Privacy Policy

What we collect

When you use Words on Repeat, we store the following data:

• Email address — used for login and account identification
• Password — stored as a bcrypt hash, never in plain text
• Display name — shown in the app interface
• Vocabulary and decks — the words, translations, example sentences, and tags you create
• Review history — your grades, review timestamps, and FSRS scheduling state
• Study sessions — session start/end times, duration, and cards reviewed

How we use it

Your data is used solely to provide the app's functionality:

• Account authentication — verifying your identity when you log in
• Spaced repetition scheduling — the FSRS algorithm uses your review history to calculate optimal review intervals
• Progress tracking — displaying retention rates, study time, and review statistics

We do not use your data for advertising, profiling, or any purpose beyond operating the app.

Cookies

Words on Repeat uses a single authentication cookie to keep you logged in. This cookie:

• Contains a JWT (JSON Web Token) identifying your session
• Expires after 7 days
• Is set with httpOnly and sameSite=strict flags for security

We do not use any tracking, analytics, or advertising cookies. No consent banner is needed because the only cookie is strictly necessary for authentication.

Data storage

All data is stored in a SQLite database on the server. We do not share your data with any third parties. There are no external analytics services, ad networks, or data brokers involved.

Server logs

The web server (Nginx) records access logs for operational purposes. These logs may include IP addresses, request paths, and user-agent strings. Logs are used only for aggregate analytics (via GoAccess) and troubleshooting. They are not shared with third parties.

Data retention

Your data is kept for as long as your account is active. If your account is deleted by an administrator, all associated data — decks, words, review history, study sessions, and API keys — is permanently removed from the database.

Your rights

You have the right to:

• Access your data — all your vocabulary, decks, and progress are visible in the app, and you can export your data as JSON from the Settings page
• Correct your data — you can edit your words, decks, and account details at any time
• Delete your data — contact the administrator to request full account deletion

To exercise these rights or ask questions about your data, contact the site administrator.

Changes to this policy

This policy may be updated from time to time. The date below reflects the most recent revision.

Last updated: May 17, 2026