Privacy Policy

We collect information you provide directly, information collected automatically, and information from third-party services we use to operate the Service.

Account information: when you sign up, our authentication provider (Clerk) collects your name, email address, and password (or third-party OAuth identifiers). We receive a copy of your name, email, profile image URL, and Clerk user ID.

Purchase information: when you buy a course, our payment processors (Stripe and/or PayPal) collect your payment details on our behalf. We do not see or store your full card number. We retain the transaction ID, amount, currency, and the email address used at checkout so we can grant and manage course access.

Learning activity: we store your lesson progress, completion timestamps, and the courses you own so we can render your dashboard and resume playback.

Communications: if you email us, we keep the message and any attachments so we can respond and follow up.

Technical data: when you load pages we receive standard server logs — IP address, user-agent, referrer, and timestamps — used for security, debugging, and rate limiting.

We use the information above to:

• Provide the Service — render your dashboard, grant course access after purchase, and stream lesson videos.
• Process payments and fulfill purchases.
• Send transactional emails (purchase receipts, password resets, course updates).
• Detect, investigate, and prevent fraud, abuse, and security incidents.
• Comply with legal obligations and enforce our Terms of Service.
• Improve the Service — diagnose bugs and prioritize new content based on aggregate usage.

We do not sell your personal information, and we do not use your data to train machine-learning models.

We share information only with service providers that process data on our behalf, or when required by law.

Service providers we use:

• Clerk — user authentication and account management.
• Stripe and PayPal — payment processing.
• MongoDB Atlas — primary database hosting.
• Amazon Web Services (S3) — file and asset storage.
• Wistia — video hosting and playback analytics.
• Vercel (or our hosting provider) — application hosting and edge delivery.

Each provider is contractually required to handle data on our instructions and to safeguard it. We share only what each provider needs to perform its function.

Legal disclosures: we may disclose information when we believe in good faith it is necessary to comply with a subpoena, court order, or other legal process; to investigate fraud or security issues; or to protect the rights, property, or safety of users or the public.

Business transfers: if we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you and continue to honor this policy.

We use first-party cookies set by our authentication provider to keep you signed in. We use a small number of analytics cookies (e.g. Wistia for video heatmaps) to understand how lessons are consumed in aggregate.

You can disable cookies in your browser, but the Service will not work correctly without authentication cookies.

We retain account, purchase, and progress data for as long as your account is active so you can keep accessing courses you have purchased.

If you delete your account we delete or anonymize your personal data within 30 days, except where we are required by law to retain it (for example, financial records for tax purposes are retained for the period required by applicable law — typically 7 years).

Depending on where you live you may have the right to access, correct, delete, or export the personal information we hold about you, to object to or restrict certain processing, and to lodge a complaint with your local data-protection authority.

To exercise any of these rights, email us at tim@techwithtim.net from the email address associated with your account. We will respond within 30 days.

Residents of California (CCPA/CPRA), the EU/UK (GDPR), and similar jurisdictions have additional rights described in those laws; this policy is intended to be compliant with those frameworks.

The Service is not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us information, please contact us and we will delete it.

We operate in the United States. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the U.S. and other countries where our service providers operate. We rely on industry-standard safeguards (including standard contractual clauses where applicable) for these transfers.

We use HTTPS for all traffic, encrypted database connections, scoped API keys, and least-privilege access controls for our service providers. No system is perfectly secure, but we work to keep yours safe and will notify affected users in the event of a material data breach as required by law.

We may update this Privacy Policy from time to time. Material changes will be announced via email or a prominent notice on the Service before they take effect. The "Last updated" date at the top reflects the latest revision.

Questions or requests about this Privacy Policy? Email tim@techwithtim.net.