Privacy Policy for FlashOne.ai

Last Updated: April 29, 2025

Introduction

Welcome to FlashOne.ai, operated by FlashOne.ai LLC ("we," "our," "us"). We prioritize the protection of your personal information and respect your right to privacy. This Privacy Policy outlines our procedures regarding the collection, utilization, disclosure, and protection of your data when you interact with our flashcard application ("App") and associated services (collectively, the "Services").

Our Commitment: We do not sell your personal data, nor do we use it for advertising unrelated to our own Services.

This document aims to provide clear information about our data handling practices, aligning with relevant privacy laws and Apple's App Store guidelines. Your use of our Services signifies your understanding and acceptance of the practices described in this Privacy Policy. If you disagree with any part of this policy, please cease using our Services.

For inquiries about this Privacy Policy or our data practices, reach out to us at privacy@flashone.ai.

Information We Collect

To deliver and enhance our Services, we gather various types of information:

A. Information You Voluntarily Provide

Contact Details: We collect your email address upon account creation for essential functions like account management, security notifications, and service updates. With your consent, we may also send educational materials or news about features.
Identification Information: Your name might be used within your public profile (should you opt to share content publicly) and in our communications with you.
User-Generated Content: This encompasses any flashcards, study decks, notes, AI-generated images, or other materials you produce, save, or distribute via the App.
Direct Communications: When you contact us (e.g., via support channels), we receive the information you provide, such as your name, email, message contents, and any files attached.
Payment Details: For paid services (like subscriptions), our third-party payment processors (e.g., Stripe, Apple, Google) collect necessary payment information (e.g., credit card numbers). FlashOne.ai LLC does not directly store your complete payment card information.

B. Information Collected Automatically During Use

Usage and Log Information: Our servers automatically record technical and usage data when you use the App. This can include IP address, device specifications, operating system details, app version, how you interact with features (e.g., usage frequency, sharing actions), error reports (crash logs), timestamps, and general system activity.
Device Specifications: We gather data about the device used to access the App (e.g., hardware model, OS version, unique identifiers like IDFA if applicable and consented to, network information). This assists with compatibility, service optimization, support, and preventing misuse (like unauthorized account access).
Cookies and Similar Tracking Technologies: If our Services utilize web components or web views, we might employ cookies or comparable technologies for session management, functionality, and analytics. Management of these technologies is typically available through your browser or device settings.

How We Use Your Information

We utilize the collected information for several purposes, categorized according to App Store guidelines:

App Functionality

To operate, secure, and maintain the App and its features.
To establish and manage user accounts.
To facilitate data synchronization (User Content) across your devices using cloud services (e.g., Firebase).
To enable AI image generation based on user prompts, potentially using third-party AI tools.
For user authentication and prevention of fraudulent activities or abuse.
To address user inquiries and provide support.

Analytics

To gain insights into user engagement with the App (e.g., popular features, study habits).
To analyze usage trends and sharing activities, sometimes with assistance from third-party analytics tools like Appsflyer, aiming to enhance the App and user experience.
To diagnose and resolve technical problems, bugs, or application crashes.
To improve overall app performance, device compatibility, and service reliability.

Product Personalization

To tailor certain aspects of the user experience based on observed usage patterns and stated preferences.
To potentially provide customized content or recommendations (e.g., relevant study materials).

Developer's Advertising or Marketing (First-Party)

To inform users about app updates, new functionalities, usage tips, or related educational topics (e.g., effective study methods). Users can generally opt-out of non-critical messages.
To potentially deliver targeted messages within our own App to foster user engagement and retention.

Service Improvement & AI Model Enhancement

To analyze aggregated usage data and user feedback for improving current Services and conceptualizing new ones.
We might utilize anonymized or aggregated data derived from User Content and usage patterns to refine the AI models supporting features like image generation. This data processing is done in a way that does not identify individual users.

Reiteration: We do not employ your data for Third-Party Advertising, nor do we sell your personal information.

How We Share Your Information

We disclose your information only under specific conditions, outlined below:

Service Providers: We engage third-party companies to perform essential functions supporting our Services. These include cloud hosting (e.g., Google Cloud for Firebase), data storage, payment processing, analytics (e.g., Appsflyer), customer communication tools, and email services. These providers operate under contractual agreements obligating them to protect data confidentiality and use it solely for the tasks we assign.
AI Feature Partners: To offer AI capabilities (like image generation), we might transmit relevant input data (e.g., text prompts) to external AI service providers (e.g., OpenAI, Google Gemini). We strive to partner with providers whose policies indicate data is not used for training their general models unless explicitly consented or anonymized, and is typically retained only briefly (e.g., 30 days). We advise reviewing the privacy policies of these providers directly.
User-Controlled Sharing: You determine the visibility of your User Content:
- Flashcard Decks: Options generally include private (default), public sharing within the App community, or sharing via restricted links.
- AI-Generated Images: These might default to community visibility but often include an option for setting them to private.
Exercise caution when sharing content publicly or via links, as it can be accessed and potentially misused by others. We are not liable for how others handle content you choose to share.
Analytics Collaborators: Services like Appsflyer assist us in understanding app usage metrics, sharing dynamics, and user acquisition channels. They collect device and usage data governed by their own privacy statements. Our use is confined to internal analytics and service improvement, not for tracking users across external apps/websites for third-party advertising.
Legal Obligations and Rights Protection: We may access, retain, or disclose your information if we genuinely believe it is required to: (a) comply with laws, regulations, legal proceedings (like subpoenas), or government mandates; (b) enforce our Terms of Service and related agreements, including investigating potential breaches; (c) identify, prevent, or address fraud, security vulnerabilities, or technical problems; or (d) safeguard the rights, property, or safety of FlashOne.ai LLC, our users, or the public, as legally required or permitted.
Corporate Transactions: In the event of a merger, acquisition, financing deal, reorganization, bankruptcy, asset sale, or service transition involving FlashOne.ai LLC, your information might be transferred as part of the transaction. We will provide notice (via email or in-app notification) regarding any change in ownership or significant changes in the use of your personal information, along with choices you may have.
Explicit Consent: We may share your information for purposes beyond those listed here if we obtain your clear and affirmative consent beforehand.

Data Storage, Security, and Retention

Data Storage and Access

User Content is typically saved locally on your device for offline use and synchronized with our secure cloud infrastructure (e.g., Firebase) to facilitate backup and access across multiple devices. This synchronization is integral to the Service's functionality.

Data Security Measures

We employ commercially reasonable technical and organizational safeguards intended to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These efforts include:

Utilizing encryption (HTTPS/TLS) for data transmitted over networks.
Leveraging secure cloud platforms with appropriate access controls (e.g., Firebase security rules).
Implementing robust user authentication procedures.
Periodically reviewing and updating our security protocols.
Limiting internal access to personal data based on job function (need-to-know basis).

Despite these measures, no internet transmission or electronic storage system can be guaranteed 100% secure. While we dedicate significant effort to protecting your data, we cannot ensure absolute security.

Data Retention Period

We keep your personal information only as long as needed to achieve the purposes stated in this Privacy Policy. This includes providing the Services, meeting legal or regulatory obligations, resolving potential disputes, and enforcing our agreements. Factors determining retention duration include:

The length of time your account remains active and you use our Services.
Whether the data is essential for delivering the requested Services.
Mandatory retention periods stipulated by law (e.g., for tax or accounting records).
The necessity of data for dispute resolution or agreement enforcement.

When an account deletion is requested, we typically begin the process swiftly. Data might persist in backup systems for a limited duration (e.g., up to 60 days) to handle accidental deletions, after which it's permanently erased or fully anonymized, unless legal requirements mandate longer retention.

Your Rights and Choices

You possess certain rights and options concerning your personal information:

Accessing and Correcting Information: Most account details can usually be viewed and modified directly within the App's settings. For assistance with other data access or correction requests, please contact us.
Requesting Data Deletion: You have the right to ask for the deletion of your account and associated personal data. You can initiate this via:
1. An in-app deletion tool (if implemented).
2. Our online account deletion request form.
3. Emailing privacy@flashone.ai with "Data Deletion Request" in the subject line, providing your account email address.
We will confirm your identity and proceed with the request, usually within 30 days, subject to any legal retention necessities.
Managing Communications: You can opt-out of non-essential promotional emails using the "unsubscribe" link within them or via app notification settings if available. Essential service announcements (e.g., security alerts, major policy changes) will still be sent.
Understanding Tracking Technologies: In line with Apple's definition, "tracking" involves linking user/device data from our app with data from other companies' properties for targeted ads or ad measurement. Our use of identifiers and analytics (like Appsflyer) serves internal purposes like app functionality, security, analytics, and fraud prevention within FlashOne.ai, not for cross-company ad tracking. Your device OS may offer controls over advertising identifiers.
Do Not Track Signals: Currently, no universally accepted standard exists for responding to browser "Do Not Track" (DNT) signals. Consequently, our Services do not alter their practices when receiving a DNT signal.

