Last updated: April 6, 2026
This Policy applies to the Noos web application and website at noosflashcards.com. It covers all features of the service, including account creation, flashcard creation and review, AI-powered features, community content, and subscription management.
Account data: email address, first and last name, nickname, birth date, native language, country of residence, and optional profile avatar.
Subscription data: your current plan tier (Free, Plus, or Pro) and subscription status. Payment details (card number, billing address) are collected and stored directly by Stripe — we never see or store your raw payment information.
User-generated content: flashcard decks (stacks, classes, and cards) you create, including any text and images you upload. Decks are public by default and visible to other users in the community; you can change visibility to private in your deck settings.
Usage and activity data: daily review counts, AI feature usage counters (text suggestions and media scans), and review session metadata (cards reviewed, session duration).
Analytics events: actions such as sign-up, login, card creation, review sessions, AI feature use, and page views. Events include contextual data (e.g. plan tier, feature triggered).
Technical logs: transient server and CDN logs (IP address, user-agent, timestamp) required to serve the site. Noos does not retain these independently.
Browser storage: a noos_theme key in localStorage stores your light/dark mode preference locally on your device.
Service delivery: to create and manage your account, store and sync your flashcard decks, power spaced-repetition scheduling, and display community content.
AI features: card text and uploaded images are sent to Google's Gemini API to generate card suggestions and analyse images. Card text and language code are sent to Google Cloud Text-to-Speech to produce audio (Plus and Pro plans only). These requests are processed server-side via Cloud Functions; your content is not used to train these models.
Payments: to initiate checkout sessions, manage your subscription, and handle plan upgrades or cancellations via Stripe.
Analytics: aggregated event data helps us understand how features are used and improve the product.
Communications: product updates, launch notices, beta invites, onboarding information, service or security notices, and surveys about Noos. You can opt out of marketing emails at any time.
No third-party advertising: we do not serve ads or sell your data to third parties.
We share data with the following service providers solely to operate the service. Each processes data under a written contract and may not use it for their own purposes.
Firebase / Google Cloud (Google LLC): authentication, database (Firestore), serverless functions, and hosting. All user data is stored on Google Cloud infrastructure.
Google Gemini API (Google LLC): receives card text, uploaded images, and target language to generate AI suggestions. Used for AI card generation and image analysis features.
Google Cloud Text-to-Speech (Google LLC): receives card text and language code to generate audio. Available to Plus and Pro subscribers only.
Firebase Analytics / Google Analytics (Google LLC): receives behavioural event data (actions, plan tier, device and browser information) for product analytics.
Stripe, Inc.: handles all payment processing, billing data, and subscription management. Stripe is PCI-DSS certified. See Stripe's privacy policy for details on how they handle payment data.
Flashcard decks you create are public by default. Public decks are visible to all authenticated Noos users, appear in the community browser, and display your nickname and avatar. Other users can import a copy of a public deck into their own account.
You can change a deck's visibility to private at any time in the deck settings. Private decks are only accessible to you.
Content you make public may be cached or indexed; removing public access does not guarantee immediate removal from all caches.
Contract: processing necessary to provide the service — account creation, card storage, review scheduling, and subscription management.
Consent: marketing communications and analytics. You can withdraw consent at any time.
Legitimate interests: service and security notices related to your account, fraud prevention, and aggregate product improvement. You can object at any time.
localStorage: we store noos_theme locally in your browser to remember your light/dark mode preference. This is essential for the interface and contains no personal data.
Analytics cookies: Firebase Analytics (Google Analytics) may set cookies or use similar identifiers for session tracking and device recognition. These are set and managed by Google.
We set no other non-essential cookies. If this changes, we will present a consent banner and update this Policy.
Account and content data: retained while your account is active. When you delete your account, all personal data (profile, classes, stacks, cards, activity history) is deleted in a cascading operation within 30 days.
Billing history: retained by Stripe per their policy and as required by applicable financial regulations.
Analytics data: retained for up to 14 months per Google Analytics default settings.
Support messages: deleted within 30 days after resolution unless the law requires longer retention.
Account deletion: you can delete your account from the Settings page. This removes all your personal data from our active systems within 30 days.
Marketing opt-out: unsubscribe at any time using the link in our emails or by contacting us.
Depending on your location, you may also have rights to access, correct, restrict, object to, and port your data, and to withdraw consent. We will verify requests before acting. Contact us at privacy@noosflashcards.com to exercise these rights.
Your data is stored and processed on Google Cloud infrastructure, which may be located outside your country. Where required, we rely on lawful transfer mechanisms such as EU Standard Contractual Clauses.
TLS in transit, Firestore security rules with owner-only access to personal data, least-privilege Cloud Function operations, and periodic reviews. No method is perfectly secure; we will notify you promptly of any breach affecting your data as required by law.
Noos is not directed at children under 13 (US) or 16 (EEA/UK). We collect birth date at sign-up to help enforce this. If we discover we have collected personal data from a child below the applicable minimum age, we will delete it promptly.
We may update this Policy. The "Last updated" date will change. Material changes will be communicated before new collection begins.