Privacy Policy
This policy describes our current data practices. Last updated: June 10, 2026.
This policy explains, in plain language, what personal data Neoneks (operated by Amazy Design LLC) collects, how we use and share it, and the choices and rights you have.
Who We Are
Neoneks is operated by Amazy Design LLC, a California limited liability company ("we," "us," or "our"), the data controller responsible for your personal data. For any privacy question or to exercise your rights, contact us at support@neoneks.com.
What Data We Collect
We collect the minimum data necessary to provide and improve the Service:
Account Data
When you sign up, Clerk (our authentication provider) collects and manages your email address and login credentials. We store your Clerk user ID to associate your data with your account.
Learning Data
Your flashcard decks, cards, imported study material (Anki packages, PDFs, text, and URL or YouTube sources), study sessions, review history, and FSRS scheduling data. This is the core data that powers your spaced repetition experience. Where you choose to publish or share a deck, the content you publish becomes accessible to other users as described in our Terms of Service.
AI Generation Inputs & Outputs
When you use AI features, the text and source material you submit, and the AI-generated content returned, are processed to produce flashcards, summaries, audio, and images. To do this, relevant content is sent to our AI providers, OpenAI and Google. We retain limited AI interaction logs to operate, debug, and improve these features.
Billing Data
If you subscribe to Pro, payments are processed by Stripe. Stripe collects and stores your payment details; we receive limited information such as subscription status, plan, and the last four digits of your card. We do not store your full payment card number.
Preferences
Your app settings, including display and density preferences, language choice, and your cookie/analytics consent choice (stored in your browser).
Analytics & Diagnostics Data
If you consent to analytics, we collect usage data via PostHog (page views, feature usage, performance metrics) to improve the product. PostHog is opt-out by default — no analytics are captured until you accept analytics cookies. Separately, we use Sentry to capture error and performance diagnostics so we can detect and fix problems; this may include technical data such as device, browser, and error context.
How We Use Your Data
We use your data to provide, secure, and improve the Neoneks service:
- Provide the Service, including authentication, syncing your learning data across devices, and operating core features
- Schedule your flashcard reviews using the FSRS algorithm
- Generate AI-powered flashcards, summaries, audio, and images (when you use these features), including sending the necessary content to our AI providers
- Process subscriptions and payments through Stripe and manage your plan
- Send transactional emails (e.g. account, security, and billing notices) via Resend
- Maintain security, debug errors, and improve the product based on diagnostics and (with consent) analytics
- Comply with legal obligations and enforce our Terms of Service
Legal Bases (EEA/UK Users)
If you are in the EEA or UK, we process your personal data on these legal bases: performance of our contract with you (to provide the Service, including AI generation and billing you request); your consent (for analytics cookies, which you may withdraw at any time); our legitimate interests (to secure, debug, and improve the Service and prevent abuse); and compliance with legal obligations.
Service Providers & Subprocessors
We share personal data with the following providers strictly to operate the Service. They process data on our behalf under contractual safeguards, and we do not sell your personal data:
| Service | Purpose |
|---|---|
| Clerk | Authentication and user account management |
| Stripe | Subscription billing and payment processing |
| OpenAI | AI generation — your submitted content is processed to generate study materials |
| Google (Gemini) | AI generation — your submitted content is processed to generate study materials |
| PostHog | Product analytics (only after you accept analytics cookies) |
| Sentry | Error monitoring and performance diagnostics |
| Resend | Transactional email delivery |
| MongoDB | Primary database hosting for your account and learning data |
| Cloudflare R2 | Storage of media assets (e.g. generated images and audio, uploaded files) |
| Render | Backend application hosting |
| Vercel | Frontend application hosting and delivery |
Where Your Data Is Stored
Your data is stored in MongoDB databases, with media assets stored in Cloudflare R2 and authentication data managed by Clerk. We use encryption in transit (TLS) and follow security best practices for data at rest. Our backend is hosted on Render and our frontend on Vercel.
International Data Transfers
We and our providers are based in or process data in the United States. If you access the Service from the EEA, UK, or elsewhere, your personal data will be transferred to and processed in the United States and other countries that may not provide the same level of data protection as your home country. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) for such transfers.
Data Retention
We retain your account and learning data for as long as your account is active. We delete or de-identify certain operational data on a rolling basis once it is no longer needed; for example, practice and interaction events are retained for about 180 days, AI conversation logs for about 90 days, telemetry and analytics records for about 90 days, and security audit logs for about 365 days. These periods are examples and may change. When you delete your account, we delete your associated data as described below, subject to limited retention required by law or for backup, security, and fraud-prevention purposes.
Your Rights
Subject to applicable law, including GDPR for EEA/UK users, you have the following rights:
Right of Access
You can request a copy of the personal data we hold about you. Use the data export feature in Settings, or contact us at support@neoneks.com.
Right of Rectification
You can update your data directly through the application. For account data managed by Clerk, update it through your account settings.
Right of Erasure
You can delete your account and all associated data. Neoneks performs a cascade deletion that removes your decks, cards, study history, and other user-created content across our systems. You can start deletion in Settings, or contact us and we will process your request, typically within 30 days.
Right of Data Portability
You can export your decks and learning data in standard formats through the app's export feature.
Right to Object & Withdraw Consent
You can opt out of analytics at any time by declining analytics cookies or via Settings > Privacy, and you can object to certain processing based on our legitimate interests. You may also lodge a complaint with your local data protection authority.
California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have rights to know what personal information we collect, to access and delete it, and to correct inaccuracies. The categories of personal information we collect are described in "What Data We Collect" (identifiers such as email and user ID, your learning content, commercial/subscription information, and internet activity such as analytics and diagnostics), used for the purposes described in "How We Use Your Data." We do NOT sell your personal information, and we do not share it for cross-context behavioural advertising. Our use of analytics and service providers to operate Neoneks is not a "sale" of personal information. We will not discriminate against you for exercising your rights. To exercise these rights, contact us at support@neoneks.com.
Analytics Opt-Out
Analytics collection is off by default until you accept analytics cookies. PostHog is initialised to capture nothing without your consent. You can change your choice at any time on the Cookie Policy page or in Settings > Privacy. When analytics are disabled, no usage data is sent to PostHog.
Security
We use technical and organisational measures designed to protect your personal data, including encryption in transit (TLS), access controls, authentication via Clerk, and monitoring for errors and abuse. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
Children's Privacy
Neoneks is not directed at children under 16, and you must be at least 16 to use the Service. We do not knowingly collect personal data from children under 16. If you believe a child has provided data to us, please contact us at support@neoneks.com for immediate deletion.
Changes to This Policy
We may update this policy to reflect changes in our practices or for legal reasons. We will notify users of significant changes via the application or email and update the "last updated" date above.
Contact
For privacy-related inquiries, data access requests, or erasure requests, contact us at: