Cadence Deck
Legal

Privacy Policy

Last updated 14 June 2026

This Privacy Policy explains how [OPERATOR LEGAL NAME](“we”, “us”, “our”) collects, uses, shares, and protects your personal information when you use CadenceDeck (the “Service”). We handle personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles, and, where it applies to you, the EU/UK GDPR and the California Consumer Privacy Act.

1. Who We Are

The Service is operated by [OPERATOR LEGAL NAME], based in Australia. For any privacy question or request, contact us at snycbusiness@gmail.com. For GDPR purposes, we are the data controller for personal information processed through the Service.

2. Information We Collect

  • Account information— your email address, authentication credentials (stored hashed), email-verification status, and account settings such as your timezone.
  • Study content you submit— the text you paste and the documents (such as PDFs) you upload, and the flashcards, decks, quizzes, and exam answers generated from or created by you.
  • Usage and study data— your review history, ratings, schedules, and progress, used to operate the spaced-repetition algorithm.
  • Technical data— IP address, device and browser information, and diagnostic/error logs collected automatically to operate and secure the Service.

3. How We Use Your Information

  • to provide, operate, and maintain the Service and your account;
  • to generate study material from the content you submit, including by sending that content to our AI provider;
  • to run the spaced-repetition scheduling and show your progress;
  • to send you account, verification, and service-related emails;
  • to secure the Service, prevent abuse, and diagnose and fix problems;
  • to comply with our legal obligations.

Where the GDPR applies, our legal bases are: performance of our contract with you (to provide the Service); our legitimate interests (to secure, improve, and support the Service); your consent (where we ask for it); and compliance with legal obligations.

4. AI Processing

To generate study material, the content you submit is sent to our AI provider (OpenAI) via its API. OpenAI does not use data submitted through its API to train or improve its models by default, and we do not use your content to train AI models. OpenAI may retain API inputs and outputs for a limited period (generally up to 30 days) to monitor for misuse and abuse before deleting them, except where it is legally required to retain them for longer. AI output is generated automatically and may be inaccurate — see our Terms of Service for the relevant disclaimers.

5. Sub-Processors

We use the following third-party providers to process personal information on our behalf. Each is bound by contractual obligations to protect your data and use it only to provide their service to us.

ProviderPurposeLocation
OpenAIAI generation of cards, quizzes, and exam gradingUnited States
VercelHosting of the web applicationUnited States
RailwayHosting of the API and PostgreSQL databaseUnited States
ResendTransactional and account emailsUnited States
SentryError and crash reportingUnited States
AxiomApplication logging and diagnosticsUnited States
PostHogProduct analytics (anonymised usage events; no IP, email, or study content)European Union

6. International Transfers

Some of our providers are located in the United States, so your information may be transferred to and processed outside your country, including outside Australia and the EEA. Where required, we rely on appropriate safeguards such as the Standard Contractual Clauses to protect your information when it is transferred internationally.

7. Data Retention

We retain your account and study content for as long as your account is active. If you delete your account, we delete or de-identify your personal information and study content within a reasonable period, except where we are required to retain it to comply with a legal obligation, resolve disputes, or enforce our agreements.

8. Your Rights

Depending on where you live, you may have the right to access, correct, update, delete, or export your personal information, to object to or restrict certain processing, and to withdraw consent. California residents may request the categories of information we collect and disclose, and may request deletion. We do not sell your personal information. To exercise any right, contact us at snycbusiness@gmail.com; we will respond within the time required by applicable law.

9. Security

We take technical and organisational measures to protect your information, including encryption of data in transit (TLS) and at rest, hashed passwords, authenticated and per-user access controls so you can only access your own data, rate limiting, and limits on the size and type of content that can be submitted. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

10. Data Breaches

If a data breach occurs that is likely to result in serious harm or that otherwise requires notification, we will notify the affected individuals and the relevant authorities as required by, and within the timeframes set by, applicable law.

11. Cookies

We use a small number of essential cookies that are necessary to keep you signed in and to operate the Service securely. We do not use these cookies to track you across other websites. If we add optional analytics in the future, we will update this policy and, where required, ask for your consent first.

12. Children

The Service is intended for users aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact us and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you. The “Last updated” date at the top of this page shows when it was last revised.

14. Contact & Complaints

For any privacy question, request, or complaint, contact us at snycbusiness@gmail.com. If you are in Australia and are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC). If you are in the EEA or UK, you may lodge a complaint with your local data-protection authority.