Privacy Policy

I. Consent

By using our Services, you agree to the terms and conditions contained in this Privacy Policy and consent to the data processing practices described herein. FluentFlash, Inc. (“FluentFlash,” “we,” “us,” or “our”) operates the flashcard and study platform at fluentflash.com (the “Services”).

II. What Data We Collect

a. Account Information

When you create an account, we collect: your name, email address, and profile image (if provided via a third-party authentication provider). Authentication is managed by our provider Clerk. You may link third-party accounts (such as Google) to authorize limited information access per that provider's privacy policy. You can revoke access at any time through your account settings.

If you contact us or provide feedback, we collect your name, email, and any content or attachments you include in your message.

b. Study Data

To deliver the Services, we collect data about your study activity, including:

• Flashcards and decks you create
• Content you paste, upload, or enter for AI-generated card creation
• Review history, ratings, and study session metadata (for spaced repetition scheduling)
• Streak information, daily goals, and retention metrics
• Preferences (language, timezone, desired retention rate)

c. Technical Information

Our Services automatically collect certain technical data: browser type, operating system, IP address, device identifiers, domain name, and timestamps of your visit. This data is gathered in log files for authentication, security, and analytics purposes. Aggregated analytics data is collected in a form that cannot personally identify you.

d. AI Input Data

When you use AI features (such as generating flashcards from text, URLs, or PDFs), the content you provide is sent to our AI provider (Anthropic) for processing. You are responsible for ensuring you have the right to submit such content and that it does not contain personal information about third parties without authorization.

e. Cookies and Tracking Technologies

We use cookies and similar technologies, through which we and certain trusted third parties may collect, record, use, and share information about your use of our Services. Cookie types include:

1. Necessary cookies — Required for basic site features such as authentication and session management; no personally identifiable data stored.
2. Functional cookies — Enable features like theme preference and keyboard shortcut settings.
3. Analytical cookies — Measure visitor interactions to help us improve the Services (via PostHog and Google Analytics).
4. Performance cookies — Analyze key performance indicators for a better user experience.
5. Advertising cookies — Used for remarketing and conversion tracking through Google Ads and Google Tag Manager (where applicable).

You can remove persistent cookies at any time through your browser's settings.

III. How We Use the Data We Collect

We use your personal information for the following purposes:

1. Facilitate account creation and security
2. Identify you as a user of the Services
3. Provide, operate, and administer the Services
4. Personalize and improve your study experience (including FSRS scheduling)
5. Generate AI-powered flashcards and explanations based on your inputs
6. Send administrative notifications (e.g., welcome emails, important service updates)
7. Respond to your inquiries, feedback, and support requests
8. Send newsletters or surveys (with your consent, where required)
9. Determine which features interest you to inform product decisions
10. Provide information about new features and (if applicable) premium offers
11. Comply with applicable laws and regulations
12. Respond to lawful requests and court orders
13. Detect, prevent, and respond to fraud or security incidents

We may also compile and use statistical or anonymized, non-personally identifiable information for any purpose, provided such data has been fully de-identified.

Third-Party Analytics

We use analytics services including PostHog, Google Analytics 4, Google Tag Manager, and Google Ads to understand how people use our Services and to improve them. These services use automated technologies to collect information (such as IP address, device identifiers, and event data) to evaluate your use of our Services. See their respective privacy policies for details.

IV. Information Sharing and Disclosure

a. Service Providers

We engage third-party companies and individuals to support the Services, including:

• Railway (hosting and database infrastructure)
• Clerk (authentication and user management)
• Anthropic (AI model provider for card generation and explanations)
• PostHog (product analytics)
• Google (Tag Manager, Analytics 4, Ads for marketing attribution)
• Stripe (payment processing, if and when premium tiers are active)

These providers are contractually bound to confidentiality and to only use your data as necessary to deliver the services we request from them.

b. Law Enforcement and Safety

It may be necessary — by law, legal process, litigation, or requests from public and governmental authorities — for FluentFlash to disclose your personal information. Disclosure may also occur if necessary to enforce our Terms of Use or to protect the rights, property, or safety of FluentFlash, our users, or others.

c. Business Transfer

We may share your personal information if FluentFlash engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets, or any other steps in contemplation of such activities. We will notify you before your information becomes subject to a different privacy policy.

d. Third-Party Integrations

The Services may integrate with third-party providers (such as authentication services). These providers may have data practices different from ours. This Privacy Policy does not apply to their activities.

e. With Your Consent

We may disclose your personal information with your prior informed consent for specific purposes you authorize.

