Privacy Policy

1. Data Controller

The responsible entity for the processing of personal data is:

2. Personal Data We Collect

2.1 Social Login Information

When you create an account or sign in using third party authentication services the following data may be provided to us:

• Email address
• Name or display name
• Profile picture if available
• Provider specific identifier
• Authentication metadata such as creation date

We do not receive passwords from any social login provider.

Supported providers may include:

• Google
• Apple
• Meta or Facebook
• Twitter or X
• GitHub
• Microsoft
• Other providers added in the future

2.2 Technical and Usage Data

When you access our service we automatically collect:

• IP address
• Browser type and version
• Device information
• Time and date of access
• Pages visited and interactions
• Referring and exit URLs

This information is required to maintain the functionality, stability and security of the service.

2.3 User Generated Content

To provide our flashcard creation features we store:

• Set titles
• Set descriptions
• Questions
• Answers

This content is private and only visible to you unless you choose to share it in the future.

2.4 Cookies

We use essential cookies to maintain sessions and provide secure login. Optional analytics cookies may be used with your explicit consent.

3. How We Use Your Data

We process personal data only for the following purposes:

• To create and manage user accounts
• To authenticate users via third party providers
• To store and synchronise flashcard sets
• To enable PDF export of flashcards
• To operate improve and secure our service
• To fulfil legal obligations

We never sell personal data.

4. Legal Basis for Processing

Under the GDPR we rely on:

• Article 6 paragraph 1 letter b: performance of a contract
• Article 6 paragraph 1 letter f: legitimate interests in maintaining security functionality and quality
• Article 6 paragraph 1 letter a: your consent for optional analytics and non essential cookies

5. Data Storage and Hosting

We use trusted third party providers to host and deliver our service. These may include:

• Supabase for database storage authentication and file handling
• Netlify or Vercel for frontend hosting
• Cloudflare for performance optimisation caching and security
• Sentry for error tracking and application monitoring
• Email delivery services for account communication if required

Data may be stored in data centers located within the European Union or in other regions depending on the hosting configuration.

6. Sharing of Personal Data

We share personal data only when necessary to provide the service. Third parties may include:

• Social login providers such as Google Apple Meta Facebook Twitter X GitHub and Microsoft
• Hosting services such as Netlify Vercel or Cloudflare
• Supabase as our database and authentication platform
• Analytics services if consent is given
• Service providers required for technical operation or security

All partners are required to comply with GDPR or equivalent international standards. We do not permit third parties to use your data for their own marketing purposes.

7. International Data Transfers

If personal data is transferred outside the European Economic Area we ensure appropriate safeguards:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions
• Additional technical and organisational measures

8. Your Rights under the GDPR

You have the following rights:

• Right to access your data
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

To exercise your rights please contact us using the details above.

9. Security Measures

We apply appropriate technical and organisational measures to protect personal data including:

• Encryption in transit and at rest
• Access control mechanisms
• Continuous monitoring
• Regular security audits
• Best practices for account security

Although no online service can guarantee complete safety we continuously improve our processes.

10. Accounts Created through Third Party Providers

When you use a third party authentication provider:

• The provider remains responsible for the authentication process
• We only store basic profile information required to operate the service
• You may manage or revoke access permissions directly within the provider account
• Deleting your studycards.io account does not delete your provider account

11. Children's Privacy

The service is not intended for children under the age of sixteen. We do not knowingly collect personal data from users under this age. If we become aware of such processing we will delete the data.

12. Changes to this Policy

We may update this Privacy Policy periodically. The latest version is always available on this page. Significant changes will be announced through the website.

13. Contact

For questions or privacy related requests please contact: