Privacy Policy

Last updated: February 2026

At FlashModeLearn, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website at flashmodelearn.com and our mobile applications (collectively, the "Service").

Please read this Privacy Policy carefully. By using our Service, you acknowledge that you have read and understand this Privacy Policy. If you do not agree with this policy, please do not use our Service.

1. Data Controller

FlashModeLearn is operated by the following sole trader (autónomo), who acts as data controller responsible for your personal data under GDPR Art. 13(1)(a):

• Operator Name: Pending registration
• Tax ID (NIF/DNI): Pending registration
• Trade Name: FlashModeLearn
• Registered Address: Pending registration, Spain
• Privacy Contact: privacy@flashmodelearn.com
• General Support: support@flashmodelearn.com

The data controller is established in Spain. For data protection inquiries in the European Union, contact our privacy team at privacy@flashmodelearn.com. The competent supervisory authority for Spain is the Agencia Española de Protección de Datos (AEPD), accessible at www.aepd.es.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide when using our Service:

• Account Information: Email address, username, password (hashed), profile picture
• Profile Data: Native language, learning language, country of residence
• Payment Information: Billing address, payment method details (processed by Stripe)
• User Content: Images and audio files you upload for vocabulary extraction
• Learning Data: Vocabulary words, flashcard progress, learning statistics
• Communications: Messages you send to our support team

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Device Information: Device type, operating system, browser type, unique device identifiers
• Usage Data: Pages visited, features used, time spent, click patterns
• Log Data: IP address, access times, referring URLs, error logs
• Location Data: Country-level location based on IP address (not precise GPS)

2.3 Information from Third Parties

We may receive information from:

• Authentication Providers: If you sign in with Google, Apple, or other OAuth providers
• Payment Processors: Transaction status and payment confirmation from Stripe

3. Legal Basis for Processing (GDPR / LOPDGDD)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds. In Spain, processing is also governed by Ley Orgánica 3/2018 de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD).

4. How We Use Your Information

We use your personal data to:

• Provide, maintain, and improve our Service
• Process your vocabulary extraction requests using AI/ML systems
• Track your learning progress and provide personalized recommendations
• Process payments and manage subscriptions
• Send transactional communications (confirmations, updates, security alerts)
• Send marketing communications (with your consent)
• Respond to your inquiries and provide customer support
• Analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues and fraud
• Comply with legal obligations

5. Information Sharing and Disclosure

5.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our Service:

privacy.section5.noSell.title

privacy.section5.noSell.content

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests (e.g., court orders, subpoenas).

6. Data Retention

We retain your personal data for different periods depending on the type of data:

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): EU-approved contractual terms with our service providers
• Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
• Data Processing Agreements: Binding agreements with all processors

8. Your Privacy Rights

8.1 GDPR Rights (EU/EEA/UK Users)

Under GDPR, you have the following rights:

• Right of Access (Art. 15): Request a copy of your personal data
• Right to Rectification (Art. 16): Correct inaccurate personal data
• Right to Erasure (Art. 17): Request deletion of your personal data
• Right to Restriction (Art. 18): Restrict processing of your data
• Right to Data Portability (Art. 20): Receive your vocabulary data, learning history, and profile information in machine-readable format (JSON/CSV). To exercise this right, use the data export feature in your account settings or contact privacy@flashmodelearn.com.
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time

To exercise these rights, visit your account settings or contact us at privacy@flashmodelearn.com.

8.2 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to lodge a complaint with a supervisory authority in the EU member state of your residence, place of work, or where the alleged violation occurred. As a Spanish-established controller, the competent supervisory authority is the Agencia Española de Protección de Datos (AEPD), accessible at www.aepd.es.

8.3 CCPA Rights (California Residents)

Under the California Consumer Privacy Act (CCPA), California residents have additional rights:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale of personal information (Note: We do not sell personal data)
• Right to non-discrimination for exercising privacy rights
• Right to correct inaccurate personal information (CPRA)
• Right to limit use and disclosure of sensitive personal information (CPRA)

8.4 How to Exercise Your Rights

You can exercise your privacy rights through:

• Account Settings: Export data, delete account, manage consents
• Email: privacy@flashmodelearn.com

We will respond to requests within 30 days (or sooner as required by applicable law).

9. Children's Privacy

privacy.section9.age.title

privacy.section9.age.content

privacy.section9.coppa.title

privacy.section9.coppa.content

privacy.section9.parental.title

privacy.section9.parental.content

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

You can manage your cookie preferences at any time through our Cookie Settings.

11. AI and Automated Processing

11.1 How We Use AI

FlashModeLearn uses artificial intelligence and machine learning to provide our core services:

• Image Text Extraction: Advanced AI extracts text from uploaded images
• Audio Transcription: Speech-to-text processing converts speech to text
• Translation: Our advanced AI translation model provides vocabulary translations
• Spaced Repetition: Algorithms optimize your learning schedule

11.2 Consent for AI Processing

AI processing of your content requires explicit consent, which you provide through our Backend Processing Consent modal. You can manage these consents in your account settings at any time. If you withdraw consent, we will cease processing new content through AI systems. Vocabulary data already derived from previously processed content may be retained as part of your learning record for the periods set out in Section 6, in accordance with GDPR Art. 7(3), which provides that withdrawal does not affect the lawfulness of processing already carried out.

11.3 Human Oversight

AI-generated translations and extractions may contain errors. We encourage users to review and correct AI outputs. AI processing does not result in automated decisions that significantly affect you without human involvement.

11.4 EU AI Act Classification

Our AI systems are assessed individually under Regulation (EU) 2024/1689 (EU AI Act, in force August 2025): Image text extraction (OCR) — minimal risk; Audio transcription (Whisper) — minimal risk; Language translation (MADLAD-400) — minimal risk; Translation quality correction (AI-assisted) — minimal risk; Spaced repetition scheduling — rule-based algorithm (not an AI system under the AI Act). None of these systems fall under the Annex III high-risk education category, which applies only to systems that determine access to educational institutions or evaluate students. No emotion recognition or biometric categorisation is used at any point. We provide full transparency about AI use in this policy.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption in Transit: All data is transmitted via HTTPS/TLS
• Encryption at Rest: Sensitive data is encrypted in our database
• Access Controls: Role-based access with principle of least privilege
• Password Security: Passwords are stored using industry-standard one-way hashing algorithms
• Row-Level Security: Database policies ensure users can only access their own data
• Regular Audits: We conduct security reviews and updates
• Automatic Deletion: Uploaded files are automatically deleted after 7 days

12.1 Authorized Personnel Access

Authorized FlashModeLearn personnel may access uploaded content and processing results for operational purposes, including:

• Troubleshooting technical issues
• Quality assurance and service improvement
• Security monitoring and incident response
• Legal compliance when required

Access by authorized personnel is logged, restricted to necessary staff, and subject to strict confidentiality obligations. We minimize access to the extent necessary for operational purposes.

While we strive to protect your data, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@flashmodelearn.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last updated" date at the top of this page
• Sending an email notification for significant changes

For changes to processing operations based on contract performance or legitimate interests, your continued use of the Service after changes take effect constitutes acknowledgment of the updated policy. For any changes that affect processing based on your consent, we will seek your explicit fresh consent separately — continued use of the Service alone does not constitute new consent under GDPR Art. 7(3). If you do not wish to accept material changes, you may delete your account at any time.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy Team: privacy@flashmodelearn.com
• General Support: support@flashmodelearn.com
• Security Issues: security@flashmodelearn.com

We will respond to your inquiry within 30 days.