Privacy policy

We collect the minimum data needed to run FlazhAI for you. We don't sell it, we don't train public AI models on your content, and we don't share it except with the named service providers below. You can export or delete your data anytime from your profile. This policy explains what we collect, why, and what your rights are.

Account data: your email, display name, and (if you sign in with Google) basic profile info from Google. Content data: the YouTube URLs you paste, the transcripts we extract from those videos (stored alongside the deck), documents you upload, audio files you attach to cards, and the flashcards/notes/summaries you create or generate. Public-deck data: when you mark a deck Public or Anyone-with-link, the deck title, summary, and card text become readable by other users at /d/{slug}; personal data (study progress, struggle counts, notes, audio) does NOT leave your account on fork. Usage data: which features you use, how often, error logs, and basic device information (browser, OS, locale) so we can debug and improve. Payment data: handled entirely by Lemon Squeezy — we never see or store your full card number.

We use your data to run the service (store your decks, schedule reviews via SM-2, render the UI in your language), to generate AI features you trigger (Chat, Deepen, Rephrase, Reinforce, summaries) by sending the relevant content to our AI provider, to keep the product reliable (error monitoring, abuse prevention, quota enforcement), and to communicate with you about your account, billing, and important product changes. We don't use your content to train AI models — neither ours nor anyone else's.

FlazhAI uses a small set of subprocessors. Supabase (USA / EU): authentication, primary database, file storage. Lemon Squeezy (USA): payment processing and subscription billing as merchant of record. Google Gemini (USA): generates flashcards, summaries, and AI-panel responses from the content you submit; per Google's API terms, your inputs are not used to train Google's models. YouTube (USA): we fetch publicly available transcripts when you paste a video URL. Vercel (USA): hosts the application. We share data with these providers only to the extent needed to run the service.

Account and content data are kept for as long as your account is active. When you delete your account, we erase your decks, cards, notes, and personal profile data within 30 days, except where we're legally required to keep records (e.g., tax records for paid invoices, kept up to 7 years). Anonymous, aggregated analytics may be retained indefinitely.

Depending on where you live (EU/UK/EEA under GDPR, California under CCPA, Indonesia under UU PDP, and similar laws elsewhere), you have rights to access, correct, export, or delete your personal data, to object to certain processing, and to lodge a complaint with your local data-protection authority. You can exercise most of these directly from your profile page (export, delete account) or by emailing privacy@flazh.ai. We respond within 30 days.

We use TLS in transit, encryption at rest for credentials, role-scoped access on the backend, and audit logs on sensitive actions. No system is perfect — if a breach affects you, we'll notify you and the relevant authorities within the timeframes the law requires. Please report security issues to security@flazh.ai before disclosing them publicly.

FlazhAI is not directed at children under 13 (or the minimum digital-consent age in your country, if higher). We don't knowingly collect data from children below that age. If you believe a child has created an account, email privacy@flazh.ai and we'll delete it.

Our subprocessors operate primarily in the United States and the European Union. If you use FlazhAI from outside those regions, your data will be transferred to and processed in those regions under standard contractual clauses or equivalent safeguards. By using FlazhAI, you consent to that transfer.

When we make material changes, we'll update the "Last updated" date and notify active users in-app or by email at least 14 days before they take effect. Older versions are available on request.

For privacy questions or to exercise your rights, email privacy@flazh.ai. For everything else, hello@flazh.ai works.