Privacy Policy

Effective: March 2026

1. What We Collect

When you create an account, we collect the following information:

• Username (3-20 characters, chosen by you)
• Email address (required for registration)
• Password (never stored in plaintext — hashed with PBKDF2 using a random salt)
• Exercise progress (which exercises you have completed and when)
• Submitted code (the Python code you write for exercises)

2. How We Store Your Data

All data is stored in Cloudflare D1, a SQLite database hosted on Cloudflare's edge network. Passwords are hashed with PBKDF2 (100,000 iterations, SHA-256) — plaintext passwords are never stored or transmitted after hashing.

Authentication uses JWT tokens stored in your browser's localStorage with a 30-day expiry. Guest users have their progress stored only in browser localStorage — nothing is sent to our servers.

3. How We Use Your Data

Your data is used for the following purposes:

• Account authentication — logging in and verifying your identity
• Progress tracking — saving and restoring your learning progress across sessions
• Email — account recovery via password reset, delivered through the Resend email service (planned feature)

4. Third-Party Services

PyLearn uses the following third-party services:

• Cloudflare — Pages (hosting), Workers (API), D1 (database). Cloudflare Privacy Policy
• Resend — Transactional email delivery for password reset (planned). Resend Privacy Policy
• jsDelivr CDN — Delivers open-source libraries (Monaco Editor, Pyodide, marked.js, Prism.js) to your browser. No user data is sent to jsDelivr.

5. What We Do NOT Collect

We want to be clear about what we do not do:

• No cookies — authentication tokens are stored in localStorage, not cookies
• No analytics or tracking scripts
• No advertising or ad networks
• No IP address logging beyond standard Cloudflare edge processing

6. Data Retention

Account data is retained while your account is active. Guest progress is retained in browser localStorage until you clear it. You may request account deletion by contacting us.

7. Your Rights

You have the right to:

• Request a copy of your data
• Request account and data deletion
• Guest users can clear localStorage at any time to remove all local data

8. Children's Privacy

PyLearn is not specifically directed at children under 13. We do not knowingly collect data from children under 13. The platform contains no age-restricted content.

9. Changes to This Policy

This policy may be updated, with the effective date noted at the top of this page. Continued use of PyLearn after changes constitutes acceptance of the revised policy.

10. Contact

Questions about this privacy policy? Contact us at contact@pylearn.dev.