Privacy Policy
Last Updated: March 9, 2026
This Privacy Policy describes how Flash Card Alarm ("we," "us," or "our") collects, uses, and shares information when you use our mobile application ("App"). By using the App, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Google Sign-In: Email address, display name, and profile photo URL.
- Sign in with Apple (iOS): Email address and full name (provided on first sign-in only; Apple may provide a relay email address if you choose to hide your email).
Your authentication data is managed by Firebase Authentication, a Google service.
1.2 User-Created Content
When you use the App, the following data is created and stored:
- Vocabulary Data: Word groups, individual words, definitions, example sentences, and study progress (mastery level, next review date).
- Alarms: Alarm times, repeat schedules, labels, and sound preferences.
- Quiz Results: Answers, correctness, solve times, hints used, and timestamps.
- Confusion Pairs: Pairs of words you frequently confuse, along with optional notes.
- Feedback: Messages you submit through the feedback feature, along with the app version.
1.3 Usage & Performance Data
- Quiz Statistics: Total quizzes solved, correct answers, average solve time, daily streaks, and per-word performance metrics.
- Subscription Status: Whether you are a free or premium user, and subscription expiration dates.
- AI Scan Usage: Number of daily AI scans used.
1.4 Photos and Images
When you use the AI Smart Scan feature, you may provide images from your camera or photo library. These images are:
- Sent to Google's Gemini AI service for text and vocabulary extraction.
- Not stored on our servers. Images are processed in real time and discarded after vocabulary extraction is complete.
1.5 Crash and Error Data
We use Firebase Crashlytics to collect crash reports, error logs, and diagnostic data. This may include your Firebase user ID, device model, operating system version, and stack traces. This data is used solely to identify and fix bugs.
1.6 Device Information
We collect basic device information through the following:
- Package Info: App version and build number (displayed in Settings and included in feedback submissions).
- Network Status: We detect whether your device is online to manage data synchronization.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve the App's features (alarms, quizzes, vocabulary management, spaced repetition).
- Process and manage your account.
- Enable AI-powered vocabulary extraction from images.
- Track your study progress and provide statistics.
- Process subscriptions and in-app purchases.
- Display advertisements (for free-tier users).
- Diagnose and fix crashes and errors.
- Respond to your feedback and support requests.
3. Third-Party Services
We use the following third-party services, each with their own privacy policies:
| Service | Provider | Purpose | Privacy Policy |
|---|---|---|---|
| Firebase Authentication | User login and identity | Google Privacy Policy | |
| Cloud Firestore | Data storage | Google Privacy Policy | |
| Firebase AI (Gemini) | AI image analysis and text generation | Google Privacy Policy | |
| Firebase Crashlytics | Crash reporting | Google Privacy Policy | |
| Google Mobile Ads (AdMob) | Advertising | Google Ads Privacy | |
| RevenueCat | RevenueCat Inc. | Subscription management | RevenueCat Privacy Policy |
| Google Sign-In | OAuth authentication | Google Privacy Policy | |
| Sign in with Apple | Apple | OAuth authentication (iOS) | Apple Privacy Policy |
3.1 Advertising
For free-tier users, we display advertisements through Google AdMob. AdMob may collect and use device identifiers (such as Advertising ID), IP address, and usage data for ad serving, personalization, and measurement. You can manage your ad preferences through your device settings.
3.2 App Tracking Transparency (iOS)
On iOS 14.5 and later, the App requests your permission through Apple's App Tracking Transparency (ATT) framework before accessing your device's Identifier for Advertisers (IDFA). The IDFA is used by Google AdMob to deliver personalized advertisements and measure ad performance.
- If you allow tracking, AdMob may use your IDFA to serve personalized ads and measure ad effectiveness across apps and websites.
- If you deny tracking, AdMob will serve non-personalized (contextual) ads only, and your IDFA will not be shared with advertising partners.
You can change your tracking preference at any time in your device's Settings → Privacy & Security → Tracking.
