Privacy Policy

Last Updated: 22 June 2025

1. Introduction

Welcome to Cognito. This is a hobby project created and maintained by Matthew Gridley (MGECS) (“we”, “us”, or “our”). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our flashcard application (the “Service”).

As we are based in the United Kingdom, we adhere to the principles of the UK General Data Protection Regulation (UK GDPR).

2. Data Controller

For the purposes of the UK GDPR, the data controller is Matthew Gridley. If you have any questions about this policy or your data protection rights, please contact us at enquiries@mgecs.co.uk.

3. Information We Collect

We only collect information that is essential for the functionality of the Service.

a) Information You Provide Directly:
  • Account Information: When you register for an account, we collect your email address and a password. Your password is not stored by us in a readable format; it is handled securely and hashed by Google's Firebase Authentication service.
  • Password Reset: If you request a password reset, we use your email address to send you a reset link.
b) User-Generated Content:

All content you create is stored in our database to provide the flashcard service to you. This includes:

  • Card Packs: The names and descriptions of any card packs you create.
  • Flashcards: The "front" (question) and "back" (answer) text of the flashcards you create, along with any associated tags.
  • Learning Progress Data: To make the spaced repetition algorithm work, we store your personal learning progress for each card. This includes an "ease factor", the review "interval", the "due date" for the next review, and a count of how many times you have "lapsed" on a card. This data is stored privately and is only associated with your user account.
c) Information Collected Automatically:
  • Session Management: Our service provider, Firebase, uses browser storage mechanisms to keep you logged in so you don’t have to sign in every time you visit. This is detailed further in our Cookie Policy.

4. How We Use Your Information

We use the information we collect solely to operate and maintain the Service:

  • To create and manage your user account.
  • To authenticate you when you sign in.
  • To send password reset emails upon your request or upon account creation by an administrator.
  • To store and display your private and organisational card packs and cards.
  • To calculate and manage the spaced repetition schedule for your cards.
  • To allow Super Admins and Organisation Admins to manage users and content relevant to their roles.

5. Legal Basis for Processing

Under UK GDPR, our legal basis for processing your personal data is contractual necessity. We need to process the information outlined above to provide the flashcard service that you have signed up for.

6. Data Sharing and Third Parties

We do not sell or rent your personal data to third parties. We only share data with the essential service providers that allow this application to function:

  • Google Firebase: We use Google Firebase for our core backend services, including Authentication, Firestore Database, and Cloud Functions. All of your data is stored on Google's secure servers.
  • Content Delivery Networks (CDNs): To deliver fonts, stylesheets, and scripts efficiently, our website uses several CDNs, including Google Fonts, Cloudflare (for Font Awesome), and cdn.jsdelivr.net (for Bootstrap and Chart.js). When your browser requests these files, these services may receive your IP address.

7. Data Retention

We retain your personal data and user-generated content for as long as your account is active. If you or an administrator deletes your account, all associated data, including your user profile, private card packs, and personal learning progress, is permanently deleted from our database.

8. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • The right to access: You can request a copy of the personal data we hold about you.
  • The right to rectification: You can request that we correct any information you believe is inaccurate.
  • The right to erasure: You have the right to request that we erase your personal data, which can be accomplished by deleting your account.
  • The right to object to processing: As our processing is based on contractual necessity to provide the service, objecting to this processing would require account deletion.

To exercise these rights, please contact us at the email address below.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at: enquiries@mgecs.co.uk