VOCAB POWER PLANT
LLC
VOCAB POWER PLANT
LLC
Privacy policy
QUICARD LLC PRIVACY POLICY
Last updated: February 4, 2026
This Privacy Policy explains how Quicard LLC (“Quicard,” “we,” “us,” “our”) collects, uses, discloses, transfers, and protects information when you use the Quicard iOS application and related services (the “Service”). It also explains your choices and privacy rights.
By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.
If you have questions, or want to exercise privacy rights, contact us at team@quicard.app.
1) Key idea (short version)
Quicard is primarily a study tool. You can use it without an account. If you enable cloud features, we process the data needed to sync and restore your content.
We do not provide public social/UGC features inside the app (for example, no public feed, public user profiles, or in-app public sharing network). Sharing, if available, is typically done through iOS sharing tools to destinations you choose.
We aim to collect the minimum data needed to operate the Service, keep it reliable, prevent abuse/fraud, and comply with law.
2) Who we are (controller) and how providers fit (processors)
Quicard LLC is the organization responsible for the processing of personal information described in this Privacy Policy. In privacy law terms, Quicard is generally the “data controller” (or equivalent) for personal information processed in connection with the Service.
We use third-party vendors to help operate the Service (for example, cloud hosting, database services, analytics and crash reporting, customer support tooling, and security monitoring). In many cases, these vendors act as “data processors” (or equivalent) and process information only on our instructions and as needed to provide services to us, subject to contractual confidentiality and security obligations.
3) Information we collect
3.1 Information you provide
Depending on how you use the Service, you may provide:
• Account information (optional): such as email address, sign-in identifiers, or authentication tokens needed to enable cloud sync/restore (if you choose to use these features). If a third-party identity provider is used (for example, Apple Sign In), we may receive a stable identifier and limited account-related signals needed to authenticate you.
• User Content: the flashcards, collections, notes, and other text you create, input, scan, import, or save (“User Content”). User Content may include vocabulary words, phrases, definitions, translations, example sentences, and any other learning materials you choose to store.
• Support communications: messages you send to us (for example through in-app feedback or email), which may include screenshots, attachments, logs, or diagnostic details you choose to share.
Important support note: Please avoid sending sensitive personal information in support messages. If you choose to include it, we will process it only to respond to you and to support the Service.
3.2 Information collected from your device or your use of the app
We may collect:
• Device and app information: device model, iOS version, app version/build, language, time zone, region format, accessibility settings indicators (in limited cases, if needed for troubleshooting), and similar technical data.
• Network and connection information: IP address and related network metadata (for example, request timestamps) may be processed as part of standard internet communications when you connect to our servers or service providers. This information may also be used to determine approximate region and to protect the Service (for example, rate limiting and fraud prevention).
• Usage, analytics, and diagnostics data: feature interactions, basic app events, crash logs, performance metrics, and troubleshooting signals. This may include timestamps, device/app technical identifiers, and event metadata needed to understand app behavior, prevent abuse, and improve stability. This data is collected to improve app stability and is not linked to your personal User Content.
• Approximate location / country or region: we may determine your country/region using signals such as device settings, App Store region, IP address, time zone, or similar indicators. We do not require or request precise GPS location for the Service.
• Dictionary/search and scanning history (as used in the app): such as your dictionary search history and stored scanning sessions, to the extent those features are enabled and used. Depending on how the Service is configured (account vs no account), this history may be stored locally on your device and/or stored in cloud systems used to sync or restore your data.
3.3 Purchases (Apple App Store)
If you purchase digital items (for example, blank deck packs or credits), Apple processes the payment. We may receive transaction-related signals needed to deliver the purchase and prevent fraud (for example, whether a purchase is valid, product identifier, purchase time, storefront/region signals, and related metadata). We do not receive your full payment card details.
3.4 Information from third parties (limited)
We may receive limited information from third parties such as:
• Apple/App Store: purchase validation signals, subscription/purchase state, device/app integrity signals, and other operational signals as needed for delivery and fraud prevention.
• Service providers: operational signals (for example, crash reporting details) as described in Section 9.
We do not buy personal data lists and do not operate as a data broker.
4) Tracking, advertising identifiers, and cross-app behavior (important)
Quicard’s sponsor placement is designed as a static sponsor image placement, not a behavioral advertising network.
4.1 IDFA / ATT (App Tracking Transparency)
Whether the Service uses Apple’s advertising identifier (IDFA) depends on the specific technical implementation and SDK configuration.
