Privacy Policy

1. Overview

This Privacy Policy explains how alphaC UG (haftungsbeschränkt) (“alphaC”, “we”, “our”, “us”), operating the Service under the brand name Cardlex, processes personal data when you visit our website and when you use the Cardlex mobile application (together, the “Service”). It also describes your privacy rights and how to contact us.

If there is any conflict between this Privacy Policy and the app store terms that apply to your device (e.g., Apple App Store / Google Play), the app store terms apply only to the extent required by them.

2. Who is responsible (Controller)

The controller responsible for processing your personal data is the legal entity listed in our Impressum.

For privacy-related requests, you can contact us at admin@alphac.tech.

3. Scope: Website vs. Mobile App

This website is primarily a marketing site. The Cardlex mobile app is distributed via app stores and may involve additional processing necessary to provide app functionality (for example, subscriptions or AI features). Where relevant, we call out differences below.

4. Personal data we process

4.1 Website access data (server logs)

When you visit our website, our hosting provider may process technical data to deliver the site and keep it secure, such as IP address, date/time, requested URL, referrer, and user agent. This information is typically necessary to operate and protect the website.

4.2 Contact and support

If you contact us (e.g., by email), we process the information you send (such as your email address and message contents) to respond and provide support.

4.3 Mobile app usage and content

When you use the mobile app, we may process data needed to provide app features. Depending on your use, this can include app usage information, device information, and user-generated content you create in the app (for example, decks/flashcards and text you enter).

4.4 AI and audio features (if you use them)

If you use AI-assisted deck generation, we process your inputs (for example, your topic prompt, selected languages, and requested deck size) on our servers to generate the requested content. Our backend endpoint for this feature is operated under our domain (e.g., cardlex.infra-hub.net).

If you use text-to-speech/audio features, audio may be generated using your device’s operating system capabilities (and related providers) depending on your platform settings and device configuration.

4.5 Purchases and subscriptions

If you purchase a subscription through Apple App Store or Google Play, the app store processes payment and billing information. We typically receive limited information (such as purchase status or product identifiers) needed to enable Premium features.

We also use a subscription management provider (RevenueCat) to manage subscription status across devices and help provide purchase, restoration, and customer support features. RevenueCat may process identifiers and purchase-related information (for example, an app user identifier and purchase/entitlement status) in order to provide these services.

4.6 Analytics (Mobile App)

The mobile app uses analytics services to understand app usage, improve performance, and make product decisions. These services may automatically collect information such as your device type/model, operating system version, app version, language, approximate location (derived from IP address), event data (for example, which screens you view and which buttons you tap), and diagnostic information. We configure these services to avoid collecting more data than necessary for these purposes.

As of the date above, we use the following analytics providers in the mobile app:

• Firebase Analytics (Google)
• AppMetrica (Yandex)

5. Legal bases (EEA/UK/Switzerland)

Where applicable under GDPR (or similar laws), we rely on one or more of the following legal bases:

• Contract: to provide the Service you request (e.g., app functionality, Premium access).
• Legitimate interests: to operate, secure, and improve the Service (for example, preventing abuse).
• Consent: where we ask you to opt in (for example, if we introduce non-essential cookies in the future).
• Legal obligation: where we must comply with law (e.g., tax/recordkeeping).

6. Sharing and disclosures

We do not sell your personal data. We may share personal data in the following situations:

• Service providers: hosting, support tooling, and providers enabling app features (only as needed to deliver the Service). This includes:
  • Analytics: Firebase Analytics (Google) and AppMetrica (Yandex)
  • Subscriptions: RevenueCat
  • Our backend services: systems used to generate decks and deliver app functionality (for example, endpoints under cardlex.infra-hub.net)
• App stores: Apple and Google process payments and may provide us purchase status needed to enable Premium.
• Legal: to comply with law or respond to lawful requests, or to protect rights, safety, and security.
• Business transfers: if we undergo a merger, acquisition, or asset sale (with appropriate safeguards).

For more information about third-party processing, you can review their privacy policies:

• Firebase / Google: Google Privacy Policy
• Firebase Analytics: Firebase Privacy and Security
• AppMetrica (Yandex): Yandex Privacy Policy
• RevenueCat: RevenueCat Privacy Policy

7. International transfers

Your data may be processed in countries other than where you live (for example, where our providers operate). Where required, we use appropriate safeguards for such transfers (such as standard contractual clauses).

8. Data retention

We keep personal data only as long as needed for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law (for example, to comply with legal obligations or resolve disputes).

9. Security

We use reasonable technical and organizational measures designed to protect personal data. However, no method of transmission or storage is 100% secure.

10. Your rights

Depending on where you live, you may have rights such as access, correction, deletion, portability, restriction, and objection, as well as the right to withdraw consent (where processing is based on consent). You may also have the right to lodge a complaint with your local supervisory authority.

To exercise your rights, contact us at admin@alphac.tech. We may need to verify your request.

11. Children’s privacy

The Service is not intended for children under the age of 13 (or the minimum age required in your jurisdiction). If you believe a child has provided us personal data, please contact us.

12. Cookies and tracking

As of the date above, this website does not use tracking cookies or similar technologies for analytics or advertising. If we introduce non-essential cookies in the future, we will update this Privacy Policy and, where required, request your consent.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date. If changes are material, we may provide additional notice (for example, in the app).

14. Contact

Privacy questions: admin@alphac.tech. Legal entity details: Impressum.

Please also review our Terms of Service.