FlaevoTerms of Service →
GDPR, CCPA & Act 843 Compliant

Privacy Policy

Last updated: May 2026 · Version 1.0.0 · Ref: Ghana DPA Registration

🤝
Our Core Privacy PledgeWe build Flaevo to accelerate your learning. We process academic indicators strictly to fuel your AI Coach and custom plans. We do not sell, rent, or trade your personal records to third parties for advertisement. This document is structured to provide full details and a plain-English explanation of our operations.

Table of Contents

1. Scope & Introduction

Plain English SummaryWe operate Flaevo to help you learn faster. This policy explains what data we collect when you use our web and mobile apps, how we safeguard it, and how we respect your privacy rights. We do not sell your personal data.

This Privacy Policy (“Policy”) forms a binding agreement and governs the data processing practices of Flaevo (“Flaevo”, “we”, “our”, or “us”). It applies to the Flaevo web application, native mobile application (Android), API endpoints, developers tools, and all associated services (collectively, the “Service”).

Flaevo is operated and managed out of Accra, Ghana. We are committed to processing your personal data in accordance with the highest international benchmarks, including the Ghanaian Data Protection Act, 2012 (Act 843), the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable regional data protection legislations.

By registering for an account, installing the Android client, or interacting with the Service, you consent to the collection, storage, transfer, and processing of your personal information as set forth herein. If you do not agree with these terms, please immediately cease all usage of the Service.

2. Information We Collect

Plain English SummaryWe collect account details (email, name), academic preferences (your grade, subjects), study activities (XP, card progress), and document uploads (for AI summaries). Transactional details are handled by Paystack, so we never see your card/MoMo PIN.

To provide our learning platform and custom AI features, we collect several categories of information, directly from you or automatically during your sessions:

2.1 Account Credentials & Identity Info

When you register, we collect your display name, email address, profile picture (either customized upload or fetched from Google OAuth metadata), and cryptographically salted and hashed passwords. We use this to authenticate your identity, prevent unauthorized access, and power multiplayer matchups.

2.2 Academic Profile Metadata

We collect your school level (e.g. Junior High, Senior High, University, Professional / Self-study), courses of interest, self-assessed strength per course, learning style (e.g. visual, mixed), target exams (e.g. BECE, WASSCE, SAT, custom exams), and dates of exams. This details your academic profile to customize AI Coach insights, AI Planner schedules, and AI Tutor explanation levels.

2.3 Study Progress & Gamification Metrics

To calculate spaced repetition intervals (SRS) and leaderboards, we store the flashcards you build, card success/failure rates, focus timer lengths (including focus sessions today and continuous daily streaks), quiz results, badges unlocked, experience points (XP) accumulated, and virtual coins balances.

2.4 User Generated Content & Uploads

We process and store files you upload (PDFs, DOCX, txt, images) for summarization, notes generation, or translation. Chat messages sent inside public or private study rooms are hosted in our database to sync room states. AI chat transcripts with the AI Tutor/Coach are retained to keep conversation context.

2.5 Diagnostic & Technical Footprints

We automatically log device details (brand, model, screen dimensions), operating system version (e.g. Android API level), browser user-agent, country-level location inferred from your IP address, app crash stack traces, and click interaction maps. We use these for analytics and infrastructure security.

2.6 Billing & Payment Indicators

All subscription payments are handled directly by Paystack Payments Limited. Flaevo only stores payment metadata: subscription plan (Pro, Max), payment status, reference IDs, and transaction dates. We do not collect, view, or store credit card numbers, CVVs, or mobile money PINs.

3. How We Use Your Data

Plain English SummaryYour data is used to customize your AI study planner, rank you on leaderboards, deliver notifications, secure your profile, and renew your subscriptions. We never sell your data to advertisers.

We process your data strictly to fulfill the following business and functional purposes:

  • AI Customization: Adjusting the vocabulary, difficulty level, and curriculum guidelines of our AI components (Tutor, Coach, Planner) to align with your academic profile.
  • Spaced Repetition: Powering the scheduling algorithms that calculate exactly when you should review a flashcard for optimal memorization.
  • Social and Gamification: Compiling global and class leaderboards, matchmaking for multiplayer study duels, and showing active study rooms.
  • Communication: Dispatching notifications (via email or Capacitor Push Notifications) regarding streaks, achievements, system maintenance, and account billing. You can modify notification preferences inside Settings.
  • Security and Stability: Resolving application crashes using Sentry telemetry, blocking DDoS attacks, and identifying malicious users violating our system query limits.

4. Legal Grounds for Processing

Plain English SummaryWe process your data under legal criteria: Contractual Necessity (to run your account), Legitimate Interests (to improve our services), Legal Obligations (to track payments), and Consent (for push notifications).

Under global regulatory frameworks (GDPR Article 6 and Section 22 of the Ghana Data Protection Act), we process personal data only when there is a valid legal basis:

Contractual NecessityTo establish your account, log your study progress, host your flashcard decks, and process payment subscriptions.
Legitimate InterestsTo refine UI layouts, optimize server responses, secure API endpoints, and maintain fair leaderboards.
Legal ObligationTo maintain audit records, comply with tax reporting in Ghana, and respond to lawful security requests.
ConsentFor optional activities, such as activating push notifications or using third-party single sign-on (OAuth). You may revoke consent at any time.

5. Third-Party Data Processors

Plain English SummaryWe share specific details with trusted partners: Supabase (database storage), DeepSeek/Groq (AI processing), Paystack (payments), and Google (sign-in). They cannot sell or reuse your details.

We work with vetted service providers to run Flaevo. They have access to data categories only to perform their assigned functions, and are barred from sharing or repurposing your personal details:

ProviderScope of WorkData Categories Disclosed
Supabase, Inc.Database, file storage, and authentication.Account profiles, files, flashcard metrics, chat rooms.
DeepSeek & GroqGenerative AI tutoring, notes and planning models.AI prompts, uploaded document text contents.
Paystack Payments Ltd.Securing mobile money and credit card transactions.Email, payment sum (payment info directly bypasses Flaevo).
Vercel, Inc.Web app hosting and edge function deployment.IP, user-agent, crash details.
Sentry (Functional Software)Real-time error tracking and telemetry.Operating system, app version, error traces.

6. Compliance with Regional Laws

Plain English SummaryWe fully comply with GDPR (Europe), CCPA (California), and Ghana's Data Protection Act 843. You have the right to access, export, correct, or permanently delete your data at any time.

6.1 Ghana Data Protection Act, 2012 (Act 843)

We adhere to the eight foundational principles of Act 843:

  • Accountability: Our DPO reviews all data integration channels.
  • Lawfulness of Processing: We collect only relevant inputs under consent or contract.
  • Specification of Purpose: Data is utilized solely to power your study assets.
  • Quality of Information: Users have inline edit buttons to correct stats.
  • Security Safeguards: We apply Row-Level Security (RLS) policies.

6.2 GDPR / UK Data Protection Act Rights

If you reside in the EEA or UK, you enjoy key protections:

  • Right to be Forgotten: You can request total deletion of your database rows.
  • Data Portability: You can request an export of your study logs in JSON.
  • Restriction of Processing: You can restrict automated processing of files.
  • Right to Lodge Complaint: You can notify your regional Data Protection Authority.

6.3 CCPA/CPRA Rights (California)

California residents have the right to request access to categories of data collected, request deletion, and opt-out of data sales. Flaevo does not sell or share your data, so there is no opt-out link necessary. We do not discriminate for exercising rights.

7. Data Security & Encryption

Plain English SummaryWe secure your information using SSL/TLS encryption for transfer, secure row-level separation in our databases, and cryptographic password hashing. We cannot read your raw password.

We deploy industrial-grade defenses to keep your data safe:

  • Encryption in Transit: All web and mobile calls are routed through HTTPS protocol using Transport Layer Security (TLS 1.3).
  • Database Isolation: Supabase database utilizes PostgreSQL Row-Level Security (RLS). This blocks any client queries trying to fetch, modify, or delete logs belonging to other account IDs.
  • Password Security: Passwords are cryptographically salted and hashed using bcrypt before database storage. We have no access to plain-text passwords.
  • Breach Protocols: In the event of a security compromise, we will notify affected users and the relevant Ghanaian/EU Data Protection Commissioner within 72 hours of verification.

8. Data Retention & Deletion

Plain English SummaryWe keep your data as long as your account is active. You can delete your account instantly in-app (Profile > Settings > Delete Account), which purges your details from our databases.

We retain your personal details only as long as necessary to run your account. We have established two deletion paths to meet Google Play Store Developer policies:

Option A: Instant In-App Deletion

Log in to Flaevo → Select the Profile tab → Tap the Settings gear icon → Scroll down and tap Delete Account. This will instantly delete your email credentials, study decks, profile values, and chat rooms references from our active database nodes.

Option B: Verification Email

Send an email to support@flaevoapp.com with the subject “Account Deletion Request”. Following validation of identity, we will wipe your profile details from our production environments within 30 days.

*Note: Subscription ledger records and payment logs on Paystack will be archived for up to 7 years to satisfy Ghanaian tax audit and financial tracking statutes.*

9. Children's Privacy (COPPA)

Plain English SummaryFlaevo is designed for learners aged 13 and above. We do not intentionally collect data from children under 13. If we find an account created by a child under 13, it will be deleted immediately.

Flaevo is designed for students, educators, and lifelong learners. Our Services are intended for individuals who are at least 13 years of age. We do not knowingly compile personal data from children under 13.

If we become aware that a child under 13 has registered without verified parental consent, we will take immediate measures to terminate the login credentials and scrub all related study progress metadata. If you are a parent or legal guardian and suspect that your child has created an account, please contact us immediately at support@flaevoapp.com.

10. Cookie & Tracking Policy

Plain English SummaryWe use basic cookies to keep you logged in and save your local preferences (like dark mode). We do not track you across other websites or use cookies for retargeted ads.

We use essential cookies and browser local storage elements to operate the Service:

  • Session Authentication: Keeping your auth session active across page switches so you don't need to sign in every time.
  • Preference Settings: Remembering your selected theme choice (Light, Dark, or System) and study preferences.
  • Telemetry Logs: Storing temporary diagnostics on page loads to measure performance and errors.

You can adjust your web browser settings to block or delete cookies. However, blocking essential session cookies will prevent you from signing in or saving your customized learning profiles.

11. Contact & DPO Details

Plain English SummaryIf you have questions about your privacy, email our DPO at support@flaevoapp.com with the subject 'Privacy Request'.

For inquiries, complaints, data exports, or to exercise any of your data rights, please contact our Data Protection Officer (DPO):

Flaevo Compliance Division
Accra, Ghana
Email: support@flaevoapp.com
Subject Line: “Privacy Request”

Interactive Data Rights Helper

Exercise your access and deletion rights automatically.

Under GDPR and the Ghana Data Protection Act, you can request to download a copy of your study data, or request permanent deletion. Use this widget to prepare a legal request to our team:

Copy this draft and send it from your registered email address to support@flaevoapp.com.
← Back to Flaevo DashboardFlaevo Inc. All rights reserved.