Privacy Policy

1. Introduction

This Privacy Policy sets out how Flashycards Limited (“Company,” “we,” “our,” or “us”) collects, uses, stores, shares, and protects your personal information when you access or use the Flashycards application and any associated services (collectively, the “Service”).

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy and consent to the practices described herein. This Privacy Policy is incorporated into and forms part of our Terms and Conditions of Service.

With respect to individuals located in the European Economic Area (“EEA”), the United Kingdom, and Switzerland, the Company is the “controller” of your personal data within the meaning of the General Data Protection Regulation (“GDPR”) and comparable laws.

2. Personal Information We Collect

The categories of personal information we collect depend on how you interact with the Service. We collect information in the following ways:

Information You Provide to Us

When you register for an account, we collect your name, email address, age, username, and password. If you register using a third-party sign-in service, we receive your name and email address from that service to create your account.

If you purchase a Subscription, our third-party payment processor collects your payment information, such as credit card number and billing address, on our behalf. We do not store your full payment details on our servers.

Information We Collect Automatically

When you use the Service, we automatically collect certain information, including: your IP address, device type and operating system, browser type and language preference, usage data (such as pages viewed, features used, flashcard sets studied, and study activity), approximate geographic location derived from your IP address, and the date and time of your interactions with the Service.

We use cookies and similar technologies to collect this information. For further details, please refer to Section 5 of this Privacy Policy.

Information From Third-Party Sources

If you choose to register or log in using a third-party sign-in service, we receive certain information from that service, such as your name and email address, as authorised by your settings with that provider. We do not receive your password from these services.

We may also receive information about you from other users of the Service. For example, if another user uses a referral or invitation feature to invite you to the Service, we may collect your name and email address as provided by that user.

To ensure a consistent experience, we may combine information collected from you across multiple devices, sessions, and interactions with your account.

3. How We Use Your Personal Information

We process the personal information we collect for the following purposes:

Provision and Maintenance of the Service

We use your account information to authenticate your identity, host your content, and enable you to use the features of the Service.

Improvement and Personalisation

We analyse usage data to understand how users interact with the Service, to develop new features, to resolve issues, and to optimise performance.

Payment Processing

We use your transaction information to process Subscription purchases and manage billing through our third-party payment processor.

Service Communications

We use your contact information to send you service-related communications, such as account verification, technical notices, security alerts, and support responses. Where you have provided your consent, we may also send you promotional communications, from which you may opt out at any time.

Push Notifications

Where you have opted in, we use push notification services to send you study reminders, updates, and other relevant messages. You may disable push notifications at any time through your device settings.

Security and Enforcement

We use your information to detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms and Conditions and Community Guidelines.

Legal Compliance

We process your information as necessary to comply with applicable laws, regulations, and legal processes.

4. Legal Bases for Processing (EEA, UK, and Switzerland)

Where applicable under the GDPR and comparable laws, we rely on the following legal bases to process your personal data:

Contract

Processing that is necessary for the performance of our agreement with you under the Terms and Conditions, including providing the Service and managing your account.

Consent

Processing to which you have expressly consented, such as receiving promotional communications or the use of non-essential cookies. You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to such withdrawal.

Legitimate Interests

Processing that is necessary for our legitimate business interests, such as improving the Service, conducting analytics, and ensuring security, provided that such interests are not overridden by your rights and freedoms.

Legal Obligation

Processing that is necessary for compliance with a legal obligation to which we are subject.

5. Cookies and Similar Technologies

We use cookies and similar technologies to collect information about your interactions with the Service. Cookies are small text files placed on your device that allow us to recognise your browser and capture certain information.

Essential Cookies

These cookies are strictly necessary for the operation of the Service, including authentication and security functions, and cannot be disabled.

Analytics Cookies

We use analytics services to collect information about how users interact with the Service. This information is used to analyse trends, track user activity, and improve the Service. Analytics cookies collect data in an aggregated and anonymised form where possible.

Advertising Cookies

We do not currently use advertising cookies. Should we do so in the future, this Privacy Policy shall be updated accordingly.

Managing Your Cookie Preferences

You may manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

Do Not Track and Global Privacy Control Signals

Certain browsers and devices may transmit “Do Not Track” (DNT) or Global Privacy Control (GPC) signals. We do not currently respond to DNT signals except as required by applicable law. Where we detect a legally recognised GPC signal, we shall treat it as a valid opt-out request to the extent required by applicable law, including the California Consumer Privacy Act.

6. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

With Your Consent

We may share your personal information with third parties where you have expressly consented to such sharing.

