Privacy
Policy
FlashCode is operated by Shamariah Ogu, based in Maryland, United States, who acts as the data controller for personal information processed through the service.
This policy describes how FlashCode collects, uses, stores, and shares personal information when you use our services. We limit collection to what is needed to operate the product, comply with law, and secure accounts. We do not sell your personal information as described below. Payment card data is handled by our payment processor (Stripe); we do not store full card numbers on our systems.
This document is provided for transparency and is not legal advice. For requests regarding your personal information, contact privacy@flashcode.tech.
Data we collect
We collect account identifiers, learning activity needed for the product, limited technical data for security and reliability, and aggregated analytics where configured.
| Data | Why | Stored? |
|---|---|---|
| Email address | Account login and transactional emails | yes |
| Flashcard progress | Spaced repetition algorithm | yes |
| Session activity | Product features such as streak tracking and internal analytics | yes |
| Device / browser | Debugging and fraud prevention | yes |
| IP address | Rate limiting and security | 90-day max |
| Payment details | Handled entirely by Stripe | never |
Purposes of processing
Personal information is processed to deliver and secure the service, communicate transactional notices, enforce limits, and understand aggregate usage to improve FlashCode.
- Power the spaced repetition algorithm with your progress data
- Send transactional emails (receipts, password resets, streak reminders)
- Detect abuse and enforce rate limits
- Aggregate anonymised usage data to improve the product
- Comply with applicable law, including U.S. state privacy laws (such as CCPA) and, where applicable, the EU General Data Protection Regulation (GDPR)
Restrictions on use
We do not sell or rent your personal information for cross-context behavioural advertising as described below. We do not use your flashcard or code content to train machine learning models for FlashCode or unrelated third-party AI training programmes described in our agreements with subprocessors where applicable.
- Sell or rent your personal data to third parties
- Use your code or flashcard content to train AI models
- Share your data with advertisers
- Send marketing emails without explicit opt-in
- Store your payment card details on our servers
- Profile you for targeted advertising
Payments
Payments are processed by Stripe. Payment instrument credentials are collected and stored by Stripe under its terms and security program; our systems receive limited identifiers needed for billing administration.
All payments are processed by Stripe, a PCI-DSS Level 1 certified payment processor. Payment details you enter are transmitted directly to Stripe and are not routed through our infrastructure for storage as full card numbers.
We may retain identifiers such as a Stripe customer reference and truncated card digits solely to display billing state and reconcile subscriptions within our application.
Data retention
We retain personal information while your account is active and for a limited period thereafter as needed for backups, legal compliance, and dispute resolution.
Your rights
Subject to applicable law, you may request access, portability, correction, deletion, and restriction or objection to certain processing.
- Request an export of your account data in a structured, commonly used format where technically feasible
- Correct inaccurate information in your account settings
- Delete your account and all associated data
- Opt out of any non-essential communications
- Object to processing based on legitimate interests where applicable law provides that right
Statutory privacy rights (including GDPR and U.S. state privacy laws where applicable) may grant additional remedies or timelines. To submit a request regarding your personal information, email privacy@flashcode.tech.
Cookies
We use first-party cookies required for authentication, security, and basic preferences. We do not deploy third-party advertising cookies or web pixels for behavioural ads as described in this section.
| Cookie | Purpose | Duration |
|---|---|---|
fc_session | Maintains authenticated sessions | 30 days |
fc_csrf | Security — prevents CSRF attacks | Session |
fc_prefs | UI preferences (theme, language) | 1 year |
We do not use third-party advertising cookies or ad pixels on FlashCode as described above. If we introduce optional analytics that could identify individuals across sites, we will update this policy and, where required, obtain consent.
Contact
For privacy enquiries, data protection requests, or questions about this policy, contact us using the details below. Please include sufficient information for us to verify and respond to your request in accordance with applicable law.
Data controller
Shamariah Ogu · Maryland, United States
Privacy questions & data requests
privacy@flashcode.tech