Last Updated: June 20, 2026

This Privacy Policy explains how independent developer Serhii Chertkov (hereinafter the "Developer", "we") collects, uses, and protects your personal information when using the mobile application "English Notes" (EduScar) (hereinafter the "Application"). Please also review our Terms and Conditions, which govern your use of the Application.

We respect your privacy. We do not sell your personal data to data brokers or third-party advertising agencies.

0. DEFINITIONS

For the purposes of this Privacy Policy, the following terms shall have the meanings set forth below:

1. INFORMATION WE COLLECT

We collect the minimum necessary amount of data to ensure the operation of the Application:

1.1. Data provided by you:

1.2. Data collected automatically:

1.3. Local and Synchronized Data:

Your personal text notes and added words are stored locally on your device.

To ensure the safety of your information and allow access from different devices, the Application may perform automatic backups and synchronization of this data with our secure cloud servers.

2. HOW WE USE YOUR INFORMATION

2.0. Legal Bases for Processing

We process your Personal Data only when we have a valid legal basis under applicable data protection laws, including Article 6 of the GDPR:

2.1. Purposes of Processing

We use the collected data solely for the following purposes:

2.2. Processing of Personal Notes and Words

The texts of your personal notes and added words are processed by the Application automatically and solely for the purpose of cloud synchronization and backup.

The Developer's policies and technical measures (role-based access control, logging, and the absence of a manual interface) exclude manual access to the content of your notes, except in strictly necessary cases: (i) automated server maintenance, (ii) compliance with lawful requests from law enforcement authorities, or (iii) protection of the Developer's rights in legal proceedings. The Developer does not manually review, edit, or moderate the content of your personal notes.

2.3. Automated Decision-Making and Profiling

The Application uses algorithms, including the FSRS spaced repetition system, to personalize tests and learning recommendations. This constitutes profiling within the meaning of Article 4(4) GDPR. However, it does not result in decisions that produce legal effects or similarly significantly affect you (Art. 22 GDPR).

3. THIRD-PARTY SERVICES

3.1. Service Providers

As the Application is maintained by an independent developer, we use reliable third-party cloud services (BaaS) for data processing:

These providers comply with strict international security standards (GDPR, CCPA) and process data only according to our instructions.

3.2. International Data Transfers

Since our processors (Google, Cloudflare, Resend) are located in the United States and other countries outside your jurisdiction, your data may be transferred outside the EEA, Ukraine, or your country of residence.

To ensure an adequate level of protection, we rely on the European Commission's Standard Contractual Clauses (SCCs) – Module 2 (Controller-to-Processor), adopted by Decision 2021/914. We also implement additional technical safeguards (encryption in transit and at rest) and have conducted a Transfer Impact Assessment.

By using the Application, you consent to such international transfers.

3.3. California Privacy Rights (CCPA/CPRA)

We do not sell or share your personal information for monetary consideration as defined under the California Consumer Privacy Act (CCPA/CPRA).

We do not use your data for targeted advertising based on cross-context behavioral advertising without your consent.

California residents have the right to request that we do not sell or share their personal information. Since we do not engage in such activities, a dedicated "Do Not Sell or Share" mechanism is not required. You may withdraw your consent for any processing at any time through the Application settings or by emailing us.

4. DATA SECURITY

4.1. Cloud Infrastructure and Certificates: All data transmitted for synchronization and analytics is processed and stored using Cloudflare's advanced cloud infrastructure.

Network requests are protected by HTTPS encryption protocol and authorization tokens.

Cloudflare's infrastructure regularly undergoes independent audits and possesses leading international security and privacy certificates, ensuring the protection of your data at the highest industry standards. Cloudflare’s certifications include:

4.2. Security Limitations: Despite using advanced protection technologies, no method of transmission over the Internet or electronic storage is 100% secure. The Developer makes all reasonable efforts to protect your personal information but cannot guarantee its absolute security against cyberattacks outside of our control.

4.3. Data Breach Notification

In the event of a Personal Data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours (in accordance with GDPR Article 33). If the breach is likely to result in a high risk to you, we will also notify affected Users without undue delay (GDPR Article 34) and take all reasonable measures to mitigate potential harm.

5. DATA STORAGE AND DELETION

5.1. Retention Periods. The Developer retains your personal data only for as long as your account is active or as necessary to provide the functionality of the Application.

5.2. Deletion of Individual Items (Words, Notes, Tests). When you delete individual records, words, or personal notes within the Application, such items are immediately hidden from your user interface. Final physical deletion from the synchronization servers may take up to thirty (30) days. This period is required solely for technical reasons related to asynchronous data transmission and is necessary to: (i) synchronize database state across your devices that may be offline; (ii) prevent data conflicts from outdated copies upon reconnection; and (iii) complete routine database compaction and log processes on the cloud infrastructure.

During the entire 30-day period, the deleted data remains in a “beyond use” state (inaccessible for any analysis, processing, or access except for automated cleanup processes). The deleted content is not analyzed and is not used for algorithm personalization or any other purpose. Only anonymized technical identifiers — deletion markers (tombstones) that do not contain the original text of notes or words — are stored for synchronization safety. The Developer makes all reasonable efforts to minimize this technical retention period, taking into account the limitations of the cloud infrastructure (Firebase, Cloudflare).

5.3. Account Deletion Procedure. You may initiate full deletion of your account and associated data at any time by:

5.4. Consequences of Account Deletion. Upon confirmation of an account deletion request:

5.5. Active Subscriptions. Deleting your account within the Application does not automatically cancel any active paid subscription purchased through Apple App Store or Google Play. You must cancel the subscription yourself via your Apple ID or Google account settings prior to account deletion. The Developer has no technical ability to manage subscriptions or billing on the Apple or Google platforms.

5.6. General Data Retention Principles

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable law. Processing is carried out in accordance with the principles of the GDPR (Article 5) and other applicable data protection regulations.

6. YOUR RIGHTS (GDPR / CCPA)

Depending on your jurisdiction, you have the right to:

To exercise your rights, you can use the built-in functions of the Application or contact us via email.

7. AGE RESTRICTIONS

The Application is intended exclusively for users over 16 years of age.

We do not intentionally collect, store, or process personal data of persons under 16. If you are a parent or guardian and believe your child has provided us with their data, please contact us, and we will immediately delete this information from all our servers and databases.

For users in the United States, we comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13 years of age. If we become aware that we have collected such data, we will delete it immediately.

8. CHANGES TO THE POLICY

We may periodically update this Privacy Policy. In the event of significant changes, we will notify you through the Application.

Continued use of the Application after changes are made signifies your agreement with the new edition of the Policy.

9. CONTACTS

If you have questions, suggestions, or requests regarding your privacy, please contact us:

Data controller:
Developer: Serhii Chertkov (Ukraine, Kyiv)
E-mail: [email protected]


Previous versions:
Privacy Policy dated 14 May 2026
Privacy Policy dated 5 February 2026