Privacy Policy

Last Updated: January 20, 2026

1. Introduction

Welcome to Flash ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our flashcard study application (the "Service"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

When you create an account, we collect:

  • Email Address: Used for account creation, authentication, and communication
  • Password: Stored in hashed form (using bcrypt) for account security

2.2 Study Content and Progress

To provide our flashcard study service, we store:

  • Flashcard Decks: The decks you create or upload, including deck names
  • Flashcard Content: The front (question) and back (answer) of each flashcard, along with categories
  • Study Statistics: Your study progress including:
    • Number of correct and incorrect answers
    • Current correct answer streak
    • View count for each card
    • Historical wrong answers (used to generate better quiz options)
    • Card status (pending, active, or done)

2.3 Subscription Information

If you subscribe to our paid service, we store:

  • Subscription status (active, canceled, past due)
  • Current billing period dates
  • Cancellation date (if applicable)
  • Plan name
  • Subscription ID from our payment processor

2.4 Usage Data

  • Cookies and Session Data: We use cookies to maintain your login session
  • Server Logs: Standard web server logs (IP addresses, browser type, pages visited) are collected automatically

2.5 Uploaded Files

When you upload CSV files to import flashcard decks, these files are processed on our servers and then deleted. Only the extracted flashcard data is retained.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your account and maintain your session
  • Store and manage your flashcard decks and study progress
  • Implement our spaced repetition study algorithm
  • Process and manage your subscription
  • Send important service-related communications
  • Improve and optimize the Service
  • Detect and prevent fraud or abuse

4. Third-Party Services

4.1 Payment Processing

We use Creem (creem.io) to process subscription payments. When you subscribe, we share your email address and subscription details with Creem. Please review Creem's privacy policy at their website for information about how they handle your payment information.

4.2 Hosting and Infrastructure

Our Service is hosted on third-party servers. These providers have access to your data only for the purpose of providing hosting services and are obligated to maintain confidentiality.

4.3 No Analytics or Tracking

We do not use third-party analytics services, advertising networks, or tracking tools. We do not sell your data to third parties.

5. Data Security

We implement security measures to protect your information:

  • Encryption: All data transmitted to and from our Service uses SSL/HTTPS encryption
  • Password Security: Passwords are hashed using bcrypt and never stored in plain text
  • Secure Sessions: Session cookies are protected with CSRF tokens
  • Log Filtering: Sensitive information (passwords, emails, tokens, API keys) is automatically filtered from application logs
  • Access Controls: You can only access your own flashcard decks and study data

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Your Rights and Choices

6.1 Access and Update

You can access and update your account information at any time by logging into your account.

6.2 Account Deletion

You can delete your account at any time through your account settings. When you delete your account:

  • Your account information, flashcard decks, and study progress will be permanently deleted
  • This action cannot be undone
  • If you have an active subscription, you should cancel it before deleting your account

6.3 Data Portability

You can export your flashcard decks at any time. Contact us if you need assistance accessing your data.

6.4 Cookies

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use the Service.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. When you delete your account, we permanently delete your data. We may retain certain information as required by law or for legitimate business purposes.

8. Children's Privacy

Our Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using the Service, you consent to such transfers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last Updated" date at the top of this policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page."

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

12. Your Privacy Rights

12.1 GDPR (European Users)

If you are located in the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR):

  • Right to Access: You can request access to your personal data
  • Right to Rectification: You can update or correct your personal data
  • Right to Erasure: You can request deletion of your personal data
  • Right to Restrict Processing: You can request that we limit how we use your data
  • Right to Data Portability:You can request a copy of your data in a structured format
  • Right to Object: You can object to our processing of your data
  • Right to Withdraw Consent: You can withdraw your consent at any time

12.2 CCPA (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the personal data we collect and how we use it
  • Right to Delete: You can request deletion of your personal data
  • Right to Opt-Out: We do not sell your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, please contact us at [email protected].