Last updated: February 16, 2026
Account information: Email address and display name when you create an account. If you sign in with Google, we receive your name and email from Google OAuth.
Flashcard content: The flashcards, decks, and study data you create within the Service. This includes card text, images, categories, and review history.
Usage data: Study session activity, feature usage, and interaction events collected through PostHog analytics. This helps us improve the product.
Payment information: Payment processing is handled by Stripe. We do not store credit card numbers. Stripe may collect billing information as described in their privacy policy.
We use your information to: provide and improve the Service; personalize your learning experience using the FSRS v6 algorithm; send study reminders and notifications you have opted into; process payments for Pro subscriptions; communicate important updates about the Service.
When you generate flashcards using AI, your prompts are sent to third-party AI providers (OpenAI, Anthropic, Google, or Mistral, depending on your selection). These providers process your input to generate flashcard content. We do not share your study data, review history, or personal information with AI providers. Please review the privacy policies of these providers for details on how they handle data.
Your data is stored in Supabase (built on PostgreSQL) with row-level security policies. All data is encrypted in transit (TLS) and at rest. We implement industry-standard security measures to protect your information.
We do not sell your personal information. We share data only with: Stripe (payment processing); Resend (email delivery); PostHog (anonymized analytics); AI providers (only card generation prompts, at your request). Public decks are visible to all users by design.
We use cookies for authentication and session management. We use browser localStorage to store preferences (theme, onboarding state) and temporary session data. We do not use third-party advertising cookies.
You have the right to: access your personal data; correct inaccurate data; delete your account and all associated data (available in Settings); export your flashcard data; opt out of email notifications. For EU/EEA users: you have additional rights under GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.
We retain your data for as long as your account is active. When you delete your account, all personal data and flashcard content is permanently deleted within 30 days. Anonymized, aggregated analytics data may be retained.
The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us.
We may update this Privacy Policy from time to time. We will notify users of material changes via email or in-app notification. Continued use after changes constitutes acceptance.
For privacy-related questions or requests, contact us at privacy@forgetless.app.