Skip to content

Privacy Policy

Last updated: February 12, 2026

1. Information We Collect

Account information: When you sign up, we collect your email address to create and manage your account. We use email-based magic links for authentication — no passwords are stored.

Payment information: Payment processing is handled entirely by Stripe. We do not store credit card numbers or banking details on our servers. Stripe's privacy policy governs how they handle your payment data.

Learning data: We store your training progress (competency scores, completed topics, learning phase) on our servers to provide continuity across sessions.

LLM API keys: If you choose to save your API key, it is encrypted and stored locally in your browser using IndexedDB with AES-GCM encryption. Your API key is never sent to or stored on our servers — it is transmitted directly from your browser to the LLM provider (OpenAI, Anthropic, or Google).

2. How We Use Your Information

  • To provide and maintain the training service
  • To process your subscription through Stripe
  • To send transactional emails (magic links, subscription confirmations)
  • To track your learning progress and adapt training content

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Third-Party Services

We use the following third-party services:

  • Stripe — payment processing and subscription management
  • Resend — transactional email delivery
  • Vercel — application hosting
  • Neon — database hosting
  • LLM providers (OpenAI, Anthropic, Google) — AI responses are routed directly from your browser using your own API key

4. Data Security

We implement appropriate security measures including HTTPS encryption in transit, encrypted database connections, Content Security Policy headers, and secure authentication via Auth.js. LLM API keys are encrypted client-side and never touch our servers.

5. Data Retention

Your account and learning data are retained as long as your account is active. If you cancel your subscription, your data is retained for 30 days in case you resubscribe. You may request deletion of your data at any time by contacting us.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Cancel your subscription at any time through the Stripe customer portal

7. Cookies

We use essential cookies only — a session cookie for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the service constitutes acceptance of the updated policy.

9. Contact

For privacy-related questions or data requests, contact us at support@phlebbot.com.