Privacy Policy

Last updated: April 2026

1. Data Controller

LeroCards (the "Service") is operated by Martin Sevcik, Brno, Czech Republic. If you have questions about your data, contact us at the email address associated with your account.

2. What Data We Collect

We collect only the data necessary to provide the Service:

• Account data: email address and authentication credentials (handled by Supabase Auth).
• Mindmap data: the mindmaps, text boxes, and other content you create.
• Uploaded images: images you add to your mindmaps.
• Settings: your UI preferences (theme, grid mode, etc.).

3. Why We Collect It

We use your data solely to operate the Service: authenticate you, store your mindmaps, handle uploads, and remember your preferences.

4. Data Retention

We keep your data until you delete your account. You can export your data at any time from the Account settings. When you delete your account, all associated data (mindmaps, images, and settings) is permanently removed.

5. Third-Party Processors

• Supabase — authentication and database (hosted in the EU region).

6. Your Rights (GDPR)

As a user in the European Union, you have the right to:

• Access your data — use the Export feature in Account settings.
• Rectify inaccurate data — edit your mindmaps and settings directly.
• Erasure ("right to be forgotten") — use the Delete Account feature in Account settings.
• Data portability — use the Export feature to download your data as JSON.

To exercise these rights, use the built-in tools in the app or contact us at the email address associated with your account.

7. Cookies

We use only essential cookies required for authentication (Supabase session tokens). No tracking, analytics, or advertising cookies are used.

8. Changes

If we make material changes to this policy, we will notify you via email or through the app.