Privacy Policy

1. General Information

AnkiFlow ("we", "our", "platform") is committed to protecting user privacy. This privacy policy explains how we collect, use, and protect your personal information.

2. Data We Collect

2.1. Account Information

• Email address
• Name (optional)
• Profile picture (for OAuth login)
• Login time and date

2.2. Usage Data

• Your created decks and cards
• Study statistics (review logs)
• Settings and preferences
• Web Vitals (performance metrics)
• System logs (for debugging)

2.3. Technical Information

• IP address (for rate limiting)
• Browser type and version
• Device type (desktop/mobile)
• Operating system

3. How We Use Your Data

We use your data for the following purposes:

• Service delivery: Create, store, and sync flashcards
• Authentication: Secure access to your account
• Statistics: Display learning progress and achievements
• Debugging: Identify and fix technical issues
• Improvement: Enhance platform features

4. Data Storage

All data is stored in Supabase (PostgreSQL) cloud database:

• Server location: AWS (Frankfurt, Germany)
• Encryption: TLS/SSL (in-transit), AES-256 (at-rest)
• Backup: Automatic daily backups
• Row Level Security (RLS): Each user can only access their own data

5. Data Sharing

We never sell or rent your personal information to third parties.

Data may be shared in the following cases:

• OAuth providers: Google, GitHub (if you choose)
• Hosting: Vercel (frontend), Supabase (backend)
• Legal requirements: Court orders or legal obligations

6. Your Rights

Under GDPR and other privacy laws, you have the following rights:

• Access: View your personal data
• Correction: Fix incorrect information
• Deletion: Delete your account and all data
• Export: Download your data in JSON format
• Restriction: Limit data processing

To exercise these rights: Settings → Account → Export Data or Delete Account

7. Cookies and LocalStorage

We use the following cookies and local storage:

• Authentication: Supabase session cookies (required)
• Preferences: Theme, language, settings (localStorage)
• Offline cache: Decks and cards (IndexedDB)
• Analytics: Vercel Analytics (anonymous)

8. Children's Privacy

Our service is intended for users aged 13 and above. If you are under 13, please obtain permission from your parent or guardian.

9. Security

We implement the following measures to protect your data:

• HTTPS encryption (all traffic)
• Database encryption (AES-256)
• Row Level Security (access only your own data)
• Rate limiting (brute-force protection)
• Input validation (Zod)
• Regular security updates

10. Changes

We may update this privacy policy from time to time. For significant changes, we will notify you via email.

11. Contact

For privacy-related questions or concerns:

• Email: privacy@ankiflow.com
• GitHub: github.com/sodops/anki-formatter