MemicornJoin waitlist
Back to Memicorn

Privacy Policy

How Memicorn collects, uses, protects, and deletes personal data for the iOS app, web services, and API.

Effective
January 17, 2025
Updated
January 17, 2025
Version
2.0

Memicorn ("we," "our," "us," or the "Service") is a language learning application that helps users create, manage, and practice vocabulary through flashcards and AI-powered features. We are committed to protecting your privacy and explaining how we collect, use, and protect personal information.

This Privacy Policy applies to the Memicorn iOS application, web services, and API (collectively, the "Service"). By using Memicorn, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Information you provide directly

  • Account Information: Email address, full name, display name, and optional birth date.
  • Authentication Data: Hashed password for email registration and OAuth tokens for Google or Apple Sign-In.
  • Profile Information: Optional avatar image and language preferences, including primary and learning languages.
  • User-Generated Content: Vocabulary and learning material you create or import.
    • Flashcard categories, including names, descriptions, language settings, and public/private status.
    • Flashcards, including questions and answers.
    • Review data and learning progress, including scores, review dates, and spaced repetition data.
    • Imported content from CSV, text files, or other supported formats.
  • Communication Preferences: Email notification settings and push notification tokens.

Information collected automatically

  • Usage Data: How the Service is used.
    • App interaction events and feature usage.
    • Session duration and frequency.
    • Learning statistics and progress metrics.
    • API request logs, including method, endpoint, and response time.
  • Device Information: Technical data needed for operation, support, security, and compliance.
    • Device type and model.
    • Operating system and app version.
    • Device identifiers used for push notifications only.
    • IP address, User-Agent string, and time zone settings.
  • Authentication Logs: Login timestamps, authentication methods used, and last login date.

Information from third-party services

  • OAuth Providers: When you sign in with Google or Apple, we receive your email address, name, and unique identifier from those services.
  • Firebase Analytics: Anonymous usage analytics, app events, crash reports, and performance metrics where enabled.

2. How We Use Your Information

We use collected information for the following purposes:

  • Service provision and improvement: Create and maintain your account; store, sync, and display flashcards; track learning progress; implement spaced repetition; enable public category sharing; provide support; and improve the Service.
  • AI-powered features: Generate language learning content, quiz options, translations, explanations, and AI-generated flashcard suggestions.
  • Communication: Send welcome emails, account-related notices, privacy or terms updates, push notifications for learning reminders with consent, and optional feature or service updates.
  • Legal and security: Comply with legal obligations, prevent fraud or abuse, enforce our terms, protect rights and safety, and maintain audit logs for security and compliance.

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

  • With Your Consent: When you explicitly agree to share information, such as making categories public.
  • Service Providers: With trusted third-party services that help us operate Memicorn.
  • Legal Requirements: When required by law, court order, or government request.
  • Safety and Rights Protection: To protect the rights, property, or safety of Memicorn, our users, or the public.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to users where required.
  • Aggregated Data: We may share anonymized, aggregated data that cannot identify individuals.

5. Third-Party Services

We use third-party services to operate Memicorn. Each service has its own privacy policy and data protection measures.

Service ProviderPurposeData SharedPrivacy Policy
SupabaseDatabase hosting (PostgreSQL)User data, flashcards, categories, and reviewsSupabase Privacy Policy
Amazon Web Services (S3)File storageAvatar images, imported files, and exportsAWS Privacy Policy
OpenAIAI content generationFlashcard content for AI processing and promptsOpenAI Privacy Policy
Firebase (Google)Push notifications and analyticsDevice tokens, usage analytics, and crash reportsFirebase Privacy Policy
Google OAuthAuthenticationEmail, name, and unique identifierGoogle Privacy Policy
Apple Sign InAuthenticationEmail when provided, name, and unique identifierApple Privacy Policy

We maintain Data Processing Agreements with service providers that process personal data on our behalf where appropriate.

6. AI Services and Automated Processing

  • OpenAI Integration: When you use AI-powered features, flashcard content may be sent to OpenAI's API for processing. Generated content is stored in your account and treated as your user-generated content.
    • OpenAI processes this data according to its privacy policy and data usage policies.
    • We configure our OpenAI integration to opt out of training on your data where available.
    • OpenAI may temporarily retain data for security and abuse monitoring according to its policies.
  • Automated Processing: Memicorn uses automated processing for spaced repetition, learning analytics, and AI-generated content suggestions.

You have the right to request human review of automated decisions that significantly affect you where applicable law provides that right.

7. Data Retention and Deletion

  • Active Account Data: Retained while your account is active and you use the Service.
  • Deleted Account Data: Removed from active systems within 30 days of an account deletion request.
  • Backup Data: May be retained in backups for up to 90 days.
  • Legal Hold Data: Retained as required by law or legal proceedings.
  • Anonymized Analytics: May be retained indefinitely in aggregated form.

You can delete your account at any time through the app settings menu under Settings > Account > Delete Account, or by contacting info@memicorn.com.

Upon deletion, we remove personal data from active systems, delete or anonymize content and learning data, and retain only data required for legal compliance or legitimate business purposes.

8. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption.
  • Encryption at Rest: Sensitive data is encrypted in databases and storage systems.
  • Access Controls: Production access is limited and multi-factor authentication is required where appropriate.
  • Password Security: Passwords are hashed using secure cryptographic functions and are never stored in plain text.
  • Security Review: We periodically review security practices and vulnerabilities.
  • Secure Development: We follow OWASP guidance and secure development best practices.
  • Incident Response: We maintain procedures for detecting and responding to security incidents.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we use commercially reasonable efforts to protect your data.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside your country of residence.

  • Data Centers: Our primary data is hosted in the United States through our service providers.
  • Safeguards: We use appropriate safeguards for international transfers where required.
    • Standard Contractual Clauses approved by the European Commission where applicable.
    • Data Processing Agreements with service providers.
    • Other transfer safeguards required by applicable law.
  • Your Consent: By using Memicorn, you consent to transfers to countries that may have different data protection laws than your jurisdiction, subject to applicable law.

10. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Deletion: Request deletion of personal data, subject to legal requirements.
  • Portability: Receive your data in a structured, machine-readable format.
  • Restriction: Request restriction of processing of your personal data.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdraw Consent: Withdraw consent where consent is the legal basis for processing.
  • Non-Discrimination: Not be discriminated against for exercising your privacy rights.

To exercise these rights, contact info@memicorn.com. We will respond within 30 days or as required by applicable law.

11. Regional Privacy Rights

European Union (GDPR)

If you are in the European Economic Area, you may have additional rights under the General Data Protection Regulation, including the right to lodge a complaint with your local supervisory authority, object to automated decision-making and profiling, and exercise enhanced consent withdrawal and data portability rights.

For GDPR inquiries, contact info@memicorn.com.

California (CCPA/CPRA)

California residents may have rights to know, delete, correct, limit use of sensitive personal information, opt out of certain sharing, and receive equal service regardless of privacy choices.

We do not sell personal information as defined by CCPA/CPRA. To exercise your rights, email info@memicorn.com.

United Kingdom, Canada, Brazil, and Other Regions

Residents of the United Kingdom, Canada, Brazil, and US states with privacy laws may have similar rights to access, delete, correct, object, port, or restrict processing of personal data. Contact us to exercise your rights under applicable law.

12. Children's Privacy

Memicorn is not intended for children under 13 years of age, or 16 in certain jurisdictions.

We do not knowingly collect personal information from children under the applicable age limit. If you are a parent or guardian and believe your child provided personal information, contact info@memicorn.com.

  • We will promptly delete the child's personal information after verification.
  • We will terminate any account associated with the child.
  • We will take reasonable measures to prevent future collection from that child.

13. Cookies and Tracking Technologies

Our mobile app does not use cookies in the traditional web browser sense. We use similar technologies for app functionality and analytics where enabled.

  • Local Storage: Stores preferences and session data on your device.
  • Device Identifiers: Used for anonymous analytics and push notifications.
  • Analytics SDKs: Firebase Analytics may collect anonymous usage data and can be disabled in settings where supported.

You can limit tracking by disabling analytics in app settings, using device privacy settings, or revoking app permissions.

14. Push Notifications

With your consent, we may send learning reminders, review schedules, achievement milestones, progress updates, important service announcements, and optional feature notifications.

  • Device tokens are collected solely to deliver push notifications.
  • Device tokens are stored securely and encrypted.
  • Device tokens are not used for tracking or profiling.
  • Device tokens are deleted when you disable notifications or delete your account.

You can disable push notifications through your device notification settings or the app settings menu.

15. Data Breach Notification

In the event of a data breach that may compromise personal information, we will notify affected users within 72 hours of discovery or as required by applicable law.

  • Notification Method: Email to your registered email address and in-app notification where available.
  • Information Provided: Nature of the breach, types of data involved, steps taken, and recommended protection steps.
  • Regulatory Reporting: We will notify relevant data protection authorities where required by law.
  • Mitigation: We will take immediate steps to secure the breach and prevent future occurrences.

16. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in practices, technology, legal requirements, or other factors.

  • Notification: Material changes will be notified by email, in-app notification, or prominent website notice.
  • Review Period: For material changes, we will provide at least 30 days notice before changes take effect where practical.
  • Continued Use: Your continued use of Memicorn after changes indicates acceptance of the updated policy.
  • Previous Versions: We maintain prior policy versions for transparency.

17. Contact Information

For privacy-related questions, concerns, or to exercise your rights, contact us:

Memicorn Privacy TeamEmail: info@memicorn.comResponse Time: Within 30 days or as required by law.

For GDPR-related inquiries, contact info@memicorn.com.

  • EU residents: You may lodge a complaint with your local Data Protection Authority.
  • UK residents: You may lodge a complaint with the Information Commissioner's Office.
  • California residents: You may contact the California Privacy Protection Agency.

Accessibility

This Privacy Policy is available in alternative formats upon request. Contact info@memicorn.com for assistance.