ExamFlow

Last updated May 25, 2026

Privacy Policy

This page explains what ExamFlow collects and how it is used for the study workspace, AI card generation, billing, analytics, and offline review.

Who Operates ExamFlow

ExamFlow is operated by Csongor Tarnai. For privacy questions, access requests, deletion requests, or corrections, contact the operator at tarnai.csongor@gmail.com.

This policy describes the hosted ExamFlow app and the services it uses. It is not legal advice, but it is intended to explain the actual data flows used by the product.

Data We Collect

Account data: email address, password authentication records, session records, confirmation and recovery timestamps, IP address, and user agent data handled by Supabase Auth.

Study data: courses, lectures, material names, extracted material text, course descriptions, exam guidance, material notes, generated flashcards, review grades, due dates, review timestamps, and scheduling state.

Uploaded files: PDFs uploaded to the private Supabase Storage materials bucket. The app currently accepts PDF uploads up to 25 MB.

Billing and usage data: plan, Stripe customer and subscription identifiers, monthly token usage, PDF upload counts, generation counts, estimated AI cost, and rate-limit counters.

Review submissions: name, email, review text, and basic rate-limit information when you submit a homepage review.

Local device data: the study workspace can store review content and pending review progress in your browser's IndexedDB so already-loaded cards can be reviewed offline.

How We Use Data

We use account and session data to sign you in, keep your account secure, and recover your password.

We use study data and uploaded materials to organize your workspace, generate flashcards, display source materials, schedule reviews, and sync review progress.

We use billing and usage data to enforce plan limits, rate limits, subscriptions, and AI cost controls.

We use operational analytics to understand aggregate product usage, debug problems, protect against abuse, and improve ExamFlow.

AI Processing

When you generate cards, ExamFlow sends the selected study material text and relevant study context to Anthropic so Claude can generate flashcards.

Study context can include existing cards, course description, exam guidance, and material notes after the server verifies ownership. Do not upload or enter information you do not want processed for card generation.

Service Providers

Supabase provides authentication, Postgres database storage, private file storage, and related logs. The live Supabase project is hosted in the EU West region.

Anthropic processes study text and context for AI card generation.

Stripe processes checkout, payment methods, receipts, subscriptions, and customer portal sessions. ExamFlow stores Stripe customer and subscription identifiers, but Stripe handles payment card details.

Vercel hosts the web app and provides privacy-preserving web analytics for page and traffic measurement.

Discord or Slack-style webhooks may receive homepage review submissions and signup notifications if configured by the operator.

Analytics

ExamFlow uses Vercel Analytics for basic site and app usage measurement.

The owner-only analytics dashboard reads operational metrics from Supabase, including generation events, review events, visible study-session time, plan counts, upload counts, token usage, and approximate AI cost.

The dashboard is restricted to the configured admin user. It is intended for operations and product maintenance, not for selling user profiles.

Storage, Security, And Retention

User-owned app tables and private material files are protected with Supabase row-level security and storage policies so signed-in users can access their own study data.

Server-only keys for Supabase, Stripe, Anthropic, and webhooks are kept out of client components.

Account and study data are kept while your account is active or while needed for operations, billing, security, legal compliance, or abuse prevention. Browser offline data remains on your device until cleared by the app, sign-out flow, browser settings, or storage cleanup.

Your Choices And Rights

You can edit or delete courses, lectures, materials, and cards in the app where those controls are available.

You can request access, correction, export, or deletion of your account and associated app data by emailing tarnai.csongor@gmail.com.

If you are in the EU, you may also have GDPR rights to access, rectify, erase, restrict, object, port your data, and complain to a supervisory authority. If you are in the US, state privacy rights may apply depending on your location.

Children

ExamFlow is intended for users aged 16 and older. Do not use ExamFlow if you are under 16.

Changes

This policy may be updated as ExamFlow changes. The updated date at the top of this page shows when the policy was last revised.