A fast, modern alternative to spaced repetition flashcard apps like Anki. Save time and upgrade your learning.
.apkg file and Cortex handles the rest — detecting card types, mapping fields, migrating study progress.We'll email you when early access opens. No spam, no pressure.
No spam. Unsubscribe anytime. Privacy Policy.
.apkg import, keeps your deck hierarchy, and migrates review history into Cortex’s FSRS-based scheduler so schedules stay familiar as you transition.Still have questions? Email hello@cortexcards.app
Last updated April 3, 2026.
Have a feature request? Let us know → hello@cortexcards.app
Cortex is a product of Joshua Hoffman ("we," "us," or "our"), located in the United States. This Privacy Policy explains what information we collect when you use the Cortex application and related services ("the Service"), how we use it, and your rights with respect to it.
Please read this policy alongside our Terms of Service.
Account information. When you register, we collect your email address (required). You may also optionally provide profile information such as your name, school, year of study, specialty, or other details. Any information you choose to provide must be accurate.
Card content. We store the flashcards, decks, notes, and associated media (images, audio) that you create or import into the Service.
Imported content. If you import Anki .apkg files or other third-party content, the contents of those files are stored in the Service.
Documents submitted for AI processing. If you use AI card generation features, you may upload PDFs, images, or text notes. See Section 5 (AI Features and Data) for how this content is handled.
Shared deck content. If you choose to share a deck, the content of that deck becomes available to other users as described in our Terms of Service.
Support communications. If you contact us for support, we retain records of that correspondence.
Review history. We store your card review history, including ratings (Again, Hard, Good, Easy), review timestamps, and FSRS-based scheduler parameters. This data is fundamental to the spaced repetition functionality of the Service.
Study session metadata. We collect information about your study sessions, including session duration, number of cards reviewed, and streak data.
Sync metadata. When you sync the Service across devices, we record the app version, operating system version, and sync timestamp.
Device and platform information. We collect basic device type and operating system information to support troubleshooting and usage analytics.
Usage analytics. We collect information about how you interact with features of the Service — for example, which screens you visit and which features you use — using PostHog, to understand how the Service is used and how to improve it.
Log data. When you access the Service, our infrastructure providers automatically generate logs that may include information such as your IP address, the date and time of requests, and technical metadata about the request. In particular, Supabase provides platform logs (for example API, Auth, Storage, and related services); log retention depends on our Supabase project's pricing plan and Supabase's current documentation, not a single fixed period we control. Product analytics events processed through PostHog are retained according to our PostHog project configuration and PostHog's policies. Other subprocessors may retain logs under their own terms, as described in Section 3.
We use the information we collect for the following purposes:
We use the following third-party services to operate the Service. By using Cortex, you acknowledge that your data may be processed by these providers in accordance with their own privacy policies.
| Service | Purpose | Data Involved | Privacy Policy |
|---|---|---|---|
| Supabase | Database, authentication, and backend infrastructure | Account data, card content, review history | Supabase Privacy Policy |
| PowerSync | Offline-first sync engine | Sync state, card data | PowerSync Privacy Policy |
| RevenueCat | Subscription and in-app purchase management | Purchase history, device identifiers, subscription status | RevenueCat Privacy Policy |
| PostHog | Product analytics (web and in-app, as configured) | Usage events, session and device identifiers, page or screen paths; configuration may limit or anonymize IP data | PostHog Privacy Policy |
| Resend | Transactional email delivery | Recipient email address, message metadata, delivery status | Resend Privacy Policy |
| Loops | Marketing and lifecycle email (opt-in) | Email address, subscription preferences, engagement metrics | Loops Privacy Policy |
| Anthropic, PBC | AI card generation | Uploaded documents and notes (not retained after processing) | Anthropic Privacy Policy |
| Apple App Store | iOS payment processing | Per Apple's policies | Apple Privacy Policy |
| Google Play | Android payment processing | Per Google's policies | Google Privacy Policy |
PowerSync Cloud is operated by JourneyApps (Journey Mobile, Inc.). Sync-related traffic and metadata may be processed as described in the PowerSync privacy policy linked above.
We do not sell your personally identifiable information to third parties.
The Cortex web interface uses cookies and local storage to keep you logged in and to associate your actions with your account.
PostHog may set cookies, use local storage, or similar technologies to persist session or anonymous identifiers for product analytics. You can control many browser cookies through your browser settings; blocking them may limit analytics but core Service features may still work.
