FlashMind
Sign InSign Up

FlashMind

Privacy Policy

Last updated: 28 April 2026

This is our plain-English summary of what data FlashMind collects, why, and what we do with it. We've tried to make it readable. If anything is unclear, email us at support@flashmind.appand we'll explain.

Who we are

FlashMind is a personal study app — flashcards with spaced repetition, AI-generated illustrations, and audio. It's operated by the FlashMind team. References to “we”, “us”, or “FlashMind” in this policy mean the same thing.

What we collect

Account information

When you sign up, we store the email address you used and, if you signed in via Google, your name and profile picture URL. That's it from auth. We never see or store your password because authentication runs through Supabase.

Your content

Decks, cards, hints, tags, uploaded images, and AI-generated images you create. This content stays private to your account — other users can't see it. You can export or delete any of it from inside the app.

Study activity

We store every card review (whether you marked it Again, Good, or Easy, and when), your daily goal, your streak count, and your settings. The spaced-repetition algorithm needs this data to schedule reviews; we also use it to show you stats.

Subscription & payment data

If you upgrade, we store a Stripe customer ID and subscription status. We never see or store your card number, CVV, or bank details — those go directly to Stripe. See Stripe's privacy policy for how they handle that.

Push notification tokens

If you enable daily study reminders, your browser gives us a push subscription token (an opaque endpoint URL). We use it only to send the reminder you asked for. Disabling reminders in the app removes the token immediately.

Technical data

Standard server logs (IP address, user agent, request paths) kept for up to 30 days for security and debugging. Errors are sent to Sentry — these reports include the URL you were on and a stack trace, but exclude form contents and personal data. We don't use advertising or analytics trackers.

Why we collect it

To do these things, in this order of importance:

  1. Run the product you signed up for (your decks, cards, study scheduling, AI features).
  2. Process your subscription if you have one.
  3. Keep the service secure and debug problems when they happen.
  4. Send you reminders, but only if you asked for them.
  5. Communicate with you about your account when necessary.

We don't sell your data, ever. We don't train AI models on your card content. We don't share it with advertisers.

Who we share data with

FlashMind uses a small set of well-known infrastructure providers to run the product. Your data is shared with them only to the extent the product needs:

  • Supabase — hosts our database, authentication, and uploaded image storage. Located in the EU.
  • Render — hosts the application servers.
  • Stripe — processes payments and subscriptions.
  • Anthropic (Claude) — processes the front and back of cards when you ask the app to generate text or interpret card content for AI illustration. Anthropic does not retain or train on this content per their API terms.
  • FAL — runs the AI image generation models we use for card illustrations.
  • Google Cloud Text-to-Speech— generates the native-speaker audio for cards with a configured language. Audio files are cached in our Supabase bucket so the same phrase isn't sent more than once.
  • Sentry — receives error reports from production crashes, with PII filtering enabled.

Each of these providers has their own privacy policy and security practices. We pick them carefully but we don't control what they do beyond what their terms say.

Cookies

We set one essential cookie group: the Supabase authentication cookies that keep you logged in. We don't set advertising cookies, analytics cookies, or third-party tracking pixels. Stripe and Sentry may set their own cookies on the parts of the site they touch (the checkout window, error reporting), per their respective policies.

How long we keep things

Your account data — decks, cards, reviews, settings — is kept as long as your account exists. Deleting your account from Account → Danger Zone permanently removes all of it within seven days. Server logs and error reports are kept for up to 30 days. Stripe holds billing records for as long as their regulations require.

Your rights

If you're in a jurisdiction with data-protection laws (UK GDPR, EU GDPR, California, etc.), you have the right to:

  • Access the data we hold about you.
  • Correct it if it's wrong.
  • Delete your account and everything tied to it.
  • Export your card content (Anki .apkg export is built into the app).
  • Object to specific processing.

To exercise any of these, email support@flashmind.app. We respond within 30 days, usually faster.

Children

FlashMind is intended for users aged 16 and over. If you believe a child has signed up, please email us and we'll delete the account.

International transfers

Some of our providers (Anthropic, FAL, Render) operate primarily from the United States, which means your data may be processed there. We rely on standard contractual clauses and each provider's own compliance certifications.

Changes to this policy

If we change anything material, we'll update the “last updated” date at the top and email registered users a plain-English summary of what changed. Minor wording fixes won't trigger an email.

Contact

Questions, complaints, or requests: support@flashmind.app.

See also: Terms of Service.