Last updated: May 2026
We collect your email address and password (hashed) when you create an account, and an optional display name if you provide one. We store the flashcard decks and cards you create, your review history, and AI generation logs. If you subscribe, we store a Stripe customer identifier. If you enable push notifications, we store your browser push subscription endpoint.
Your email identifies your account. Your flashcard data is the core service. Review history powers the spaced-repetition scheduler. AI generation logs enforce monthly usage limits. Push endpoints deliver due-card reminders.
We use Supabase for authentication and database hosting; Stripe for payment processing (Pro subscribers only); OpenRouter to run AI card generation; Plausible Analytics for anonymous pageview counts (no cookies, no cross-site tracking); and Sentry for error monitoring (error reports may include technical context such as page URLs). Each service has its own privacy policy. We do not sell your data.
Data is stored in Supabase (SOC 2 Type II certified) with row-level security enforced on every table. Connections are encrypted in transit (TLS). Passwords are never stored in plaintext. Access to production systems is limited to the service owner.
You may export all your data or permanently delete your account at any time from Settings → Data & Privacy. Deletion removes your data from our systems within 24 hours.
Questions? Email dingeagle@gmail.com.