1. Information We Collect
1a. Information You Provide
- Account information: Email address, password (hashed), display name
- Payment information: Processed and stored by Stripe; we do not store credit card numbers
- Course activity: Module progress, quiz responses, assessment scores, lab submissions
- Portfolio content: Project work you choose to include in your portfolio
1b. Information Collected Automatically
- Usage data: Pages visited, modules completed, feature interactions
- Device information: Browser type, operating system, screen resolution
- Cookies: Authentication session cookies (required for the Service to function) and a subscription sync cookie
2. How We Use Your Information
We use your information to:
- Provide and maintain the Service
- Process payments and manage your subscription
- Track your learning progress and issue certificates
- Send transactional emails (account confirmation, password reset, payment receipts)
- Improve the Service based on aggregate usage patterns
- Communicate service updates and changes
We do NOT:
- Sell your personal data to third parties
- Use your data for targeted advertising
- Share your individual course activity with employers or third parties without your consent
3. Third-Party Services
We share limited data with the following service providers:
- Supabase: Authentication and database hosting (stores account and progress data)
- Stripe: Payment processing (stores payment method and billing information)
- Vercel: Application hosting (processes web requests)
Each provider operates under their own privacy policy and data processing agreements.
4. Cookies
We use the following cookies:
- Authentication cookies: Required for login sessions (Supabase auth tokens)
- Subscription sync cookie: Tracks whether your subscription status has been verified (“stripe-synced”, 24-hour duration)
We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
5. Data Retention
- Account data: Retained for the duration of your account. Deleted upon account deletion request.
- Progress data: Retained for the duration of your account.
- Payment records: Retained as required by tax and financial regulations (typically 7 years).
- Server logs: Retained for 30 days for security and debugging purposes.
6. Your Rights
For All Users
- Access: Request a copy of your personal data
- Correction: Update inaccurate personal data
- Deletion: Request deletion of your account and associated data
- Portability: Export your course progress and portfolio data
Additional Rights for EU/UK Users (GDPR)
- Restrict processing of your data
- Object to processing based on legitimate interests
- Withdraw consent where processing is based on consent
- Lodge a complaint with your local data protection authority
Additional Rights for California Users (CCPA)
- Know what personal information we collect and how it is used
- Request deletion of personal information
- Non-discrimination for exercising your rights
7. Data Security
We implement industry-standard security measures including:
- Encrypted data transmission (TLS/SSL)
- Hashed passwords (via Supabase Auth)
- Row-level security on database tables
- Environment variable protection for API keys
8. International Data Transfers
Your data may be processed in the United States. By using the Service, you consent to this transfer. For EU/UK users, transfers are conducted under Standard Contractual Clauses as implemented by our service providers.
9. Children's Privacy
The Service is not intended for users under 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected data from a user under 18, we will delete that information promptly.
10. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice on the Service.
11. Contact
For privacy-related requests or questions, email support@promptafire.com. Response time: within 30 days for data access/deletion requests.