Marketing signup or preference flows on our website, if you use them, may involve Loops (and related technologies) as described in Loops' policy.
We do not use third-party advertising cookies for cross-site behavioral advertising.
When you use AI card generation features, you submit content (such as PDFs, images, or text notes) to the Service for processing. Here is how that content is handled:
Transmission to Anthropic. Submitted content is transmitted to Anthropic's API for the purpose of generating flashcard suggestions. Anthropic processes this content in accordance with its API terms and privacy policy.
No model training. Content submitted via Anthropic's API is not used to train AI models, by Anthropic or by us.
We do not store your source documents. After AI processing is complete, your source documents (PDFs, images, notes submitted for generation) are not retained by us. Only the generated card output is stored.
Caching of generated output. In some cases, we may cache AI-generated card results on our servers to improve performance and reduce redundant processing. This caching applies to the generated card content only — not the source documents you submitted.
Your responsibility. You should not upload documents containing confidential information belonging to third parties unless you are authorized to share that content. We are not responsible for the confidentiality of content you choose to submit.
We may share de-identified and aggregated data — such as anonymized study performance metrics, retention rates, and usage patterns — with third-party research institutions, educational organizations, and commercial partners. This data cannot reasonably be used to identify you individually and does not include the text or media content of your cards.
To opt out of de-identified data sharing with third parties, send an email to hello@cortexcards.app with the subject line "Opt Out of Data Sharing" and include the email address associated with your Cortex account. We will process your request within 30 days. Opting out does not affect your use of the Service.
Note: opting out of third-party data sharing does not affect our use of your data for internal analytics and product development, as described in Section 2.
We will share your information with law enforcement or other governmental authorities when required to do so by law, or when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of our users or the public.
In the event of a merger, acquisition, restructuring, or sale of our assets, your data may be transferred to the successor entity. The successor will be bound by this Privacy Policy and will notify you before using your data in any manner not described here.
Active accounts. We retain your data for as long as your account is active.
Free account inactivity. Free tier accounts that have not been accessed for six (6) consecutive months are subject to data deletion. We will email you at your registered address approximately 30 days before deletion occurs. You may reactivate your account before that date to preserve your data.
Account deletion. When you delete your account, we begin deleting your personal data from our active production databases and application storage within 14 days.
Vendor backups, replicas, and logs. Our primary database and related backend services are hosted on Supabase. Supabase maintains automatic database backups for disaster recovery. According to Supabase's documentation, how long scheduled database backups are retained and available for restore depends on the Supabase plan (for paid tiers, Supabase has published examples such as roughly 7 days on Pro, 14 days on Team, and up to 30 days on Enterprise; Free and other tiers may differ). Retention figures can change if Supabase updates its product or if we change plans — refer to Supabase's current documentation. If Point-in-Time Recovery is enabled on our project, recovery windows differ. Supabase also states that database backups do not include objects stored via Supabase Storage (such as media files); those objects follow separate storage lifecycle rules. PowerSync (JourneyApps) participates in sync delivery; any residual processing is governed by its policy (Section 3).
After you delete your account, copies of your personal data may remain in infrastructure backups, logs, and replicas until they expire under vendor retention rules or rotate off. We do not manually erase individual records inside third-party backup archives. Supabase platform log retention is plan-based (see Supabase logging documentation). PostHog event data is retained per our project settings and PostHog's policies until deleted or expired there.
AI-submitted documents. Source documents submitted for AI processing are not retained after processing is complete. See Section 5.
Legal holds. We will retain information for longer periods when required to do so by law.
The Service is directed to users who are at least 13 years old. We do not knowingly collect personal information from children under the age of 13.
If we learn that an account belongs to a child under 13, or if such an account is reported to us, we will promptly delete the account and all associated data without notice.
Parents or guardians who believe their child has created an account on the Service may contact us at hello@cortexcards.app to request deletion.
Depending on where you live, you may have certain rights with respect to your personal data:
Access. You may request a copy of the personal data we hold about you.
Correction. You may update or correct inaccurate information through your account settings or by contacting us.
Deletion. You may delete your account and associated data at any time through the account settings in the app, or by contacting us at hello@cortexcards.app.
Data portability. You may export your card data at any time using the export functionality in the app.
Opt out of de-identified data sharing. See Section 6 for instructions.
