Our approach to your data.
We built Starter Site Kits as a self-hosted platform because we believe people deserve to own their work, their content, and their data. This privacy policy reflects that belief. We collect the minimum amount of information needed to run your account, we never sell your data to third parties, and we give you the tools to delete everything we have about you whenever you want.
This policy applies to the platform itself, hosted at https://example.com. If you're using a copy of Starter Site Kits that someone else has installed on their own server, their privacy practices are governed by their own policy, not this one.
What we collect.
We collect three categories of information, and that's it.
Account information. When you create an account, we collect your name, email address, and a hashed version of your password. We never store your password in plain text, and we cannot recover it if you forget it. You can update or delete this information from your profile at any time.
Usage information. When you log in and use the platform, we record which lessons you've started, which you've completed, and the date of your last activity. This information powers your progress dashboard and helps you pick up where you left off. We do not track your activity outside of the platform, and we do not share this information with anyone.
Technical information. Like every website, our server logs basic technical details when you visit, including your IP address, browser type, and the pages you requested. We use this information only to keep the platform running, to debug problems, and to detect abuse. Server logs are rotated automatically and deleted after 30 days.
What we don't collect.
We do not use third-party advertising trackers. We do not use Google Analytics, Facebook Pixel, or any other tracking script that would send your behavior to outside companies. We do not build advertising profiles. We do not sell, rent, or share your personal information with marketers, data brokers, or anyone else.
We also do not collect sensitive personal information that we don't need. We don't ask for your phone number, your physical address, your date of birth, or your government-issued identification, unless a specific feature requires it (such as a billing address for tax compliance on a paid purchase, which is handled directly by our payment processor and never stored on our servers).
How we use what we collect.
We use your account information to authenticate you when you log in, to send you transactional emails such as password reset links and email verification messages, and to display your name and progress on your dashboard. We use your usage information to track your progress through courses and to recommend what to do next. We use technical logs to keep the server stable and secure.
We do not use your information for marketing without your explicit, separate consent. If you choose to subscribe to a newsletter or marketing list, that is a separate opt-in that you can withdraw at any time, and the list is managed inside the platform you can see.
Cookies and local storage.
We use a single session cookie to keep you logged in while you're using the platform. This cookie contains a randomly generated session identifier and nothing else. It expires when you log out or after a period of inactivity. We do not use tracking cookies, advertising cookies, or third-party cookies.
We also use your browser's local storage to remember your preferences, such as whether you've enabled dark mode or which courses you've expanded in your library. Local storage data never leaves your browser.
Your rights.
You have the right to access, correct, export, and delete your personal information at any time. You can do all of these things from your profile page once you're logged in. If you'd prefer to have us handle the request manually, send an email to support@example.com and we'll respond within seven days.
If you delete your account, we permanently remove your name, email address, password hash, progress records, and any user-generated content you created on the platform. Server logs that mention your IP address are still subject to the 30-day rotation schedule and will be removed in due course.
How we protect your data.
All connections to the platform are encrypted with HTTPS using a current TLS certificate. Your password is stored using a one-way cryptographic hash function (bcrypt or its successor), which means even we cannot read it. The database is protected by access controls that allow only the application server to read it. Backups are encrypted at rest.
No system is perfectly secure. If we ever discover a breach that affects your personal information, we will notify you by email within 72 hours of confirming the incident, along with a clear description of what happened and what we recommend you do.
Children.
This platform is intended for adults. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has registered for an account, please contact us at support@example.com and we will delete the account immediately.
Changes to this policy.
If we make material changes to this policy, we will post the updated version here and update the "last updated" date at the top. For significant changes, we will also notify registered users by email.
Contact us.
If you have questions about this policy or about how we handle your data, send an email to support@example.com. We respond to every message personally.