Publicly Shared Content

Where you choose to make your flashcard sets or profile information publicly visible, that content may be viewed by other users of the Service. You may control the visibility of your content through your account settings.

Third-Party Service Providers

We share information with third-party service providers who process data on our behalf. These providers are contractually obligated to use your information only as directed by us and in accordance with this Privacy Policy.

Legal Requirements

We may disclose your information where required to do so by law, or where we have a good-faith belief that such disclosure is necessary to comply with a legal obligation, protect our rights or the rights of others, investigate fraud, or respond to a governmental request.

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We shall notify you via email or prominent notice within the Service of any change in ownership or use of your personal information.

7. International Data Transfers

The Service is operated by a company registered in England and Wales. Your personal information may be transferred to and processed in countries outside the United Kingdom and the EEA, including the United States, where our servers and certain third-party service providers are located.

Where we transfer personal data outside the UK or EEA, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or the UK Information Commissioner’s Office, or other lawful transfer mechanisms.

8. Data Retention

We retain your personal information for as long as your account is active or as necessary to provide you with the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Upon deletion of your account, your personal information and User Content (as defined in the Terms and Conditions) shall be deleted in accordance with our standard data retention practices, subject to any legal obligation to retain certain information.

We may retain records of support communications, feedback submissions, and similar correspondence indefinitely in order to manage our support processes and maintain accurate business records.

We may retain and use non-personal information that has been de-identified, aggregated, or anonymised indefinitely for research, analysis, and other lawful business purposes. Such information is not subject to individual data subject rights as it does not constitute personal data.

9. Data Security

We implement reasonable technical and organisational measures designed to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include the use of encryption for data transmitted between your device and our servers, and access controls to limit who may access your data within our organisation.

Notwithstanding the foregoing, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your personal information. You are responsible for maintaining the confidentiality of your account credentials.

10. Children’s Privacy

The Service is not directed at children under the age of thirteen (13), or such higher minimum age as may be required by the laws of your jurisdiction. We do not knowingly collect personal information from children below the applicable minimum age without verifiable parental consent.

If we become aware that we have collected personal information from a child below the applicable minimum age without appropriate consent, we shall take steps to delete that information promptly. If you believe that a child has provided us with personal information without appropriate consent, please contact us at [email protected].

11. Your Rights

Depending on your location, you may have certain rights with respect to your personal information under applicable data protection law.

Rights Under UK GDPR and EU GDPR

If you are located in the United Kingdom, the EEA, or Switzerland, you have the right to: access the personal data we hold about you; rectify inaccurate or incomplete personal data; request erasure of your personal data; restrict the processing of your personal data; object to the processing of your personal data; request portability of your personal data; and withdraw your consent at any time where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority, including the UK Information Commissioner’s Office (ICO).

To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request.

Rights Under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the right to: request disclosure of the categories and specific pieces of personal information we have collected about you; request deletion of your personal information; and opt out of the sale of your personal information. To exercise your rights, please contact us at [email protected]. We shall not discriminate against you for exercising any of your privacy rights.

Rights Under Other Applicable Laws

If you are located in a jurisdiction that grants specific data protection rights under applicable local law, including but not limited to Japan and South Korea, you may have additional rights of access, correction, deletion, and suspension of processing. To exercise any such rights, please contact us at [email protected].

12. Your Choices

You may review, edit, or delete the personal information associated with your account at any time by accessing your account settings within the Service. You may delete your account in its entirety, which shall result in the deletion of your personal information and User Content in accordance with our data retention practices.

You may opt out of promotional communications at any time as described in Section 3 of this Privacy Policy. Notwithstanding the foregoing, we shall continue to send you service-related communications as necessary for the operation of the Service.

13. Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through the Service. We are not responsible for the privacy practices of any third party.

14. Changes to This Privacy Policy

We may amend this Privacy Policy from time to time to reflect changes in our practices or legal requirements. If we make material changes, we shall notify you by email or by posting a prominent notice within the Service prior to the changes becoming effective, together with an updated “Effective Date.” Your continued use of the Service after such changes constitutes your acceptance of the revised Privacy Policy.

15. Contact Us

Flashycards Limited is the data controller of your data for the purposes of the General Data Protection Regulation (“GDPR”) and any relevant local legislation. Flashycards’ registered office is located at:

For all data privacy inquiries and any questions or concerns you have about this Privacy Policy, please contact us at [email protected].

For all support inquiries, please contact us at [email protected].

If you are located in the United Kingdom, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.