Privacy Policy

Last updated: 2026-04-27

This Privacy Policy describes how Esli ("we", "us", "our") collects, uses, and protects your information when you use the Esli web app at app.esli.app, the Esli landing site at esli.app, and the Esli browser extension (collectively, the "Service").

By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

1. Information we collect

Account information

When you create an account, we collect:

  • Email address
  • Username (optional, chosen by you)
  • A hashed password (we never store your password in plain text), or an OAuth identifier if you sign in with Google

User content

We store the flashcard decks, cards, and study activity you create. We also store study scheduling data (intervals, ease factors) used by the spaced-repetition algorithm.

Browser extension data

When you use the Esli browser extension, we process the text you explicitly select and choose to add as a flashcard. The extension does not silently read or transmit page contents — it only sends data when you actively invoke the right-click menu or popup. Your login token is stored in browser local storage so you stay signed in.

Subscription information

If you purchase a paid plan, payment is processed by Paddle, our merchant of record. We do not see or store your card details. We receive the customer ID, subscription status, and billing period from Paddle.

Usage data

We collect minimal anonymous analytics to understand how features are used (e.g. which pages are visited). We do not use third-party advertising trackers.

2. How we use your information

  • To provide and operate the Service
  • To save your decks and study progress across devices
  • To generate AI flashcards from topics or PDFs you submit
  • To process payments and manage subscriptions
  • To respond to support requests
  • To detect and prevent abuse

3. Third-party services

We share data with the following providers strictly to operate the Service:

  • Anthropic — AI flashcard generation (we send your topic or PDF text)
  • Paddle — payment processing (handles all card data)
  • Google — optional OAuth login
  • MyMemory — text translation when you use the translate feature
  • Cloudflare — content delivery and DNS

We do not sell your data. We do not share it with advertisers. We do not share it for any purpose unrelated to operating the Service, except where required by law.

4. Data storage and retention

Your data is stored on managed cloud infrastructure with industry-standard encryption in transit (HTTPS) and at rest. Account data is retained as long as your account is active. You can delete your account at any time, which permanently removes your decks, cards, and personal data from our active database within 30 days.

5. Your rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Export your decks and cards
  • Withdraw consent and stop using the Service at any time

To exercise any of these rights, email us at [email protected].

6. Cookies and local storage

We use first-party cookies and browser local storage to keep you signed in, remember your language and theme preferences, and persist guest-mode decks before account creation. We do not use third-party advertising or cross-site tracking cookies.

7. Children's privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

8. Changes to this policy

We may update this policy from time to time. Material changes will be announced via the Service or by email. Continued use of the Service after a change constitutes acceptance of the updated policy.

9. Contact

Questions about this Privacy Policy? Email us at [email protected].

← Back to home