CardioBoardsBack

Privacy Policy

Last updated: May 8, 2026

This Privacy Policy explains what information CardioBoards (“we,” “us”) collects, how we use it, and the choices you have. By using the Service you agree to the practices described here.

1. Information we collect

We collect the following categories of information:

  • Account information. When you sign in with Google, we receive your name, email address, profile image, and a unique account identifier from Google. We do not receive your Google password.
  • Study data. We store your responses, ratings, confidence levels, session progress, and review schedule so the Service can give you spaced-repetition recommendations and track your progress.
  • Technical data. Like most web services, our hosting and infrastructure providers receive standard request metadata such as IP address, browser type, device information, and timestamps. This is used for security, abuse prevention, and basic operational monitoring.

2. How we use information

We use the information we collect to:

  • Provide, operate, and improve the Service;
  • Personalize your study experience and run the spaced-review scheduler;
  • Authenticate your account and protect against fraud and abuse;
  • Communicate with you about the Service (e.g. account, security, or important product updates);
  • Comply with legal obligations.

3. Sharing

We do not sell your personal information. We share information only with service providers we use to run the Service:

  • Supabase — authentication and database hosting;
  • Vercel — application hosting;
  • Google — OAuth sign-in.

These providers are bound by their own terms and privacy policies and may only process your information on our behalf to provide the Service. We may also disclose information if required by law or to protect the rights, safety, or property of CardioBoards or others.

4. Cookies and similar technologies

We use cookies and equivalent local storage that are strictly necessary to keep you signed in and to remember your preferences. We do not currently use third-party advertising or cross-site tracking cookies.

5. Data retention

We retain your account and study data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within a reasonable period, except where we are required to retain it for legal, accounting, or security purposes.

6. Security

We use reasonable administrative, technical, and physical safeguards to protect your information, including encryption in transit and at rest through our hosting providers. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

7. Your choices

  • Access & correction. You can update your profile information from within the app.
  • Deletion. You may request that we delete your account and associated data by emailing support@cardioboards.com.
  • Email. Transactional emails (security, account) cannot be opted out of while you have an account.

8. Children

The Service is not directed to children under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will delete it.

9. International users

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

10. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you. Your continued use of the Service after changes take effect constitutes acceptance of the revised Policy.

11. Contact

For privacy questions or requests, contact support@cardioboards.com.