Last updated: May 23, 2026
Developer: Yurii Dobrovolskyi (“we”, “us”, “our”)
Contact: lexiumcards@gmail.com
Welcome to Lexium Cards! This Privacy Policy explains how we collect, use, and protect your personal data when you use our mobile application Lexium Cards (the “App”), available on the App Store and Google Play.
We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws.
All personal data is obtained directly from you or your device during use of the App, or from third-party authentication providers (Google, Apple) during sign-in.
When you create an account using Google Sign-In or Apple Sign-In, we receive:
We do not store your password. Authentication is handled entirely by Google or Apple through secure OAuth protocols.
Content you create within the App:
Please do not use the App to store sensitive personal information (health data, political opinions, religious beliefs, etc.) in your flashcards or notes.
If you enable push notifications, we collect:
Push tokens are not used for advertising, tracking, or any purpose other than delivering the notifications you opted into. If you disable notifications, your push token is immediately deleted from our database.
When you subscribe to a paid plan, we collect:
This data is processed by RevenueCat, our third-party payment processor, for subscription management and receipt validation. We do not collect or store your payment method details (credit card numbers, billing address, etc.) — these are handled entirely by the App Store, Google Play, and RevenueCat.
When you use the App in production, we collect pseudonymized usage data through Mixpanel:
Mixpanel data is processed on EU servers (api-eu.mixpanel.com).
Through Sentry, we collect crash reports and error logs in production:
This data is used solely to identify and fix bugs.
When you use translation and vocabulary features, the text you submit is processed by:
This processing happens on our server (Supabase Edge Functions). The text you submit is sent to Google’s APIs for processing. We cache AI responses on our server to improve performance and reduce repeated API calls. Cached data does not contain personally identifiable information — only the text content and its processed result.
Some data is cached locally on your device for offline access and performance, including study data and user settings. This data remains on your device and is cleared when you log out or uninstall the App.
The App does not use cookies or similar web-based tracking technologies. Authentication tokens and cached data are stored locally on your device using standard platform storage mechanisms.
We use your personal data for the following purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide core App functionality (flashcards, study sessions, progress tracking) | Account info, user content, study data, settings | Performance of contract |
| Authenticate your identity | Account info (via Google/Apple) | Performance of contract |
| Generate translations and word analysis | Text submitted by you | Performance of contract |
| Synthesize pronunciation audio | Text submitted by you | Performance of contract |
| Manage subscriptions and validate purchases | Purchase data (via RevenueCat) | Performance of contract |
| Improve App quality and fix bugs | Diagnostics data | Legitimate interest |
| Send daily study reminder notifications (if enabled) | Push token, timezone, notification hour | Consent |
| Understand feature usage and improve the App | Pseudonymized usage data (analytics) | Legitimate interest |
| Respond to your inquiries | Contact information, communication content | Legitimate interest |
| Comply with legal obligations | Account info, purchase info (when applicable) | Legal obligation |
The App uses automated algorithms (spaced repetition) to determine your study schedule. These decisions are based solely on your study history and do not produce legal or similarly significant effects.
Your data is stored on Supabase infrastructure hosted in cloud data centers. Authentication tokens and cached data are stored locally on your device.
When you delete your account, all your personal data (account info, cards, collections, decks, study progress) is permanently deleted from our database.
We share data with the following third-party service providers:
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Supabase (Supabase Inc.) | Backend, database, authentication, file storage | All user data | supabase.com/privacy |
| Google (Google LLC) | Sign-In authentication | Email, profile info | policies.google.com/privacy |
| Apple (Apple Inc.) | Sign-In authentication (iOS) | Email, name | apple.com/privacy |
| Sentry (Functional Software Inc.) | Error monitoring and crash reporting | Error logs, device metadata | sentry.io/privacy |
| Mixpanel (Mixpanel Inc.) | Product analytics | Pseudonymized usage events, user identifier | mixpanel.com/legal/privacy-policy |
| RevenueCat (RevenueCat Inc.) | Subscription management and receipt validation | Transaction IDs, subscription status, platform | revenuecat.com/privacy |
| Google Cloud AI (Google LLC) | Translation, word analysis (Gemini), TTS | Text content submitted by user | cloud.google.com/terms/cloud-privacy-notice |
| Firebase Cloud Messaging (Google LLC) | Push notification delivery (Android) | Push token | firebase.google.com/support/privacy |
| Apple Push Notification service (Apple Inc.) | Push notification delivery (iOS) | Push token | apple.com/privacy |
| Expo (650 Industries Inc.) | Push notification routing | Push token | expo.dev/privacy |
| YouTube (Google LLC) | Embedded video playback in the in-app library | IP address, device info, viewing activity, YouTube cookies (if signed in) | policies.google.com/privacy |
When you play a video in the in-app library, the player is loaded directly from YouTube via Google’s embedded IFrame. We do not control or receive the data YouTube collects during playback — it is governed by Google’s Privacy Policy linked above. If you are signed into your Google account in the device’s webview, YouTube may associate the playback with your account.
All third-party providers are either located in the EEA, covered by EU adequacy decisions, or operate under Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework.
The App is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If we discover that a child under 13 has created an account, we will promptly delete their data. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at lexiumcards@gmail.com.
Under the GDPR and applicable data protection laws, you have the right to:
We will respond to your request within 30 days. In complex cases, this may be extended by an additional 60 days, and we will inform you of any extension.
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, including:
We do not currently send marketing communications or newsletters. If we do in the future, we will update this Privacy Policy and provide you with opt-out mechanisms.
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the App or by other appropriate means. The updated policy will indicate the “Last updated” date at the top.
We encourage you to review this Privacy Policy periodically.
For EU residents, the European Commission provides an online dispute resolution platform at https://ec.europa.eu/consumers/odr.
If you have any questions about this Privacy Policy or our data practices, please contact us:
Email: lexiumcards@gmail.com
Developer: Yurii Dobrovolskyi