What is SmartRecall AI?

SmartRecall AI is an AI-powered flashcard tool that turns PDFs, lecture notes, and textbooks into spaced-repetition decks using the SM-2 algorithm.

Is SmartRecall AI free?

Yes. A free tier lets you generate and review flashcards. Paid tiers unlock higher AI quotas and advanced analytics.

How does spaced repetition work in SmartRecall?

SmartRecall uses the SM-2 algorithm — the same scientifically-validated scheduler behind SuperMemo and Anki — to surface each card at the optimal interval based on how easy or hard you found it.

Can I import my own PDFs and notes?

Yes. Upload a PDF, paste text, or import notes. SmartRecall extracts key concepts and generates multiple flashcard types automatically.

How is SmartRecall different from Anki?

Anki requires you to write every card by hand. SmartRecall reads your source material with AI and generates cards for you, while keeping the same SM-2 spaced-repetition science.

Privacy Policy

Oct 24, 2025

Last updated: April 22, 2026

1. Introduction

This Privacy Policy describes how SmartRecall ("SmartRecall", "we", "us", or "our") collects, uses, and protects your information when you use our AI-powered spaced-repetition flashcard service through our website smartrecallai.com or our iOS app distributed via the Apple App Store.

SmartRecall is designed to be useful with as little personal data as possible. This policy explains exactly what we collect, why, and who it is shared with. By using SmartRecall, you agree to the practices described here.

2. Information We Collect

2.1 Information you provide

Account information. When you register, we collect your email address and, depending on your chosen sign-in method, your name and a profile image. If you use Sign in with Apple and choose to hide your email, we receive only Apple's private relay address.
User content. Study materials you upload for AI processing, decks you create, flashcards (both manually created and AI-generated), tags, notes, and any other content you save in your account.
Review history. Every time you grade a flashcard during review, we record the rating, timestamp, and the resulting SM-2 scheduling state (ease factor, interval, next-due date). This is what makes the spaced-repetition algorithm work.
Support communications. If you contact us at [email protected] or submit a feedback form, we keep the messages and any attachments you share.

2.2 Information collected automatically

Usage analytics. We use PostHog to understand how SmartRecall is used in aggregate — for example, which features are opened, how long sessions last, and anonymized flow through onboarding. This helps us improve the product.
Device and log information. Device model, operating system version, app version, language and region, IP address, crash logs, and similar technical diagnostics.
Cookies and similar technologies (web only). Used for authentication sessions, CSRF protection, remembering your preferences, and analytics. We do not use third-party advertising cookies.

2.3 Payment information

Web purchases are processed by our payment processors Stripe and Creem (powered by Stripe). We receive transaction metadata (amount, currency, success/failure, last four digits of the card, country, billing region) but never see or store your full card number. Each processor handles your card data under its own PCI-DSS-compliant infrastructure and privacy policy (Stripe Privacy Policy, Creem Privacy Policy).
iOS purchases are processed by Apple via StoreKit. We receive only the transaction receipt and purchase identifiers; we never see your Apple ID password, payment method, or billing address.

2.4 Credits and billing records

We keep a ledger of credit purchases, grants, and consumption tied to your account so that the service works correctly and so we can answer billing questions.

3. How We Use Your Information

We use the information we collect to:

Provide the core service — create and sync your decks, run the SM-2 scheduler, show your review queue, and display your progress across devices.
Generate AI flashcards — send the text you explicitly submit for generation to our AI routing partner (OpenRouter), which forwards the request to downstream large-language-model providers; receive the generated flashcards, and save them to your account.
Authenticate and secure your account — log you in, protect against unauthorized access, detect abuse.
Process payments — bill you, grant credits, handle refund and chargeback flows.
Provide support — respond to your questions and resolve incidents.
Improve the product — debug crashes, analyze aggregate usage, run A/B tests on non-sensitive UI changes.
Comply with law — meet tax, accounting, and regulatory obligations.

We do not use your personal study materials or AI-generated flashcards to train third-party AI models. The AI provider processes your content solely to respond to the specific generation request, under their data-processing terms.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases:

Performance of a contract — to deliver the service you signed up for, including AI generation, syncing, and billing.
Legitimate interests — to keep the service secure, prevent fraud, and improve the product, balanced against your rights.
Consent — for optional analytics or marketing where required by law; you can withdraw consent at any time.
Legal obligations — where we are required to retain or disclose information by law.

5. How Your Content Flows Through AI Generation

When you ask SmartRecall to generate flashcards from study materials, here is exactly what happens:

The text you submit is sent over an encrypted connection to OpenRouter (our AI routing partner), together with a generation prompt.
OpenRouter forwards the request to a downstream large-language-model provider (such as the providers integrated into OpenRouter's catalog) and returns the generated flashcards.
The flashcards are saved to your SmartRecall account.
Your submitted text and the generated output are retained in your account until you delete them.
If you uploaded a PDF file, the file itself is stored in Cloudflare R2 object storage for up to 90 days so we can re-extract text on request or audit issues, after which it is automatically deleted. The extracted text used to drive generation is retained with your account (see Section 8).

OpenRouter and its downstream providers process the content on our behalf as sub-processors and, under their terms, do not use it to train their models. We do not send your content to any AI provider unless you actively trigger a generation.

We do not sell your personal information. We share information only with:

Service providers ("sub-processors") who help us operate SmartRecall, bound by confidentiality and data-processing obligations:
- Cloudflare — web hosting, edge infrastructure, CDN, DDoS protection, and R2 object storage for uploaded PDF files (max 90 days).
- Stripe — web payment processing (primary processor).
- Creem — alternative web payment processing (Stripe-powered merchant of record for international card payments).
- Apple — iOS distribution, Sign in with Apple, in-app purchases (StoreKit).
- Google and GitHub — optional social sign-in.
- OpenRouter and its downstream large-language-model providers — AI inference for flashcard generation.
- PostHog — product analytics.
- An email/transactional provider, when we send account or support emails.
Authorities and legal successors where we are legally required to disclose information, or in the context of a merger, acquisition, or asset sale (in which case we will notify users in advance where feasible).

We will never share your personal study materials with advertisers or sell them to data brokers.

7. International Data Transfers

SmartRecall operates on global infrastructure. Your data may be processed in countries other than where you live, including the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards to protect international transfers.

8. Data Retention

Account data is retained while your account is active.
User content, decks, flashcards, and review history are retained until you delete them or delete your account.
Backups may retain deleted content for up to 30 days before being purged.
Billing records may be retained for up to 7 years to comply with tax and accounting laws.
Analytics and log data are retained in identifiable form for up to 24 months, then aggregated or deleted.

9. Your Rights

Depending on your jurisdiction, you have the right to:

Access a copy of the personal data we hold about you.
Correct inaccurate information (for most fields, directly in Settings).
Delete your account and associated data. You can do this in-app (iOS: Settings → Account → Delete Account; Web: Settings → Account) or by contacting us.
Export your decks and flashcards.
Object to or restrict certain processing.
Withdraw consent where we rely on consent.
Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact [email protected]. We will respond within the timeframes required by applicable law (usually 30 days).

10. Account Deletion on iOS

Per Apple's App Store guidelines, SmartRecall provides in-app account deletion on iOS. Go to Settings → Account → Delete Account. Deletion is permanent and removes your decks, flashcards, uploaded materials, review history, and Sign in with Apple link. Some records (billing, security logs) may be retained where required by law.

11. Children's Privacy

SmartRecall is not directed at children under 13 (or the minimum digital consent age in your country). We do not knowingly collect personal information from such children. If you believe a child has provided us personal information, contact us and we will delete it.

12. Security

We protect your data with:

Encryption in transit (TLS/HTTPS) for all client-server traffic.
Encryption at rest provided by our hosting and database providers.
Access controls limiting who on our side can access production data.
Authentication hardening via Better-Auth and, where applicable, Sign in with Apple's id_token verification.

No system is 100% secure. In the event of a data breach that affects you, we will notify you and the relevant authorities as required by law.

Email: [email protected]
Website: smartrecallai.com

By using SmartRecall you agree to this Privacy Policy. Thanks for trusting us with your learning.