If the Service uses IDFA or otherwise engages in tracking across apps and websites owned by other companies for advertising or measurement, Apple’s App Tracking Transparency (ATT) permission may be requested.
If the Service does not use IDFA and does not track you across other companies’ apps and websites, then we do not request ATT permission for such tracking.
Regardless, we do not intend to build advertising profiles across unrelated apps/sites as part of the sponsor placement, and the sponsor placement is not designed to be cross-context behavioral advertising.
4.2 Do Not Sell / Do Not Share principles
We do not sell personal information as those terms are defined under California law. We do not knowingly share personal information for cross-context behavioral advertising in the sense of building advertising profiles across unrelated apps/sites.
5) Device permissions
The Service may request access to:
• Camera: to scan text and create flashcards.
• Photos (optional): only if you choose to attach or import content using iOS functionality (if applicable).
• Notifications (optional): if you enable them in iOS settings.
You can manage permissions in iOS Settings at any time.
6) How we use information
We use the information described above to:
• Provide and operate the Service, including creating, saving, organizing, and studying flashcards and collections.
• Authenticate and manage accounts (if you choose to create one) and provide account-related security.
• Sync and restore content across devices if you enable cloud features.
• Run scanning and generation workflows, including processing scanned text and producing draft flashcards and dictionary-style outputs.
• Provide dictionary-style features (definitions, examples, synonyms/antonyms, pronunciations, levels A1–C2, recommendations, and related metadata) and improve these features over time.
• Show sponsor content by country/region, where applicable (a static sponsor image that links to a sponsor’s website).
• Deliver purchases and manage credits/digital items, including purchase validation, fraud prevention, chargeback handling, and abuse prevention.
• Provide support and respond to inquiries, including troubleshooting and bug fixes.
• Maintain safety and reliability, including debugging, analytics (to understand feature usage at a high level), crash reporting, performance monitoring, security monitoring, and preventing abuse.
• Comply with legal obligations and enforce our Terms, including investigating suspected violations.
• Protect users and the public where we believe disclosure or action is needed for safety and security.
7) How scanning and “dictionary-style” features work (On-Device Processing)
Quicard uses the device’s native capabilities to process scanned text. Text extraction (OCR) and processing occur entirely on your device.
We do not upload your scanned images or raw text to our servers for processing.
Once text is extracted locally, the app may query our internal dictionary database (which is also stored locally on your device in the standard configuration) to provide definitions, examples, and translations.
Important notes:
• Outputs may be inaccurate or incomplete; the dictionary database is actively developing.
• You control what you save into your collections.
• If the Service stores scanning sessions/history, it does so locally to let you revisit, refine, and save words later (and you may delete this history where the app provides deletion controls).
Sensitive and third-party personal data warning: Do not scan sensitive personal information (for example, health data, financial data, government IDs) or other people’s personal data unless you have a lawful basis and any required consent. If you scan text that contains personal information about other people, you are responsible for ensuring your scanning and processing complies with applicable privacy laws.
8) Cloud sync, storage, and account vs no-account modes
8.1 No-account (device-based) mode
If you use the Service without creating an account, your User Content and history may be stored locally on your device. If you delete the app or change devices, you may lose locally stored data unless you have enabled a restore method supported by Apple (for example, device backups) or unless the Service provides an explicit export/backup feature.
8.2 Account-enabled (cloud) mode
If you enable cloud sync/restore by creating or using an account, we may store and process:
• your account identifiers (such as email or sign-in identifiers),
• your User Content (collections, flashcards, notes, and related metadata),
• app settings and preferences,
• history data (such as scanning sessions and dictionary search history), depending on your feature use and implementation, and
• operational metadata needed for syncing, restoring, debugging, abuse prevention, and security.
Security Warning: While we encrypt data in transit and at rest, cloud synchronization requires technical processing of your data to deliver it across devices. Do not store passwords, financial secrets, or highly sensitive personal information in your Flashcards or Notes.
8.3 Sync behavior and conflicts
Syncing may be delayed, interrupted, or may experience conflicts due to network conditions, device state, concurrent edits, or third-party service behavior. Conflict resolution behavior may depend on the feature and implementation (for example, last-write-wins, merge logic, or other strategies). Conflict resolution may result in loss of some changes.
8.4 Disabling cloud sync
If you disable cloud features (for example, by signing out or disabling cloud sync where available), some data may remain stored in cloud systems for a period of time as described in Section 12 (Data retention), unless you delete your account or request deletion.
