administration and service functionality. Any additional profile data is processed directly by Clerk and/or the relevant identity provider in accordance with their respective privacy policies. You can review Clerk’s privacy policy here: https://clerk.com/legal/privacy.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
2. How do we process your information?
In short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
We process limited user-provided content (such as flashcards and related data) solely to operate and provide the core functionality of the Services. This data is stored in our database infrastructure (Neon) and is not used for analytics, marketing, or profiling purposes. We do not collect or process personal identifiers; authentication and identity-related data are handled exclusively by Clerk.
Where you use AI-powered features, the text content of your flashcards (words and translations) is transmitted to Google's Gemini API for processing. Google acts as a data processor in this context. This data is subject to Google's API Terms of Service and Data Processing Addendum. We recommend you do not enter personal or sensitive information into your flashcards.
Where you use the audio pronunciation feature, the word text of individual flashcards is transmitted to Google's Cloud Text-to-Speech API to generate an audio file. This transmission occurs server-side (from our backend to Google's API); the audio is then returned to your browser as a base64-encoded MP3. Google processes this data solely to synthesise and return the requested audio. This data is subject to Google Cloud's Terms of Service and Privacy Notice. No user identifiers are included in TTS requests.
3. What legal bases do we rely on to process your information?
In short: We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law.
If you are located in the EU or UK, this section applies to you.
The GDPR and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. We may rely on the following legal bases:
- Consent. We may process your information if you have given us permission to use your personal information for a specific purpose. You can withdraw your consent at any time.
- Legal obligations. We may process your information where we believe it is necessary for compliance with our legal obligations.
- Vital interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party.
If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (implied consent). You can withdraw your consent at any time.
4. When and with whom do we share your personal information?
In short: We may share information in specific situations described in this section and/or with the following third parties.
We may need to share your personal information in the following situations:
- Business transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- Analytics (Google Analytics).We use Google Analytics to understand how the Service is used. This involves Google collecting usage data including approximate location and device information via cookies. This is only activated with your consent.
- AI processing (Google Gemini). When you use the AI import feature, flashcard content is transmitted to the Google Gemini API. Google processes this data solely to return a response and does not use API inputs to train its models by default. See Google's terms at ai.google.dev/terms.
- Audio pronunciation (Google Cloud Text-to-Speech). When you tap the audio button while studying, the word text of the active flashcard is transmitted server-side to Google's Cloud Text-to-Speech API. The request contains only the word text and language code — no personal data or user identifiers. Google processes this data solely to synthesise and return an audio response. See Google Cloud's terms at cloud.google.com/terms and privacy notice at cloud.google.com/terms/cloud-privacy-notice.
5. Do we use cookies and other tracking technologies?
In short: We may use cookies and other tracking technologies to collect and store your information.
We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.
When you consent to analytics cookies, we use Google Analytics, which sets cookies to collect usage data. You can withdraw this consent at any time by clicking "Cookie settings"
6. How do we handle your social logins?
In short: Authentication is handled by a third-party provider and we do not access your personal data.
Our Services use Clerk to manage login and account authentication. If you choose to sign in via a third-party provider (such as Google), personal information related to authentication is processed directly by Clerk and the respective provider. While we do not manage login credentials, we may access limited account information such as email addresses where necessary to operate and support the Service. We recommend reviewing the privacy policies of both Clerk and your chosen identity provider to understand how your data is handled.
7. How long do we keep your information?
In short: We keep your information for as long as necessary to fulfil the purposes outlined in this Privacy Notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law. No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or securely store your personal information and isolate it from any further processing until deletion is possible.
8. How do we keep your information safe?
In short: We aim to protect your personal information through a system of organisational and technical security measures.
We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. You should only access the Services within a secure environment.
9. What are your privacy rights?
In short: Depending on your location, you have rights that allow you greater access to and control over your personal information.
In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right to:
- Request access and obtain a copy of your personal information
- Request rectification or erasure
- Restrict the processing of your personal information
- Data portability, if applicable
- Object to the processing of your personal information
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.
If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
Withdrawing your consent
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time by contacting us using the details provided in section 14 below.
Account information
If you would at any time like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases.
If you have questions or comments about your privacy rights, you may email us at [email protected].
10. Controls for Do-Not-Track features
Most web browsers and some mobile operating systems include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.
11. Do United States residents have specific privacy rights?
In short: If you are a resident of certain US states, you may have specific rights regarding access to your personal information.
Categories of personal information we collect
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Contact details, email address, online identifier, IP address | YES |
| B. Personal information (CA Customer Records) | Name, contact information, financial information | NO |
| C. Protected classification characteristics | Gender, age, race and ethnicity, national origin | NO |
| D. Commercial information | Transaction information, purchase history, payment information | NO |
| E. Biometric information | Fingerprints and voiceprints | NO |
| F. Internet or other network activity | Browsing history, interactions with our website | YES |
| G. Geolocation data | Device location | NO |
| H. Audio, electronic, sensory information | Images and audio, video or call recordings | NO |
| I. Professional or employment-related information | Business contact details, work history | NO |
| J. Education information | Student records and directory information | NO |
| K. Inferences from collected personal information | Inferences to create a profile about preferences | NO |
| L. Sensitive personal information | — | NO |
We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We will not sell or share personal information in the future belonging to website visitors, users, and other consumers.
Your rights
You have rights under certain US state data protection laws, including the right to know, access, correct, and delete your personal data, obtain a copy of it, and not be discriminated against for exercising these rights. To exercise these rights, please submit a data subject access request or email us at [email protected].
12. Do other regions have specific privacy rights?
In short: You may have additional rights based on the country you reside in.
Australia and New Zealand
We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. If you believe we are unlawfully processing your personal information, you have the right to submit a complaint to the Office of the Australian Information Commissioner or the Office of New Zealand Privacy Commissioner.
Republic of South Africa
If you are unsatisfied with the manner in which we address any complaint with regard to our processing of personal information, you can contact the Information Regulator (South Africa) at [email protected].
13. Do we make updates to this notice?
In short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
14. How can you contact us about this notice?
If you have questions or comments about this notice, you may email us at [email protected]
15. How can you review, update, or delete the data we collect from you?
You have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. To request to review, update, or delete your personal information, please fill out and submit a data subject access request.
This Privacy Policy was created using Termly's Privacy Policy Generator.