Last updated: March 2026
This Privacy Policy describes how My Leitner Box ("we", "us", "our") collects, uses, and protects your information when you use our website and services. We do not sell your personal data.
1. Information we collect
Account data. When you register, we collect your email address (used as your login identifier), password, and any profile details you provide (e.g. name, phone). You may also add or update profile information later in Profile & Account Settings: display name, optional bio, optional profile picture (avatar), and phone. Profile pictures you upload are resized to 400×400 pixels and stored as JPEG (we accept uploads up to 5 MB and process them to keep storage efficient).
User content. We store the data you create when using the service: flashcard boxes (names, descriptions, settings), flashcards (front, back, pronunciation, audio URLs, examples, and any other fields you fill in), and any content you import (e.g. from Anki or CSV files).
Contact form. If you send a message via our contact form, we store your name, email, phone (if provided), and message content so we can respond to you.
Technical and analytics data. We use session and CSRF cookies so you can stay logged in and use the site securely. Our server (hosted on our infrastructure, e.g. a VPS) may log standard technical data such as IP address and request details for security and operation. We also use Google Analytics to understand how visitors use our site (e.g. pages viewed, general traffic). Google Analytics may collect information such as your IP address, device type, and how you interact with our pages. This helps us improve the service. For more about how Google uses data, see Google's Privacy Policy.
2. Why we use your information
We use your information to provide and improve the service (e.g. storing your boxes and cards, running reviews, handling imports), to understand how the site is used (via analytics), to respond to your contact requests, and for necessary operational and security purposes (e.g. preventing abuse, debugging).
3. External services and pronunciation data
We use pronunciation and related data from external sources such as Wiktionary and WikiPron (e.g. under CC BY-SA) to support features like phonetic transcription. We only retrieve data from these sources; we do not send any of your personal data or flashcard content to Wiktionary, WikiPron, or similar third parties.
4. Who we share your information with
We do not sell or rent your data. Your data is stored on our servers (e.g. with our hosting provider). Only we (and our hosting provider for technical operation) have access. We use Google Analytics; the data it collects is processed by Google in accordance with Google's Privacy Policy. We do not share your data with advertisers.
5. Cookies
We use cookies that are necessary for the site to function (e.g. session and CSRF tokens so you can log in and submit forms safely). We also use Google Analytics, which may set its own cookies to help us understand how the site is used. You can control or delete cookies in your browser settings; you can also use tools such as Google's browser add-on to opt out of Google Analytics. If you disable essential cookies, some features of the site may not work.
6. Data retention
We keep your account and user content for as long as your account is active. Contact form messages are kept for as long as needed to handle your request and for a reasonable period afterward. Server logs are retained according to our operational and security needs.
7. Your rights
You may request access to, correction of, or deletion of your personal data. You may also request a copy of your data (data export). You can delete your account yourself from Profile & Account Settings (Danger zone). Account deletion permanently removes your account, all your Leitner boxes and cards, and related profile data; you will be logged out and redirected to the homepage. For data export or other requests (e.g. change of email, which we do not support in-app), please contact us. We will respond within a reasonable time. If you are in the European Economic Area or another region with specific privacy laws, you may have additional rights (e.g. objection, restriction, portability, complaint to a supervisory authority).
8. Children
Our service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe we have collected such data, please contact us so we can delete it.
9. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy. For material changes, we may notify you by email or a notice on the site where appropriate.
10. Contact
For privacy-related questions or to exercise your rights, please contact us.