When you use Words on Repeat, we store the following data:
Your data is used solely to provide the app's functionality:
We do not use your data for advertising, profiling, or any purpose beyond operating the app.
Words on Repeat uses an authentication cookie to keep you logged in. This cookie:
httpOnly and sameSite=strict flags for securityThis cookie is strictly necessary for the site to function and cannot be disabled.
With your consent, we use Google Analytics 4 to understand how the site is used. Google Analytics sets the following cookies:
_ga — distinguishes unique users. Expires after 2 years._ga_* — maintains session state. Expires after 2 years.These cookies are only set if you click "Accept All" or enable analytics in the cookie preferences. You can change your choice at any time by clicking the "Cookie Settings" link in the page footer. For more information, see Google's Privacy Policy.
Words on Repeat uses browser localStorage to persist your preferences locally on your device. This data is never sent to our servers:
You can clear this data at any time through your browser settings.
Words on Repeat can be installed as a Progressive Web App (PWA) on your device. The service worker caches static assets (CSS, JavaScript, icons) for faster loading and basic offline support. No personal data or vocabulary content is cached offline — study features require an internet connection.
All data is stored in a SQLite database on the server. We use third-party email delivery services — currently Mailgun (Sinch Email) and/or Amazon Web Services Simple Email Service (AWS SES) — to send transactional emails, including account verification, password reset, and contact form notifications. These providers process only the recipient email address and message content necessary for delivery. With your consent, we use Google Analytics 4 to collect anonymized usage data (see Cookies section above). No personal data is shared with third parties for marketing or advertising purposes. There are no ad networks or data brokers involved.
We use the Web Push protocol to deliver daily study reminders to users who opt in. Push subscriptions (browser endpoint URLs and encryption keys) are stored in the database and deleted when you disable notifications or when your browser revokes the subscription.
The web server (Nginx) records access logs for operational purposes. These logs may include IP addresses, request paths, and user-agent strings. Logs are used only for aggregate analytics (via GoAccess) and troubleshooting. They are not shared with third parties.
Your data is kept for as long as your account is active. If your account is deleted by an administrator, all associated data — decks, words, review history, study sessions, and API keys — is permanently removed from the database.
You have the right to:
To exercise these rights or ask questions about your data, contact the site administrator.
This policy may be updated from time to time. The date below reflects the most recent revision.
Last updated: May 22, 2026