V. How We Protect Your Data

We are committed to protecting the security of information we collect. We implement reasonable and appropriate administrative, technical, and physical security controls, including:

• TLS/SSL encryption for all data in transit
• Encrypted database storage
• Industry-standard authentication practices (via Clerk)
• Rate limiting and abuse detection on API endpoints
• Principle of least privilege for access to user data

Despite our efforts, no security controls are 100% risk-free. FluentFlash does not warrant or guarantee that your personal information will be secure and free from unauthorized access.

VI. Data Retention

FluentFlash retains personal data as long as required to provide the Services you have requested or registered for, and to comply with applicable laws. Unless deleted earlier based on your request, your data will be deleted when we no longer need it.

You may delete your account at any time through your account settings. Upon deletion, your personal data and User Content will be removed from our active systems within 30 days, though some data may persist in backup systems for up to 90 days. Aggregated and anonymized data may be retained indefinitely for analytics purposes.

VII. AI Processing and Profiling

FluentFlash uses artificial intelligence to generate flashcards, explanations, and recommendations. Our FSRS spaced repetition algorithm makes automated scheduling decisions about which cards to show you and when. These decisions are intended to optimize your learning outcomes and do not produce legal effects or significantly impact you outside the educational context of the Services.

FluentFlash does not use automated decision-making in a way that produces legal effects concerning you or significantly affects you in ways that are not directly related to providing the Services you request.

VIII. Children's Privacy

FluentFlash does not knowingly collect or solicit information from anyone under the age of 13. Users aged 13-17 must have parent or guardian permission to use the Services. If we discover we have inadvertently collected information from a child under 13 without verified parental consent, we will delete that information promptly.

If you believe we might have any information from or about a child under 13, please contact us at [email protected].

IX. Your Rights

We make every effort to comply with applicable data protection laws, including the GDPR (European Union) and CCPA/CPRA (California). Your rights include:

1. Right to Access — Request a copy of your personal data
2. Right to Rectification — Request correction of inaccurate or incomplete data
3. Right to Erasure (“Right to be Forgotten”) — Request deletion of your data
4. Right to Restrict Processing — Request limitations on how we process your data
5. Right to Data Portability — Receive your data in a structured, machine-readable format
6. Right to Object — Object to processing based on legitimate interest or for direct marketing
7. Rights Related to Automated Decision-Making — Rights regarding FSRS-scheduling and other automated decisions
8. Right to Know — Request information about collected, sold, or shared data
9. Right to Opt-Out of Sale or Sharing — Direct us not to sell or share your information (note: FluentFlash does not sell personal data)
10. Right to Non-Discrimination — You will not be discriminated against for exercising these rights

To exercise these rights, email [email protected]. We will take reasonable steps to verify your identity before responding to protect your information from unauthorized requests.

X. Cross-Border Data Transfer

By accessing or using the Services, you understand that your information may be subject to processing, transfer, and storage in geographic locations outside your country of residence, including the United States. Where we transfer personal data from the UK or European Economic Area to a country not subject to an adequacy decision, we implement appropriate safeguards (such as Standard Contractual Clauses) to ensure an adequate level of protection.

XI. California Residents

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have specific rights regarding their personal information, including the rights listed in Section IX above.

Categories of Information Collected

We collect the following categories of personal information:

• Identifiers — Name, email, IP address, account identifiers
• Internet/Network Activity — Usage data, page views, study session data, device info
• Geolocation — Approximate location inferred from IP address
• User-provided Content — Flashcards, notes, PDFs uploaded, and other study content you create
• Inferences — Learning progress patterns, retention data, study preferences

Shine the Light

The California “Shine the Light” law gives California residents the right to request information about third parties with whom we share personal information for their direct marketing purposes. FluentFlash does not share your personal information with third parties for their own direct marketing purposes.

Do Not Track and Global Privacy Control

We do not currently respond to “Do Not Track” signals. However, we recognize and honor Global Privacy Control (GPC) signals as a valid request to opt out of the sale or sharing of personal information under the CCPA. Note that FluentFlash does not “sell” personal data as defined under CCPA, so opting out is generally not necessary.

XII. Changes to This Privacy Policy

FluentFlash reserves the right to change this Privacy Policy. We will provide notice of material changes through our Site and, where we have your email on file, by email at least 30 days prior to the change taking effect. Continued use of the Services after the effective date constitutes acceptance of the updated policy.

XIII. Contact Us

FluentFlash welcomes your comments, questions, and concerns regarding this Privacy Policy. Please contact us at:

• Privacy inquiries: [email protected]
• General inquiries: [email protected]