Privacy Policy
Last updated: July 2026
Hangil Flashcards ("the add-on") is a Google Sheets™ add-on that lets you study vocabulary
from a spreadsheet as shuffled flashcards. This policy explains what data is collected,
how it is used, and your rights.
1. What data we collect
- Google account email address — used to identify your account and store your license record.
- License and subscription information — your current plan status (free, trial, paid, or coupon), trial start and expiry dates, and subscription identifiers from our payment processor.
- Card review progress (paid feature only) — for each card, how many times you answered correctly or incorrectly and your current mastery level (mastered, learning, or needs practice), stored per spreadsheet tab.
- Language and font preferences — stored locally in Google's per-user add-on storage and never sent to our servers.
- Last-seen timestamp — the last time you opened the add-on, used to manage data retention.
The content of your spreadsheet (your vocabulary cards) is read locally to display flashcards
and is never stored or transmitted to our servers. We do not know, and cannot
recover, what any of your flashcards say. To track review progress, each card is identified only
by a one-way SHA-256 hash of its text, computed on the fly and used solely to recognize the same
card again on your next review session — the underlying front/back text is never included in
that record or sent to our servers.
2. How we use your data
- To determine whether your account has an active subscription or trial.
- To display your card review progress and support the "Needs Practice" study mode.
- To process payments via our payment processor (Lemon Squeezy).
We do not sell, share, or use your data for advertising.
3. Data storage & security
Account and license data is stored in Google Cloud Firestore, hosted in the United States.
Language and font preferences are stored in Google's built-in Apps Script user properties,
which remain on Google's infrastructure.
- Encryption — all data is encrypted in transit (HTTPS/TLS) between the add-on and Firestore, and encrypted at rest by Google Cloud's default storage encryption.
- Access control — the add-on's server-side code authenticates to Firestore with a private service-account credential that is scoped to this project only; it is never exposed to end users or third parties. Direct client access to the database (used only by our internal admin console) is restricted by Firestore Security Rules to a single authorized administrator account.
- No public access — there is no end-user-facing API or interface that exposes another user's data; each user can only read their own license and progress records through the add-on itself.
4. Third-party services
- Google — Google Sheets™ , Firebase/Firestore™ , and Google Fonts™ are used to operate the add-on.
- Lemon Squeezy — processes subscription payments. See Lemon Squeezy's privacy policy.
5. Data retention
If your subscription expires, your account data is retained for 90 days to allow for
reactivation, then automatically deleted. You may request earlier deletion by contacting us.
6. Your rights
You may request access to, correction of, or deletion of your personal data at any time
by contacting us at the address below. To remove the add-on entirely, uninstall it from
your Google account via Google Account Permissions
and contact us to delete your stored data.
7. Contact
For privacy questions or data deletion requests, email:
gilbertr@gmail.com