Privacy Policy

Effective June 13, 2026

MazoCards is a flashcard application that can be used without creating an account. This policy explains what information is processed when you use browser storage, temporary deck links, Google Sign-In, cloud synchronization, or community features.

Information processed locally

Decks, cards, review schedules, study statistics, preferences, imports, and deletion markers are stored in your browser. This information stays on your device unless you sign in and use cloud synchronization or choose to publish a deck.

Temporary AI-created deck links

An AI agent or other client may send deck content to the MazoCards API to create a temporary study link. The deck content and its random link identifier are stored in Cloudflare Workers KV for up to six hours. Anyone who has the unguessable link can open the deck during that time. MazoCards uses a temporary hash derived from the requesting network address to limit abusive creation traffic; the application does not store the raw address in the deck record.

Information processed when you sign in

Google Sign-In provides MazoCards with your account identifier, email address, display name, and profile image. We also store the unique MazoCards username you choose. Authentication is provided by Google Firebase Authentication.

Cloud synchronization

When signed in, your decks, cards, review schedules, study statistics, and deletion markers may be stored in Google Cloud Firestore under your user account so that they can be synchronized across devices.

Community decks

If you explicitly publish a deck, its title, description, tags, cards, your chosen username, and your display name become visible to other MazoCards users. Do not publish personal or confidential information.

Service providers

MazoCards uses Google Firebase for authentication, hosting, and optional cloud storage, and Cloudflare for the temporary deck API and abuse protection. These providers process information according to their own terms and privacy policies. MazoCards does not currently use advertising or third-party analytics.

Retention and control

You can export or delete local decks from the application. Signing out clears local study data after attempting a final synchronization. Synchronized account data remains in Firebase until it is deleted. Temporary deck links expire after six hours. To request deletion of your account and associated cloud data, contact the address below.

Security

We use access controls, validation, encrypted HTTPS connections, and browser security policies to protect information. No online service can guarantee absolute security.

Children

MazoCards is not directed to children under the minimum age required to manage their own Google Account in their country. We do not knowingly collect personal information from children who cannot provide valid consent.

Changes and contact

This policy may be updated when the service changes. Material changes will be reflected on this page. For privacy questions or account deletion requests, email support@mazocards.com.