Marketing communications. You may opt out of marketing email at any time by following the unsubscribe link in any marketing email from Loops, or by contacting us.
To exercise any of these rights, contact us at hello@cortexcards.app.
For the purposes of the GDPR and the UK GDPR, the data controller is Joshua Hoffman. We process personal data as described in this Privacy Policy.
If you are located in the European Economic Area or the United Kingdom, you have the following additional rights under the GDPR or UK GDPR (where applicable):
International transfers of your personal data from the EEA, UK, or Switzerland are described in Section 12. We do not rely on consent alone as the legal basis for those transfers where applicable law requires another mechanism (for example, Standard Contractual Clauses).
Our lawful bases for processing your personal data are as follows:
| Data Type | Lawful Basis |
|---|---|
| Account data (email, profile) | Performance of a contract |
| Card content and review history | Performance of a contract |
| Sync and device metadata | Performance of a contract |
| Transactional email (via Resend) | Performance of a contract / legitimate interests (essential communications) |
| Marketing email (via Loops) | Consent (where required) |
| Product analytics (via PostHog) | Legitimate interests |
| AI-submitted documents | Performance of a contract |
| De-identified research data sharing | Legitimate interests |
This section applies to California residents only when the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), applies to our processing of your personal information. The CCPA/CPRA applies to certain businesses based on statutory thresholds; whether it applies to us may depend on our volume of business and other factors.
Categories of personal information. We collect the categories of personal information described in Section 1. The purposes are described in Section 2.
Sale and sharing. We do not sell your personal information for money. We do not sell or share personal information of consumers we know are under 16 for behavioral advertising. Certain disclosures to advertising or analytics partners can qualify as "sharing" under the CPRA; we describe analytics (PostHog) in Sections 1, 3, and 4. You may contact us to understand how to exercise opt-out rights that apply to you.
Your rights. Subject to verification and applicable exceptions, California residents may have the right to:
How to submit a request. Email hello@cortexcards.app. We will respond within the timeframes required by applicable law (typically 45 days for CCPA requests, subject to extension where permitted). We may need to verify your identity before fulfilling a request.
Authorized agents. You may designate an authorized agent to submit a request on your behalf where the CCPA allows; we may require proof of authorization.
We take reasonable technical and organizational measures to protect your data, including:
No system is completely secure. We recommend keeping local backups of your data using the export functionality in the app. In the event of a data breach that affects your personal data, we will notify you as required by applicable law.
The Service is operated from the United States. If you access the Service from outside the United States, your personal data may be transferred to the United States and to other countries where our subprocessors operate, as described in Section 3.
For transfers from the EEA, UK, or Switzerland to countries that have not received an "adequacy" decision, we rely on appropriate safeguards required by applicable law. Those safeguards may include the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or comparable mechanisms made available by our subprocessors (such as Supabase, PostHog, Resend, Loops, and others listed in Section 3) under their data processing terms. We do not treat mere use of the Service as the sole legal basis for international transfers where the GDPR or UK GDPR requires a specific safeguard.
Details of subprocessors' transfer mechanisms are set out in their documentation and, where applicable, their DPAs. You may contact us for more information about how we approach transfers.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by in-app message, at next sync, or by email to your registered address before the changes take effect.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.
For questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us by email at hello@cortexcards.app. We do not maintain a public mailing address.
For DMCA notices, use the designated agent contact in our Terms of Service.
Cortex is a product of Joshua Hoffman ("we," "us," or "our"), located in the United States. This Terms of Service Agreement ("Terms") is a legal agreement between you ("you" or "your") and Joshua Hoffman governing your use of the Cortex application and related services ("the Service").
By creating an account or using the Service, you agree to be bound by these Terms. If you do not agree, do not use the Service.
Please also read our Privacy Policy, which is incorporated into these Terms by reference.
Last updated: April 3, 2026
You must be at least 13 years old to use the Service. If you are between 13 and 18 years old, a parent or guardian must agree to these Terms on your behalf and is responsible for your use of the Service.
By using the Service, you represent that you meet these age requirements and that all information you provide is accurate and current.
Registration. A valid email address is required to create an account. You may also provide optional profile information such as your name, school, year of study, or specialty. Any information you provide must be accurate.
Security. You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. Notify us immediately at hello@cortexcards.app if you believe your account has been compromised. We are not liable for losses resulting from unauthorized use of your account.
One Account Per User. You may not create multiple accounts or share your account with others.
Free Account Expiry. To manage service costs, free tier accounts that have not been accessed for six (6) consecutive months may be subject to data deletion. We will send a warning to your registered email address approximately 30 days before any deletion occurs. Reactivating your account before the deletion date will preserve your data. We are not liable for data lost due to account inactivity if notice was sent to your registered email.
Termination by You. You may delete your account at any time through the account settings in the app.
Termination by Us. We reserve the right to suspend or terminate your account at our sole discretion if you violate these Terms or if your actions are otherwise harmful to the Service or its users.
Tiers. The Service is offered in multiple subscription tiers. The features and limitations of each tier are described on our pricing page, which may be updated from time to time. The pricing page, not these Terms, is the authoritative reference for tier features.
Billing. Paid subscriptions are billed on a recurring basis (monthly or annually, as selected) and automatically renew at the end of each billing period until cancelled.
Price Changes. We will provide advance notice before any price change takes effect. Your continued use of the Service after a price change constitutes acceptance of the new pricing.
Cancellation. You may cancel your subscription at any time through the app or the relevant platform (Apple App Store or Google Play). Cancellation takes effect at the end of your current billing period. You will retain access to paid features until the end of that period. No prorated refunds are issued for unused time.
Refunds.
Lifetime Subscriptions. If lifetime subscription options are offered in the future, the specific terms governing those purchases — including any limitations on AI feature access — will be specified at the time of purchase and will supplement these Terms.
Subscription Management. Subscription state is managed through RevenueCat. By using the Service, you agree to RevenueCat's Terms of Service.
By uploading, submitting, or otherwise providing any content to the Service, you represent and warrant that it does not contain:
Imported Content. If you import Anki .apkg files or other third-party content, you are solely responsible for ensuring that your use of that content complies with these Terms and applicable law. We do not claim ownership of imported content.
Availability. AI-powered features — including card generation from notes, PDFs, and images — are available on paid subscription tiers as described on our pricing page. We reserve the right to modify, limit, or discontinue AI features at any time.
Provider. AI features are currently powered by Anthropic, PBC. Your use of AI features is also subject to Anthropic's usage policies.
Data Handling. Content you submit for AI processing (such as notes, PDFs, and images) is transmitted to Anthropic's API for the purpose of generating flashcard content. This content is not used to train AI models. Please see our Privacy Policy for full details on how AI-submitted content is handled.
Accuracy Disclaimer. AI-generated content may contain errors, omissions, or inaccuracies. This is particularly important for medical and scientific subject matter. You are solely responsible for reviewing and verifying all AI-generated content before using it for study or any other purpose. AI-generated content does not constitute medical, clinical, scientific, or professional advice of any kind.
Rate Limits. AI features are subject to usage limits that vary by subscription tier. Abuse of AI features — including attempts to circumvent rate limits or use the Service to generate content for commercial redistribution — may result in suspension of AI access or termination of your account.
Prohibited AI Uses. You may not use AI-generated output from the Service to train, fine-tune, or otherwise develop competing machine learning models or applications.
Sharing is Optional. You may choose to share decks you have created, making them available for other users to download.
License Grant to Us. When you share a deck, you grant us a worldwide, royalty-free, non-exclusive license to host, distribute, display, and modify the deck (including creating excerpts and converting file formats) for the purpose of making it available through the Service.
Your Representations. When you share a deck, you represent that it is entirely your own original work, or that you have obtained a valid license from the applicable intellectual property holder to share the material through the Service. Sharing content in violation of third-party intellectual property rights may result in removal of the deck and termination of your sharing privileges.
Shared Deck License to Downloaders. When you download a shared deck, the deck's author grants you a limited, revocable, worldwide, royalty-free, non-exclusive license to use that material for your personal study only. The author may revoke this license at any time (for example, by removing the deck from the Service or by notifying you). If the license is revoked, you must stop using the deck's content and delete local copies in your possession, to the extent technically practicable. This license does not permit redistribution, re-uploading, publication, or any commercial use without explicit permission from the copyright holder.
No Warranty on Shared Decks. Shared decks are provided by third parties and are not reviewed or verified by us. We make no representations regarding their accuracy, quality, or fitness for any purpose.
Removal. You may remove your shared deck from the Service at any time. Doing so revokes the license granted to downloaders under these Terms and stops future distribution. We cannot remotely delete copies that users have already stored on their devices; downloaders remain responsible for complying with a revoked license as described above. Shared decks that are inactive for 12 consecutive months may be automatically removed.
