Smart NotesSmart Notes for Anki

Privacy Policy

Privacy Policy

Last updated: April 19, 2026

Smart Notes ("Smart Notes," "we," "our," or "us") is an Anki extension and accompanying web service that uses artificial intelligence to generate flashcard content. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have.

By using Smart Notes you agree to this Privacy Policy. If you do not agree, do not use the service.

The service is operated by Rosebud Labs, LLC, a Delaware limited liability company, and is intended for users worldwide.

1. Information We Collect

Account information

When you create an account we collect your email address and authentication information through our authentication provider, Clerk. You can sign in with email and password or with Google. We may add additional sign-in methods (such as other OAuth providers) over time.

Content you submit

When you use Smart Notes to generate flashcard content, the text from the Anki card fields you choose, along with any prompts and configuration you provide, is sent to our servers and forwarded to one or more third-party AI providers in order to generate a response.

We do not currently store the content of your prompts or your card fields on our servers after a request completes. We may, in the future, store this content (including prompts, card field text, and generated outputs) in order to operate, debug, secure, improve, and develop the service. If we begin to do so, our practices will continue to be governed by this Privacy Policy as it then reads.

Usage and billing information

We store information necessary to operate your account and bill you, including your subscription plan, credit consumption (text, voice, image), Anki card identifiers associated with your usage (we store identifiers, not the underlying card text), Stripe customer identifiers, and account status flags. Payment card details are handled entirely by Stripe — we do not see or store payment card numbers.

Device, log, and diagnostic information

When you use the service we automatically collect technical information including your IP address, request metadata (such as the model used and the credits consumed), and standard server logs. If an error occurs during a request, the resulting error report sent to our error-monitoring provider (Sentry) may include the content of the request that triggered the error.

Analytics

We use analytics providers — currently Umami and Amplitude — to understand how the service is used and to improve it. These providers may collect information such as device type, browser, operating system, IP address, pages viewed, feature interactions, and a user identifier. We may add or change analytics providers over time.

Cookies

We use cookies for authentication (set by Clerk) to keep you signed in. We do not use third-party advertising cookies. Our analytics setup currently does not require third-party cookies, though this may change if we add or change providers.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, secure, and improve the service, including generating AI responses to your requests.
  • Manage your account, subscription, and billing.
  • Enforce usage limits and detect or prevent fraud and abuse (this is the primary reason we collect and store IP addresses).
  • Communicate with you about your account, the service, and (where permitted) product updates.
  • Debug errors, monitor service health, and improve reliability and performance.
  • Develop new features and improve existing ones.
  • Comply with legal obligations and enforce our terms.

We may also use de-identified or aggregated data — data that does not identify you — for any purpose, including research, benchmarking, analytics, and improving our models and prompts.

3. AI Processing and Third-Party AI Providers

To generate the content you request, the text and prompts you submit are sent to one or more third-party AI providers. Each provider handles your data according to its own privacy policy and data-processing terms. The current providers are:

  • OpenAI (text generation, text-to-speech). We send requests with the store: false setting where supported, which instructs OpenAI not to retain the content of your requests beyond what is necessary to return a response. See OpenAI's API data usage policy.
  • Anthropic (text generation). Anthropic does not use API content to train its models. By default Anthropic retains API content for up to 30 days for trust-and-safety review, after which it is deleted. See Anthropic's privacy policy.
  • Google — Gemini API (paid tier) (text and image generation). We use the paid tier of Google's Gemini API. Per Google's terms, when using the paid tier, Google does not use your prompts (including system instructions, cached content, and files) or responses to improve its products. See Google's Gemini API additional terms.
  • Google Cloud — Text-to-Speech (audio generation). Governed by the Google Cloud Platform terms and Data Processing Addendum, under which Google does not use customer data to improve its models.
  • Microsoft Azure — Speech Services (text-to-speech). Governed by Microsoft's Online Services Terms and Data Protection Addendum.
  • Replicate (image generation). Governed by Replicate's privacy policy.

We may add or change AI providers over time as the service evolves; we will keep this list reasonably current but reserve the right to use additional providers without separately notifying you of each one.

4. Sub-Processors and Service Providers

In addition to the AI providers listed above, we use the following third parties to operate the service:

  • Clerk — authentication, user identity, session management.
  • Stripe — payment processing and subscription billing.
  • Neon — managed PostgreSQL database, hosted in the United States. Encrypts data at rest and in transit.
  • Railway — application hosting, currently in the United States.
  • Sentry — error monitoring and diagnostics.
  • Umami, Amplitude — product analytics.

Each provider processes data only as necessary to provide its service to us. We may add, remove, or change sub-processors over time.

5. How We Share Information

We do not sell your personal information. We share personal information only:

  • With the third-party AI providers and sub-processors listed above, to operate the service.
  • When required by law, legal process, or a valid governmental request.
  • To protect the rights, property, or safety of Smart Notes, our users, or the public, including investigating fraud or abuse.
  • In connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this Privacy Policy.

6. Data Retention

  • Account information is retained for as long as your account is active.
  • Card and prompt content sent for processing is not currently retained on our servers after a request completes (see Section 1). If this changes, this section will be updated.
  • Usage and billing records are retained for as long as your account is active and as required by tax and accounting obligations after that.
  • IP addresses stored for fraud and abuse detection are retained for up to 90 days.
  • Server logs and error reports are retained according to our infrastructure providers' default retention policies, typically up to 90 days.
  • Analytics data is retained according to our analytics providers' default retention policies.
  • Backups of the database may persist for a limited time after deletion, in accordance with our database provider's backup-retention policies.

7. Data Security

We use industry-standard security measures to protect your data, including encryption in transit (TLS) and encryption at rest at the database level. No system is perfectly secure, and we cannot guarantee the absolute security of your data.

8. International Data Transfers

Our infrastructure (database and application servers) is currently located in the United States. We may add infrastructure or replicas in other regions over time. Several of our sub-processors and AI providers operate globally and may process data in other countries. By using the service you consent to your information being transferred to, processed in, and stored in the United States and in any other country in which our sub-processors operate.

If you are in the European Economic Area, the United Kingdom, or Switzerland, transfers of your personal information outside of those regions are made under appropriate safeguards, such as the Standard Contractual Clauses, where required.

9. Your Rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Access — request a copy of the personal information we hold about you.
  • Correction — request that we correct inaccurate information.
  • Deletion — request that we delete your personal information.
  • Restriction or objection — request that we limit or stop certain types of processing.
  • Portability — request your information in a portable format.
  • Withdraw consent — where we rely on your consent, you may withdraw it at any time.

To exercise any of these rights, email us at support@smart-notes.xyz. We will respond within a reasonable period and in any event within the time required by applicable law. If you are in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data-protection authority.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we have collected, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell your personal information.

Account deletion

We do not currently offer self-service account deletion. To delete your account and the personal information associated with it, email us at support@smart-notes.xyz and we will process your request promptly. Some information may persist in backups for a limited period as described in Section 6.

10. Children's Privacy

Smart Notes is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at support@smart-notes.xyz and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this policy. If the changes are material, we will provide additional notice (for example, by email or through the service) where required by law. Your continued use of the service after the changes take effect constitutes acceptance of the updated policy.

12. Contact

If you have any questions about this Privacy Policy or our data practices, contact us at support@smart-notes.xyz.

← Back to Smart Notes

Smart Notes for Anki

Made with ❤️ by Michael Piazza

Tokyo & NYC

Resources

DocsReleases

Connect

GitHubDiscord

Legal

Privacy PolicyTerms of Service

© 2026 Rosebud Labs, LLC