9) Sponsored content and external links
The app may display a static, tappable sponsor image (which may vary by country/region). If you tap it, you will be redirected to a third-party website.
We do not control third-party sites. Their privacy practices are governed by their own policies. You should review those policies before providing information to third-party sites.
To serve sponsor content by region, we may use approximate region signals (such as IP address, device locale, time zone, or App Store region). We do not require precise GPS location.
10) When we share information
We may share information in the following situations:
10.1 Service providers
We may share information with vendors who help us operate the Service (for example, cloud hosting, database services, analytics and crash reporting, customer support tooling, email delivery, security monitoring, and fraud prevention). They may access information only as needed to perform services for us and must protect it.
Depending on configuration and feature use, service providers may process:
• User Content and account identifiers to enable cloud sync/restore,
• crash logs and performance diagnostics to improve reliability,
• approximate region signals to serve regional sponsor placements,
• fraud and purchase validation signals to deliver purchases and prevent abuse, and
• support messages and attachments you send to us.
10.2 Legal and safety
We may disclose information if we believe in good faith it is necessary to:
• comply with law, legal process, or government requests;
• enforce our Terms;
• protect the rights, safety, and security of Quicard, users, or the public; or
• prevent fraud or abuse.
10.3 Business transfers
If we are involved in a merger, acquisition, financing, restructuring, or sale of assets, information may be transferred as part of that transaction (subject to standard confidentiality protections).
10.4 With your direction
We may share information when you direct us to do so, for example when you export or share content using iOS sharing tools to services you select.
11) Website data (if you visit our site)
If we operate a website (for example, a landing page, support page, or Privacy Policy hosting page), the website may collect standard web information such as IP address, browser type, device information, timestamps, and pages viewed, and may use cookies or similar technologies for basic functionality, security, and performance. Third-party website services (for example, hosting providers) may also process this information.
This website processing is separate from the iOS app and may be described in additional notices on the website.
12) Data retention
We keep information only as long as reasonably necessary for the purposes described in this Policy, including to:
• provide the Service;
• comply with legal obligations;
• resolve disputes; and
• enforce agreements.
User Content and history: If you delete content in the app, we will make reasonable efforts to delete it from active systems. Residual copies may remain temporarily in backups, logs, or archives for security, legal compliance, fraud prevention, and technical operations.
Backups and logs: Backups and system logs may retain limited data for a period of time consistent with operational and security needs. Backup retention may vary depending on infrastructure and provider policies.
Account deletion: If you request account deletion, we will make reasonable efforts to delete personal information and associated content from active systems within a reasonable time, subject to technical constraints and legal obligations. Backup retention and operational logs may persist for limited periods consistent with security and compliance needs.
13) Your choices and controls
Depending on how the Service is implemented, you may be able to:
• use the app without an account (limited to device-based use);
• enable/disable cloud sync by choosing whether to create/use an account;
• delete dictionary history and scanning history using in-app controls (where available);
• disable notifications in iOS Settings;
• control camera permissions in iOS Settings;
• request access, deletion, correction, or export of your data by contacting team@quicard.app, subject to verification; and
• control certain analytics settings if the Service provides such toggles (where implemented).
14) Your rights (including EEA/UK and similar regions)
Depending on where you live, you may have rights to:
• access personal information;
• correct or update personal information;
• delete personal information;
• object to or restrict certain processing; and
• request a copy of your data (“data portability”).
To make a request, contact team@quicard.app. We may ask you to verify your identity before fulfilling requests. We may deny requests where permitted by law (for example, if we cannot verify identity, if fulfilling the request would disclose another person’s data, or if we must retain information for legal obligations).
15) Legal bases for processing (EEA/UK and similar regions)
If you are located in the EEA/UK (or in another region that requires a legal basis), we process personal information under one or more of the following bases, as applicable:
• Contract (performance of a contract): to provide and operate the Service you request, including creating and storing your flashcards, providing core features, and (where enabled) syncing/restoring your content.
• Legitimate interests: to secure and improve the Service, prevent abuse and fraud, debug and fix issues, measure performance, and maintain reliability. We take steps to minimize privacy impact, such as limiting collection and using security controls.
• Consent: where required (for example, optional notifications, or where we implement features that require consent under local law). You can withdraw consent by changing device settings or contacting us, where applicable.
• Legal obligation: to comply with applicable laws, lawful requests, and recordkeeping obligations.
