1. Introduction

Welcome to 30 in 30 Weeks ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience when using our website and challenge platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Email address (when you register an account)
• Prompt Content: The prompts, notes, and metadata you create and store
• User Preferences: Theme colors, prompt type preferences, and other customization settings
• Community Contributions: Prompts you submit to the public community library

2.2 Information Collected Automatically

• IP Address: Used temporarily for rate limiting and voting fraud prevention
• Usage Data: How you interact with our service (login times, feature usage)
• Technical Information: Browser type, device information, and operating system

2.3 Information We Do NOT Collect

• We do not use tracking cookies or analytics tools
• We do not collect location data beyond IP address for rate limiting
• We do not store payment information (processed by Stripe)
• We do not collect phone numbers or physical addresses

3. How We Use Your Information

3.1 Service Provision

• Creating and managing your account
• Storing and organizing your prompts
• Enabling community features (voting, prompt sharing)
• Providing customer support

3.2 Security and Fraud Prevention

• Rate limiting to prevent abuse
• Preventing duplicate voting and spam
• Maintaining service security and integrity

3.3 Legal Basis for Processing (GDPR)

• Contract Performance: Processing necessary to provide our service
• Legitimate Interest: Security measures and fraud prevention
• Consent: Optional features and communications (when applicable)

4. Data Storage and Security

4.1 Where We Store Your Data

Your data is stored securely in our database with the following protections:

• All data encrypted in transit and at rest
• Row Level Security ensures you can only access your own data
• Regular security updates and monitoring
• Geographically distributed backups

4.2 Data Retention

• Account Data: Retained until you delete your account
• IP Addresses: Used only for active rate limiting, not permanently stored
• Community Prompts: Retained even after account deletion (anonymized)
• Audit Logs: Security logs retained for up to 90 days

5. Your Rights and Controls

5.1 Data Access and Control

• View Your Data: Access all your prompts and preferences through your dashboard
• Edit Your Data: Update prompts, preferences, and account information at any time
• Delete Your Data: Remove individual prompts or delete your entire account
• Export Your Data: Request a copy of your data in JSON format

5.2 GDPR Rights (EU Users)

• Right to Access: Request information about what data we have about you
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests

5.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at Naya@nomoslabs.com or use the data management tools in your account settings.

6. Data Sharing and Third Parties

6.1 We Do NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

6.2 Limited Sharing

We only share data in these specific circumstances:

• Service Providers: Secure database hosting, Stripe (payments), Netlify (hosting)
• Legal Requirements: When required by law or to protect our rights
• Community Features: Public prompts you choose to share (author name only)

6.3 Third-Party Services

• Database Provider: Secure database hosting and authentication
• Stripe: Payment processing (when using paid features)
• Netlify: Web hosting and content delivery

7. Cookies and Tracking

7.1 Essential Cookies Only

We use only essential cookies required for the service to function:

• Authentication Cookies: To keep you logged in
• Session Cookies: To maintain your session state
• Security Cookies: To prevent cross-site request forgery

7.2 No Tracking or Analytics

We currently do not use:

• Google Analytics or similar tracking tools
• Advertising cookies or pixels
• Social media tracking buttons
• Third-party marketing tools

7.3 Future Analytics (Opt-in Only)

If we introduce analytics tools in the future, we will:

• Ask for your explicit consent
• Provide clear opt-out mechanisms
• Use privacy-focused analytics tools
• Update this privacy policy accordingly

9. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place:

• All service providers are GDPR-compliant
• Standard contractual clauses for international transfers
• Adequate levels of data protection maintained

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will:

• Notify you of any material changes via email or service notification
• Post the updated policy on our website
• Update the "Last Updated" date at the top of this policy
• For significant changes, we may require re-consent

10. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us: