Legal

Privacy Policy

Last updated May 25, 2026

Overview

Deckr ("we," "us") respects your privacy. This policy explains what information we collect when you use our AI flashcard app, how we use it, and the choices you have. It applies to deckr.app and related services that link to this policy.

Information we collect

Account and authentication

When you sign in with Google, we receive identifiers needed to create and secure your account — typically your email address, name, and profile image. Authentication is handled through Supabase Auth.

Content you provide

We store decks, cards, uploaded sources (such as PDFs and pasted notes), study progress, and settings you save in the product so the service can function.

Usage and technical data

We collect basic usage information such as feature interactions, generation job status, error logs, and device or browser metadata needed to operate, secure, and improve Deckr.

Payment information

If you purchase a subscription or credit pack, Stripe processes payment details. We receive billing-related records from Stripe (such as customer ID, plan type, and payment status) but do not store full card numbers on our servers.

How we use information

We use collected information to:

  • Provide sign-in, deck storage, study features, and exports you request
  • Run AI-assisted card generation and related editing tools
  • Enforce plan limits, generation credits, and billing entitlements
  • Respond to support requests and protect against abuse or fraud
  • Improve reliability, performance, and product experience

AI processing

To generate and refine flashcards, portions of your uploaded or pasted study material may be sent to AI model providers we use for inference. We send only what is needed for the feature you trigger. Do not include sensitive personal data in uploads unless you accept that it may be processed for generation.

AI providers process data according to their own terms and policies. We configure services to support product functionality and do not use your content to train public models on your behalf unless we clearly tell you otherwise.

Service providers

We rely on trusted third parties to run Deckr, including:

  • Supabase — authentication, database, and file storage
  • Google — OAuth sign-in when you choose that option
  • Stripe — subscriptions, credit packs, and billing portal
  • AI inference providers — card generation and rewriting features

These providers process data on our behalf under agreements appropriate to their role. They may only use your information as directed by us for providing the service, subject to their own privacy commitments.

Storage and security

Data is stored in cloud infrastructure with access controls, encryption in transit, and industry-standard safeguards. No method of transmission or storage is completely secure; we work to protect your information but cannot guarantee absolute security.

Retention

We keep account and deck data while your account is active and as needed to provide the service, comply with law, resolve disputes, and enforce agreements. If you delete content or close your account, we delete or anonymize associated data within a reasonable period unless we must retain it for legal or operational reasons.

Your choices

You can update profile details in settings where available, manage subscriptions through Stripe's customer portal, and sign out at any time. You may request access, correction, export, or deletion of personal data as described under applicable privacy laws below. We may need to verify your identity before fulfilling certain requests.

Depending on where you live, you may have additional rights under local privacy laws (such as access, portability, or objection to certain processing). We will honor applicable requests within required timeframes.

Cookies and local storage

We use cookies and similar technologies for session management, authentication, and basic preferences. You can control cookies through your browser settings, but some features may not work without essential session cookies.

Children

Deckr is not directed at children under 13 (or the minimum age required in your region). We do not knowingly collect personal information from children. If we become aware that a child provided information, we will take appropriate steps to delete it.

International users

If you use Deckr from outside the United States, your information may be processed in the U.S. or other countries where our providers operate. Those locations may have different data protection rules than your home country.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version with an updated date and, when appropriate, notify you through the product or email. Continued use after changes take effect means you accept the updated policy.