16) California privacy notice (CCPA/CPRA)
If you are a California resident, you may have additional rights under California law, including the right to:
• know what personal information we collect, use, disclose, and share;
• request deletion of personal information (subject to legal exceptions);
• correct certain personal information;
• opt out of “sale” or “sharing” of personal information as defined by California law; and
• limit the use and disclosure of sensitive personal information, where applicable.
We do not sell personal information as those terms are defined under California law.
We do not knowingly share personal information for cross-context behavioral advertising in the sense of building advertising profiles across unrelated apps/sites. Sponsor content is a static placement; tapping a sponsor link takes you to a third-party site governed by that third party’s policy.
Categories of personal information we may collect (examples):
• identifiers (such as email if you create an account; device/app technical identifiers);
• internet or other electronic network activity information (such as app interaction events and diagnostics);
• geolocation data at an approximate level (country/region derived from IP/locale/App Store region, not precise GPS);
• user content you create (flashcards, collections, notes) if you store it with cloud features or otherwise transmit it to our systems;
• customer support information (messages and attachments you send to us).
Disclosure purposes: We may disclose categories of personal information to service providers for business purposes such as operating the Service, providing cloud functionality, processing support requests, preventing fraud, and improving reliability.
Non-discrimination: We will not discriminate against you for exercising your rights.
Verification: We may verify your identity by requesting information that matches our records or by requiring you to take actions that confirm account control.
Authorized agents: Where permitted, you may designate an authorized agent to make requests on your behalf, subject to verification and proof of authorization.
To exercise your rights, contact team@quicard.app.
17) International data transfers
Quicard is based in the United States (Iowa) and may process and store information in the United States and other countries where we or our service providers operate. Data protection laws may differ from those in your country. Where required, we use appropriate safeguards for cross-border transfers (for example, contractual protections) and we take steps to protect information in transit and at rest.
18) Security
We use reasonable administrative, technical, and physical safeguards to protect information. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
19) Children’s privacy
The Service is generally intended for users 13+ (or older where local law requires). We do not knowingly collect personal information from children under the age where parental consent is required without such consent. If you believe a child has provided personal information without appropriate consent, contact team@quicard.app.
20) Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If changes are material, we will provide notice within the Service or by other reasonable means. Your continued use after the effective date means you accept the updated Policy.
21) Contact
Quicard LLC
Iowa, USA
Email: team@quicard.app
Mailing address:
400 Locust Street, Site 400
Des Moines, IA 50309-3723
US
ADDENDUM TO PRIVACY POLICY: DATA PROCESSING CLARIFICATIONS
A1) Database-Driven "Generation" and Retrieval
The "Generation" function is a retrieval system that queries Quicard’s proprietary vocabulary database.
No Third-Party AI Processing: Your topic selections and sub-topic queries are processed within the Quicard ecosystem. We do not transmit your selections to third-party generative AI providers.
Algorithmic Selection: Processing involves matching your selected "Core Topics" and "Sub-topics" with pre-defined linguistic maps stored in our database to provide relevant vocabulary results.
A2) Credit Management and Consumption Metadata
To support the "1 Credit = 1 Flashcard" model, we process metadata related to your usage:
Transaction Logs: We store timestamps of credit consumption and the volume of flashcards created.
Purpose: This data is used strictly for purchase validation, fraud prevention, and to ensure your digital entitlements (credits) are accurately reflected across devices.
A3) On-Device Processing
The Service is designed with a "Mobile-First" approach to data:
Scanning (OCR): Text extraction is performed entirely on your device using native frameworks. We do not upload scanned images or text to our servers for processing.
Local Storage: In "No-Account Mode," your dictionary history and scanning sessions remain exclusively on your device.
A4) Ad Interaction and Referrer Privacy
The static sponsor image on the Dashboard is a native design element.
Data Isolation: We do not share your User Content, learning progress, or vocabulary levels with sponsors.
Tappable Links: When you tap a sponsor image, you are redirected via a standard URL link. The third-party sponsor may receive standard technical data (such as your IP address and the fact that you arrived from Quicard), but no personal study data is transmitted.
A5) Data Deletion and "History" Management
The Service provides manual controls to delete your Scanning History and Dictionary Search History.
Deletion Execution: When you trigger a deletion, the data is removed from your device's local storage. In Cloud Mode, a deletion command is sent to our servers to purge the data from active databases, subject to standard technical backup cycles.
Follow us on social media: