Skip to main content

Privacy Policy

Last updated: February 13, 2026

1. Information We Collect

We collect information you provide directly:

  • Account information: name, email address, and password when you create an account.
  • Payment information: processed securely by Stripe. We do not store your credit card details.
  • Usage data: study progress, practice exam scores, and feature usage to personalize your experience.

2. How We Use Your Information

  • Provide and improve the Service
  • Process payments and manage subscriptions
  • Track your study progress across exams
  • Send important account and service notifications
  • Respond to support requests

3. Information Sharing

We do not sell your personal information. We share data only with the following service providers:

  • Stripe: for payment processing. Stripe receives your email, name, and subscription details. Stripe is PCI DSS Level 1 compliant. We do not collect or store credit card details on our servers. See Stripe's privacy policy.
  • Supabase: for secure data storage and authentication. All account data and study progress is stored by Supabase. See Supabase's privacy policy.
  • Vercel: for application hosting and performance monitoring. See Vercel's privacy policy.
  • Google Analytics: for understanding how our platform is used (page views, feature usage, device type). No personally identifiable information is shared. You can opt out at tools.google.com/dlpage/gaoptout. See Google's privacy policy.

4. Data Security

We use industry-standard security measures including encrypted connections (HTTPS), secure authentication, and access controls to protect your data.

5. Cookies & Analytics

We use two categories of cookies:

  • Essential cookies: Required for authentication and session management. These cannot be disabled and do not require consent because the Service cannot function without them.
  • Analytics cookies (optional): We use Google Analytics to understand how our platform is used (page views, feature usage, device type). These are only set after you give consent via our cookie banner. You can decline or withdraw consent at any time. Analytics data does not include personally identifiable information.

We do not use advertising, tracking, or third-party marketing cookies. All cookies are set with the Secure flag in production and SameSite=Lax to prevent cross-site request forgery.

6. Your Rights

You can exercise all of the following rights directly from your Account Settings page — no need to contact us:

  • Access & update your account information at any time
  • Export your data — download a complete copy of all your personal data as a JSON file from your Account Settings
  • Delete your account — permanently delete your account and all associated data from your Account Settings. This cancels your subscription, removes all study progress, and is irreversible.
  • Cancel your subscription at any time from your Account Settings
  • Opt out of analytics — decline cookies when prompted, or withdraw consent at any time by clearing your browser cookies and declining on your next visit

California residents (CCPA): We do not sell your personal information. You have the right to know what data we collect, request a portable copy, and request deletion. You can do all of this from your Account Settings.

EU residents (GDPR): You have rights to access, rectification, erasure, data portability, and to object to processing. All of these can be exercised from your Account Settings. For any rights you cannot exercise through self-service, contact support@buildingcodeacademy.org.

7. Data Retention

We retain your account data for as long as your account is active. Upon account deletion, we remove your personal data within 30 days, except where required by law (e.g., payment records may be retained for up to 7 years for tax and audit purposes). Backups containing deleted data are purged within 90 days.

8. International Data Transfers

Our service providers (Stripe, Supabase, Vercel, Google) may process your data outside your home country, including in the United States. These providers maintain appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission to protect data transferred internationally. By using our Service, you acknowledge that your data may be transferred to and processed in the United States and other jurisdictions.

9. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of becoming aware of the breach, as required by applicable law (including GDPR Article 33 and relevant U.S. state breach notification laws). Notification will be sent to the email address associated with your account and will include the nature of the breach, the data affected, steps we are taking, and recommended actions you can take to protect yourself.

10. California Privacy Rights

CCPA/CPRA: California residents have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell your personal information. You can exercise all rights from your Account Settings.

Shine the Light (CA Civil Code § 1798.83): California residents may request information about the disclosure of personal data to third parties for direct marketing purposes. We do not share personal data with third parties for their own direct marketing purposes.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify subscribers of material changes via email.

12. Contact

Questions about this Privacy Policy? Contact us at support@buildingcodeacademy.org.