Note: This Privacy Policy was drafted with AI assistance and is intended as a starting point. It should be reviewed by a licensed attorney before Upgraide is publicly marketed or accepting real payments.

Privacy Policy

Effective Date: May 10, 2026

1. Overview

This Privacy Policy explains how Upgraide (“we,” “us,” “our”) collects, uses, stores, and protects your information when you use our platform at upgraide.net. By using Upgraide, you agree to the practices described in this policy.

We are committed to collecting only what is necessary to operate the service and protecting what we do collect.

2. Information We Collect

Information you provide directly

  • Account information: Your email address and full name when you create an account via email/password or Google sign-in.
  • Payment information: When you subscribe to Upgraide Premium, your payment details are entered directly into Stripe’s secure checkout. We never see, receive, or store your credit card number, expiry date, or CVV.

Information collected automatically

  • Course progress: Which courses you’ve enrolled in, which lessons you’ve completed, and your streak data.
  • Prompt practice history: Prompts you submit in practice exercises, the AI feedback you receive, and the timestamp of each attempt. This data is used to display your history and calculate improvement indicators.
  • Session data: Authentication tokens stored in your browser by Supabase to keep you logged in.

Cookies and tracking technologies

  • Session cookies: Required for account functionality. These are set by Supabase and expire when your session ends or your token refreshes. You cannot use the authenticated features of Upgraide without these cookies.
  • Advertising cookies: If you have consented and ads are enabled on the platform, Google AdSense may set tracking cookies to serve relevant advertisements. You may withdraw this consent at any time via the cookie preference banner.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Track and display your course progress, streaks, and certificates
  • Enforce free-tier rate limits on prompt practice (5 attempts per day)
  • Provide AI-powered prompt feedback by sending your submitted prompts to Anthropic’s API for evaluation
  • Process subscription payments and manage billing through Stripe
  • Display advertising content (only when ads are enabled and you have consented to advertising cookies)
  • Send transactional emails (e.g., email confirmation, password reset) via our email provider
  • Improve the platform based on aggregate usage patterns

We do not sell your personal information to third parties.

4. Third-Party Services

We use the following third-party services to operate Upgraide. Each has its own privacy policy governing how they handle data shared with them:

ServicePurposeData Shared
SupabaseDatabase and user authenticationEmail, name, course progress, practice history, auth tokens
StripePayment processing and subscription managementEmail, payment details (handled directly — we don't see card info)
Anthropic (Claude API)AI evaluation of prompt practice submissionsPrompts you submit in practice exercises
Google AdSenseAdvertising (when ads are enabled and you have consented)Browser cookies, general usage data for ad targeting
ResendTransactional email delivery (when used)Your email address

We select third-party services that maintain strong privacy practices and data security standards. Anthropic’s API usage policy governs how prompt data may be used by Anthropic; please review their policies if you have concerns about AI training data.

5. Data Retention

We retain your personal data for as long as your account is active. Specifically:

  • Account data (email, name): Retained until you delete your account.
  • Course progress and certificates: Retained until you delete your account. Certificates are publicly accessible by their unique URL — deleting your account will also remove the certificate record.
  • Prompt practice history: Retained until you delete your account.
  • Subscription records: Retained as required for financial record-keeping, even after account deletion (typically 7 years for tax purposes).

6. Data Security

We use industry-standard security measures to protect your information:

  • All data is transmitted over HTTPS/TLS encryption.
  • Database access is restricted by row-level security policies (RLS) — your data is only accessible by you and our service-role key, not by other users.
  • Payment data is handled entirely by Stripe and is PCI DSS compliant.
  • Authentication tokens are managed by Supabase using industry-standard JWT practices.

No method of transmission over the internet or electronic storage is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security.

7. Your Privacy Rights

All users

  • Access: You can view your course progress, practice history, and account information by logging into your dashboard.
  • Deletion: You may request deletion of your account and all associated data by emailing privacy@upgraide.net. We will process your request within 30 days.
  • Correction: To update your email or name, contact us at support@upgraide.net.
  • Cookie preferences: If you consented to advertising cookies, you may withdraw consent at any time via the cookie banner (appears at the bottom of the page when ads are enabled).

California Residents (CCPA)

Under the California Consumer Privacy Act, California residents have the right to:

  • Know what categories of personal information we collect and how we use it (see Sections 2–3 above).
  • Request deletion of your personal information (contact privacy@upgraide.net).
  • Opt out of the “sale” or “sharing” of your personal information. We do not sell your personal information. We do share data with the third-party service providers listed in Section 4 for operational purposes.
  • Non-discrimination for exercising your rights.

To exercise these rights, contact privacy@upgraide.net. We will respond within 45 days.

EU/EEA Residents (GDPR)

Under the General Data Protection Regulation, EU/EEA residents have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccurate personal data.
  • Erasure: Request deletion of your personal data (“right to be forgotten”).
  • Restriction: Request that we restrict processing of your data.
  • Data portability: Receive your data in a structured, machine-readable format.
  • Object: Object to processing based on legitimate interests.
  • Withdraw consent: Withdraw consent for advertising cookies at any time.

Our legal basis for processing your data is: (a) contractual necessity — to provide you the service you signed up for; (b) legitimate interests — to operate and improve the platform; (c) consent — for advertising cookies.

To exercise these rights, contact privacy@upgraide.net. You also have the right to lodge a complaint with your national data protection authority.

8. Children's Privacy

Upgraide is not directed to children under 13 years of age. We do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently collected information from a child under 13, please contact us at privacy@upgraide.net and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will notify you by email to your registered address and/or by posting a notice on the platform at least 30 days before the changes take effect. Your continued use of the platform after changes take effect constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions, requests, or concerns:

Upgraide — Privacy
Email: privacy@upgraide.net

For general support: support@upgraide.net