Privacy Policy

Last updated: March 22, 2026

1. What We Collect

Account Data

  • Email address — from your OAuth provider (GitHub).
  • Username and display name — set by you during onboarding.
  • SSH public keys — uploaded by you for session access.

Usage Data

  • Session activity — when sessions start, end, and their duration.
  • Submissions and scores — your solutions are scored and recorded.
  • Commands executed — commands run inside session containers may be logged for security monitoring.

Technical Data

  • IP address — for rate limiting and abuse prevention.
  • Browser information — via standard HTTP headers.
  • Analytics events — page views and feature usage via PostHog (self-hosted or EU-hosted).

2. How We Use Your Data

  • Authenticate you and manage your sessions.
  • Score your submissions and display leaderboards.
  • Process payments via Stripe (we do not store card details).
  • Prevent abuse, enforce rate limits, and maintain security.
  • Improve the Platform based on aggregate usage patterns.

3. Data Storage

  • Database — Supabase (hosted in EU, Frankfurt region).
  • Auth — Supabase Auth (OAuth tokens, sessions).
  • Payments — Stripe (PCI-compliant, no card data stored by us).
  • Infrastructure — Hetzner Cloud (Germany).
  • Session containers — ephemeral, destroyed after session ends.

4. Data Sharing

We do not sell your data. We share data only with:

  • Supabase — database and authentication provider.
  • Stripe — payment processing.
  • Hetzner — infrastructure hosting.
  • Cloudflare — DNS and CDN.

All providers are GDPR-compliant and process data under appropriate agreements.

5. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access — request a copy of your data.
  • Rectification — correct inaccurate data via your profile.
  • Erasure — delete your account and all data from your profile settings.
  • Portability — request your data in a machine-readable format.
  • Object — opt out of non-essential data processing.

To exercise these rights, email [email protected] or delete your account directly from the Profile page.

6. Cookies

  • Session cookies — essential for authentication. Cannot be disabled.
  • Theme preference — stored in localStorage (not a cookie).
  • Analytics — PostHog may use cookies for session tracking. You can opt out via your browser settings.

We do not use advertising cookies or third-party trackers.

7. Data Retention

  • Account data — retained until you delete your account.
  • Session containers — destroyed immediately after session ends.
  • Submissions — retained until account deletion.
  • Server logs — retained for up to 30 days.

8. Security

  • All traffic is encrypted via TLS.
  • Session containers are isolated with Kubernetes pod security standards.
  • SSH keys are stored securely with computed fingerprints.
  • Database access is restricted via row-level security policies.

9. Children

The Platform is not intended for children under 16. We do not knowingly collect data from children under 16.

10. Changes

We may update this policy. Material changes will be communicated via email or a prominent notice. Continued use after changes constitutes acceptance.

11. Contact

For privacy questions, contact [email protected].