Legal

Privacy Policy

How we collect, use, and protect your personal data — written in plain English.

Effective date: 13 May 2026 Last updated: 13 May 2026 Version: 1.0

Contents

  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. Legal Basis for Processing
  5. Third-Party Services
  6. Data Retention
  7. Children's Privacy
  8. Your Rights
  9. International Transfers
  10. Security
  11. Cookies
  12. Changes to This Policy
  13. Contact Us

Summary: We collect only what we need to run FlashDeck. We do not sell your data. We do not use your data for advertising. Students' data is used solely to provide the revision service.

1. Who We Are

FlashDeck.AI ("FlashDeck", "we", "us", "our") is an AI-powered revision platform that generates exam-ready flashcards for students studying GCSE, IGCSE, and A Level qualifications worldwide. The platform is operated by FlashDeck.AI, developed in association with Cutlass Group.

For the purposes of UK and EU data protection law, FlashDeck.AI is the data controller responsible for your personal data.

Contact: hello@flashdeck.ai | www.flashdeck.ai

2. Data We Collect

We collect the following categories of personal data:

Account Data

Usage Data

Technical Data

Payment Data (Premium subscribers only)

School / Institutional Data (School accounts only)

3. How We Use Your Data

PurposeData UsedLegal Basis
Creating and managing your accountName, email, passwordContract
Generating AI flashcardsTopic, subject, exam board, levelContract
Personalising spaced repetition schedulesStudy session ratings and historyContract
Processing subscription paymentsBilling name, email (via Stripe)Contract
Sending account and service emailsEmail addressContract
Improving the platform and AI qualityAnonymised usage patternsLegitimate interests
Preventing fraud and abuseIP address, login dataLegitimate interests
Complying with legal obligationsAs required by lawLegal obligation

We do not use your data for targeted advertising, profiling for commercial purposes, or sale to third parties.

5. Third-Party Services

We use the following third-party services to operate FlashDeck. Each is bound by its own privacy policy and data processing terms:

ServicePurposeData SharedLocation
SupabaseDatabase and authenticationAccount data, usage dataEU (AWS)
Anthropic (Claude)AI flashcard generationTopic and subject prompts only — no personal dataUSA
StripePayment processingBilling name and emailUSA / EU
VercelWebsite hosting and deploymentTechnical/log dataUSA / EU

We do not share your personal data with any other third parties without your explicit consent, except where required by law.

6. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide the service. Specifically:

7. Children's Privacy

FlashDeck is designed for students aged 13 and above. We do not knowingly collect personal data from children under the age of 13 without verifiable parental consent.

For students aged 13–17, we recommend that parents or guardians review this Privacy Policy. If a school is deploying FlashDeck to students under 16, the school acts as the data controller for those students and is responsible for obtaining appropriate consents under applicable law.

If you believe a child under 13 has provided us with personal data without appropriate consent, please contact us at hello@flashdeck.ai and we will delete that data promptly.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

RightWhat It Means
AccessRequest a copy of the personal data we hold about you.
RectificationRequest correction of inaccurate or incomplete data.
ErasureRequest deletion of your personal data ("right to be forgotten").
RestrictionRequest that we restrict processing of your data in certain circumstances.
PortabilityRequest your data in a structured, machine-readable format.
ObjectionObject to processing based on legitimate interests.
Withdraw consentWithdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at hello@flashdeck.ai. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. International Data Transfers

Some of our third-party service providers are located outside the UK and European Economic Area (EEA), including in the United States. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

10. Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures, including:

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by UK GDPR.

11. Cookies

FlashDeck uses a small number of cookies to operate the service:

CookiePurposeDuration
Session cookieKeeps you logged in during your sessionSession (deleted when browser closes)
Authentication tokenRemembers your login if "Keep me logged in" is selected30 days
Preference cookieRemembers your exam board and subject preferences1 year

We do not use advertising cookies or third-party tracking cookies. You can control cookies through your browser settings, though disabling essential cookies may affect the functionality of the service.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email (if you have an account) and update the "Last updated" date at the top of this page. Your continued use of FlashDeck after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a concern about how we handle your personal data, please contact us:

If you are not satisfied with our response, you have the right to complain to the UK Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint

Questions about your data?

We're committed to transparency. If anything in this policy is unclear, please get in touch.

hello@flashdeck.ai