3.3 Subscriptions
Subscription purchases are processed through the Apple App Store or Google Play Store. RevenueCat manages subscription status by linking your Firebase user ID with your store purchase data. We do not directly collect or store your payment information (credit card numbers, etc.).
3.4 Home Screen Widgets
The App offers optional home screen widgets that display your next alarm time and today's review count. Widget data (alarm times and review statistics) is shared between the main App and the widget extension through an App Group container stored locally on your device. This data is not transmitted to any external server.
4. Data Storage and Security
- All user data is stored in Google Cloud Firestore, which uses encryption at rest and in transit.
- Access to your data is restricted by Firestore Security Rules: only you (authenticated with your unique user ID) can read or write your own data.
- We implement industry-standard security measures but cannot guarantee absolute security.
5. Data Retention and Deletion
We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy. Specific retention periods are as follows:
| Data Category | Retention Period |
|---|---|
| Account information (email, name) | Until account deletion |
| Vocabulary data, alarms, quiz results | Until account deletion |
| Subscription status | Until account deletion or subscription expiration |
| Crash and error logs (Crashlytics) | 90 days (managed by Firebase Crashlytics) |
| AI Smart Scan images | Not retained; discarded immediately after processing |
| Feedback submissions | Retained indefinitely for product improvement, unless you request deletion |
- Account deletion: When you delete your account through the App, your account is soft-deleted (marked with a deletion timestamp). Your Firestore data may be retained for up to 30 days before permanent deletion for recovery purposes.
To request complete data deletion, please contact us at the email address provided in Section 11.
6. Data Sharing and Sale
We do not sell your personal information to third parties. We do not share your personal information for cross-context behavioral advertising. We only share data with the third-party service providers listed in Section 3, solely for the purposes of operating and improving the App.
7. International Data Transfers
Your data may be transferred to and processed in countries other than your own, including the United States, where Google and other service providers operate data centers. By using the App, you consent to such transfers. We rely on the data protection measures provided by our third-party service providers (including Standard Contractual Clauses for transfers from the EEA).
8. Children's Privacy
The App is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate personal data.
- Delete your personal data (through account deletion or by contacting us).
- Export your data.
- Opt out of personalized advertising through your device settings.
- Opt out of the sale or sharing of your personal information (see Section 9.1 below).
To exercise any of these rights, please contact us using the information below.
9.1 California Residents — CCPA/CPRA Rights
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information:
- Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collecting the information, and the categories of third parties with whom we share it.
- Right to Delete: You have the right to request that we delete any personal information we have collected from you, subject to certain exceptions.
- Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
- Right to Opt Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising as defined under the CCPA/CPRA.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
Global Privacy Control (GPC): We recognize and honor Global Privacy Control (GPC) signals sent by your browser or device. When we detect a GPC signal, we treat it as a valid opt-out request for the sale or sharing of your personal information under the CCPA/CPRA. No further action is required on your part.
To submit a request, please contact us at the email address provided in Section 11. We will verify your identity before processing your request and respond within 45 days.
9.2 European Economic Area (EEA) Residents — GDPR Rights
If you are located in the EEA, the General Data Protection Regulation (GDPR) provides you with additional rights. The legal bases for our processing of your personal data are:
- Contract Performance: Processing necessary to provide you with the App's services (account management, data storage, alarm and quiz functionality).
- Consent: Processing based on your explicit consent (e.g., AI image analysis, personalized advertising via ATT opt-in).
- Legitimate Interest: Processing necessary for our legitimate interests (e.g., crash reporting, app improvement, fraud prevention), balanced against your rights.
In addition to the rights listed above, EEA residents may also:
- Restrict Processing: Request that we limit how we process your data.
- Data Portability: Request your data in a structured, machine-readable format.
- Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
- Lodge a Complaint: File a complaint with your local data protection authority if you believe your rights have been violated.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy within the App and updating the "Last Updated" date at the top. You are advised to review this Privacy Policy periodically.
11. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: jaykaysm@gmail.com