← home
privacy

privacy.

last updated 2026-05-25

short version: we keep almost nothing, sell nothing, and you can delete what little we have by emailing us.

what we collect

five things. that's it.

  • progress in localStorage. which chapters you opened, which steps you finished. anonymous. lives on your device unless you opt in to sync.
  • your email (optional). if you sign in for progress sync, join the email list, or contact support. used for magic links, opt-in updates, and replies — no password.
  • payment provider customer id + receipt. if/when you buy paid access. used to check your tier across devices and validate the purchase with the billing provider.
  • team roster and progress, if/when you are on a team plan. used for team-plan operations: seat usage, roster status, per-person progress, and review state for your team admin.
  • privacy-safe product analytics. page path, event name, coarse country/device, and a daily rotating visitor hash. no raw ip address, email, code, prompts, query strings, session replay, or full referrer urls.
what we do with it

five things only.

  • sync your progress across devices when you sign in.
  • check whether your paid access is active, if/when you buy it.
  • email you a magic link, opt-in updates, or support replies.
  • show team admins cohort progress if/when you use a team plan.
  • understand which pages, lessons, and calls to action are working.
what we don't do

no ad-tech. no fingerprinting.

  • we don't sell your data. ever.
  • we don't share it with advertisers, brokers, or partners.
  • no ad-tech analytics, cross-site fingerprinting, session replay, or targeted-ad pixels. cloudflare may also count basic page views for site health.
  • no marketing email unless you opt in. unsubscribe works.
  • no profiling. no targeted ads. no resale.
retention

kept while your account exists. then 30 days.

progress, email, and team-plan roster records are kept for the life of your account or team contract. privacy-safe analytics events are kept for launch/product measurement and can be rolled up or purged when no longer useful. if you delete your account, account-linked data is purged within 30 days. localStorage data lives on your device and is yours to clear at any time.

payment providers retain purchase records per their own policies and legal tax / audit requirements. that data is not used by us for ads, resale, or profiling.

your rights

export, delete, ask.

  • export. email us; we send your data as json within 14 days.
  • delete. email us; account and synced progress purged within 30 days.
  • ask. any question about what we have on you — we answer.

gdpr / ccpa / similar applies if you live where it applies — use the same contact path.

children

promptdojo is not directed at children under 13. we don't knowingly collect data from anyone under 13. if you believe a child has signed up, email us and we'll delete the account.

changes

if this policy changes in a way that matters, we'll update the date at the top and notify subscribers by email. minor wording fixes ship without a notice.

contact

email a human.

questions, exports, deletions, anything else — write to [email protected]. a person reads it.