Privacy Policy

The protection of your personal data is important to us. This privacy policy explains which data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR).

The controller responsible for data processing on this website is:

Florian Fritz

Meidlinger Hauptstrasse 87, Wien

E-Mail: office@learnforge.eu

We collect the following personal data:

• Account data: Email address and encrypted password (hashed with argon2id) when you register.
• Learning data: Topics, flashcards, reviews, and study statistics you create during use.
• Technical data: Server logs containing IP address, timestamp, and request details for security and debugging purposes.

• Processing of account and learning data is based on Art. 6(1)(b) GDPR (performance of a contract) — it is necessary to provide the service you signed up for.
• Processing of technical data (server logs) is based on Art. 6(1)(f) GDPR (legitimate interest) — specifically, the security and stability of the service.

Your data is stored on a self-hosted server located in Austria. Data is not transferred to third countries. An exception is payment processing via Stripe (headquartered in the USA), which is carried out on the basis of the EU Commission's adequacy decision (EU-US Data Privacy Framework, Art. 45 GDPR).

Your personal data is stored as long as your account exists. Server logs are retained for a maximum of 30 days. When you delete your account, all your data (profile, topics, cards, reviews, media files) is permanently and irreversibly deleted. Tax-relevant records (e.g. billing data) are retained for 7 years in accordance with § 132 BAO.

Under the GDPR, you have the following rights:

• Right of access (Art. 15 GDPR): You can request information about the personal data we store about you.
• Right to rectification (Art. 16 GDPR): You can request correction of inaccurate data.
• Right to erasure (Art. 17 GDPR): You can request deletion of your data. You can delete your account at any time through the application.
• Right to data portability (Art. 20 GDPR): You can request an export of your data in a machine-readable format.
• Right to restriction of processing (Art. 18 GDPR): You can request the restriction of processing of your data, e.g. if you contest the accuracy of the data.
• Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of your data based on legitimate interest (Art. 6(1)(f)). This applies in particular to the processing of technical data (server logs). In the event of an objection, we will no longer process the data concerned unless there are compelling legitimate grounds.
• Right to lodge a complaint: You have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde, dsb.gv.at).

We do not use cookies. We use browser localStorage to store your authentication token (JWT) and language preference. This data never leaves your browser and is not used for tracking.

LearnForge processes all learning data locally on its own infrastructure.

Payment processing is handled by Stripe Inc. (USA). A data processing agreement (Art. 28 GDPR) is in place with Stripe. Stripe processes the data necessary for payment (email, name). Data transfer to the USA is based on the EU-US Data Privacy Framework (Art. 45 GDPR). We do not store credit card data.

To support similarity search, numerical vector representations (embeddings) are computed from the text of your flashcards. This computation is performed entirely on the Operator's server — no data is transmitted to external services.

Learning intervals are calculated by an algorithmic scheduler (FSRS) that evaluates only your response behavior on individual cards and does not create personal profiles.

We do not use any third-party analytics, advertising, or tracking services.

No automated decision-making within the meaning of Art. 22 GDPR takes place. The algorithmic calculation of learning intervals and similarity scores serves exclusively to support learning and has no legal or similarly significant effects on you.

We may update this privacy policy from time to time. The current version is always available on this page with the date of last update.