Our Discretion. We reserve the right to remove any shared deck that we determine to be inappropriate, of poor quality, excessively limited in audience, or in violation of these Terms.
The following activities are prohibited:
Our Intellectual Property. We own all rights to the Cortex platform, including its software, design, trademarks, and original content. Nothing in these Terms transfers any of those rights to you.
Your Intellectual Property. You retain full ownership of card content, notes, and other original material you create in the Service. By using the Service, you grant us a limited license to store, process, and display your content solely for the purpose of providing the Service to you.
DMCA Takedown Process. We respect intellectual property rights and comply with the Digital Millennium Copyright Act (17 U.S.C. § 512). If you believe content on the Service infringes your copyright, please submit a written notice to our designated agent containing the following:
Designated Agent:
Joshua Hoffman
United States
Email: hello@cortexcards.app
We do not maintain a public mailing address. DMCA notices may be sent to the email address above.
Counter-Notification. If you believe your content was removed in error, you may submit a counter-notification to the same address. Counter-notifications must comply with 17 U.S.C. § 512(g).
Repeat Infringers. We will terminate the accounts of users who are determined to be repeat copyright infringers.
False Reports. Submitting a false DMCA notice may expose you to legal liability. We reserve the right to seek damages from parties who submit bad-faith takedown claims.
Cortex is a study and memorization tool. It is not a medical device, clinical decision support system, or source of professional advice.
Nothing in the Service — including AI-generated content, shared decks, or any other feature — constitutes medical advice, diagnosis, treatment recommendations, or clinical guidance of any kind. The Service is not intended to be used in any patient care context, and you should not rely on content from the Service when making any health-related decision.
If you are experiencing a medical emergency, call emergency services immediately.
We make no representations regarding the accuracy, completeness, or currency of any medical or scientific content in the Service. Medical knowledge changes frequently; content that was accurate when created may no longer reflect current standards of care.
USE OF THE SERVICE IS AT YOUR OWN RISK.
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, OR NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF HARMFUL COMPONENTS. WE DO NOT WARRANT THE ACCURACY OR COMPLETENESS OF ANY CONTENT ON THE SERVICE, INCLUDING AI-GENERATED CONTENT OR SHARED DECKS PROVIDED BY THIRD PARTIES.
WE STRONGLY RECOMMEND MAINTAINING LOCAL BACKUPS OF YOUR DATA. WE ARE NOT RESPONSIBLE FOR ANY DATA LOSS.
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL WE BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF DATA, REVENUE, PROFITS, OR GOODWILL, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF OR INABILITY TO USE THE SERVICE, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
OUR TOTAL LIABILITY TO YOU FOR ANY CLAIMS ARISING UNDER OR RELATED TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNT YOU PAID TO US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) FIFTY DOLLARS ($50).
Governing Law. These Terms are governed by the laws of the State of Idaho, without regard to its conflict of law provisions.
Informal Resolution. Before initiating any formal dispute, you agree to contact us at hello@cortexcards.app and attempt to resolve the matter informally. We will make a good faith effort to resolve disputes within 30 days.
Binding Arbitration. If informal resolution fails, any dispute, claim, or controversy arising out of or relating to these Terms or the Service shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Consumer Arbitration Rules. Arbitration will take place in Idaho. The arbitrator's decision shall be final and binding, and judgment on the award may be entered in any court of competent jurisdiction.
Class Action Waiver. You agree that any dispute resolution proceedings will be conducted only on an individual basis and not as a class, consolidated, or representative action. You waive any right to participate in a class action lawsuit or class-wide arbitration.
Exceptions. Either party may seek emergency injunctive relief in state or federal court in Idaho to prevent irreparable harm, without waiving the right to arbitrate the underlying dispute.
We may update these Terms from time to time. If we make material changes, we will notify you by in-app message, at next sync, or by email to your registered address. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Terms.
If you do not accept revised Terms, you must stop using the Service and may delete your account.
In the event of a merger, acquisition, restructuring, or sale of assets, these Terms and your associated data may be transferred to the successor entity. The successor will be bound by these Terms and our Privacy Policy, and will notify you if it wishes to use your data in a manner not described herein.
For questions about these Terms, contact us by email at hello@cortexcards.app. We do not maintain a public mailing address.