Legal Bases for Processing (EEA/UK Users)

For individuals in the European Economic Area (EEA) or the United Kingdom (UK), our processing of your personal data relies on the following legal justifications:

Performance of Contract: Processing necessary to deliver the Services you requested under our Terms of Service (e.g., account setup, data sync).
Legitimate Interests: Processing for purposes such as service improvement, analytics, security, fraud detection, and user communication, provided these interests do not unduly infringe upon your data protection rights.
Consent: Where legally mandated or for specific optional features (e.g., marketing emails), we rely on your freely given consent, which you may withdraw at any time.
Legal Obligation: Processing necessary to comply with our legal duties under applicable laws.

Your European Privacy Rights (EEA/UK Users)

Beyond the general rights listed above, individuals in the EEA or UK are entitled to:

Request access to and obtain a copy of their personal data.
Ask for correction of inaccurate or incomplete personal data.
Request deletion ('right to be forgotten') of their personal data under specific circumstances.
Seek restriction of the processing of their personal data under certain conditions.
Object to processing based on legitimate interests under specific circumstances.
Exercise data portability (receiving data in a usable format to transfer elsewhere) under certain conditions.
File a complaint with their local data protection supervisory authority.
Withdraw previously given consent at any time, without affecting the lawfulness of prior processing.

To exercise these rights, contact us at privacy@flashone.ai. Identity verification may be required.

California Privacy Rights

Residents of California possess specific rights under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA):

Right to Know/Access: You can request details about the categories and specific pieces of personal information collected, collection sources, collection purposes, and the types of third parties data is shared with.
Right to Delete: You can request deletion of your personal information, subject to legal exceptions.
Right to Correct: You can request correction of inaccuracies in your personal information.
Right to Opt-Out of Sale/Sharing: FlashOne.ai LLC does not "sell" personal information as commonly understood, nor do we "share" it for cross-context behavioral advertising. Thus, we do not provide an opt-out mechanism for these activities.
Right to Limit Use of Sensitive Information: We use sensitive data (like login credentials) only as needed to provide the service or as legally permitted, not for deriving characteristics about you.
Non-Discrimination: Exercising your CCPA/CPRA rights will not result in discriminatory treatment from us.

To exercise your Right to Know, Delete, or Correct, please use the methods outlined in the "Requesting Data Deletion" section above. Identity verification will be necessary.

Shine the Light Law: California Civil Code Section 1798.83 allows California residents to request information about disclosures of personal information to third parties for their direct marketing purposes. FlashOne.ai LLC does not disclose personal information to third parties for their direct marketing purposes.

Minors Under 18: California residents under 18 who are registered users can request removal of content they publicly posted. Contact privacy@flashone.ai with your account details and confirmation of California residency. Note that complete removal from all systems (e.g., backups) may not be possible.

Children's Privacy

Our Services are not designed for or targeted at children under 13 (or a higher age if mandated locally). We do not knowingly gather personal data from individuals below this age threshold. Should we become aware of having collected such information inadvertently, we will take steps to delete it promptly. Parents or guardians who believe their child has provided us with information without consent should contact privacy@flashone.ai.

International Data Transfers

Our operations are based primarily in the United States. Using our Services from outside the U.S. means your information will be transferred to, stored in, and processed within the U.S. and potentially other countries where our service providers operate. Data protection laws in these locations may differ from your home country's laws. Your use of the Services constitutes consent to these data transfers. We implement appropriate safeguards, such as Standard Contractual Clauses where required, to ensure international transfers comply with applicable data protection laws.

Third-Party Websites and Services

The App may contain links to external websites or services not operated by FlashOne.ai LLC (e.g., links in user-created content). We are not accountable for the privacy practices or content of these third parties. This Privacy Policy does not extend to them. We recommend reviewing the privacy policies of any external services you interact with.

User Responsibilities & Disclaimer

As a user, you are accountable for:

Ensuring the content you create and share respects intellectual property rights and adheres to applicable laws.
Safeguarding your account login information.
Utilizing the platform in a lawful and ethical manner.

FlashOne.ai LLC is not liable for user copyright violations, platform misuse, or the specific content shared by users.

Changes to This Privacy Policy

We may modify this Privacy Policy periodically to reflect updates in our practices, technology, legal landscape, or other business reasons. Changes will be posted on this page with an updated "Last Updated" date. For significant changes, we will endeavor to provide more direct notice (e.g., via email or an in-app alert) before they become effective. We advise reviewing this policy regularly.

Contact Us

For questions or concerns regarding this Privacy Policy:

Email: privacy@flashone.ai
Legal Inquiries: legal@flashone.ai
Website Contact Form: http://flashone.ai/contact

Compliance with App Store Requirements

This privacy policy is crafted to align with Apple's App Store Review Guidelines concerning user privacy. We strive for transparency regarding our data procedures—detailing data types collected, usage purposes, sharing practices, retention policies, and user rights—to support the information presented on our App Store privacy label.