Privacy Policy — Zero2Claude

Last updated: March 21, 2026

This Privacy Policy describes how zero2claude.dev ("the Service") collects, uses, and protects your personal information. The Service is operated by an individual (Itay), not a corporation.

1. Information We Collect

Account Information

When you register, we collect:

Email address — used for account identification and potential future communications
Display name — shown publicly in the forum and peer help
Password — stored securely using bcrypt hashing (we never store or see your plain-text password)
Profile image (optional) — resized to 200x200 pixels on your device before upload, stored as base64 data in our database

Learning Data

Lesson completion progress — which lessons and levels you've completed
Streaks — consecutive days of activity
Achievements — milestones unlocked based on your progress
AI learning plan — if you use the AI onboarding feature, we store: your self-described background (what you type) and the AI-generated personalized plan

User-Generated Content

Forum posts — threads, replies, and votes you create
Forum images — optional image attachments (resized to max 800px, stored as base64)
Feature requests — "wishes" submitted through the forum
Peer help messages — real-time chat messages in the help system
Bug reports — reports submitted in-app (creates a GitHub Issue; your email may be included for follow-up)

Automatically Collected Data

Analytics data — page views, feature usage events, and interaction data via Google Analytics 4
Bot detection data — Cloudflare Turnstile collects device and interaction data during registration to prevent automated abuse

2. How We Use Your Information

Data	Purpose
Email & password	Account authentication and login
Display name & profile image	Shown in forum posts, peer help, and your profile
Lesson progress & streaks	Track your learning journey, unlock achievements
AI background description	Generate a personalized learning plan via AI
Forum posts & votes	Operate the community forum
Peer help messages	Facilitate real-time help between students
Bug reports	Investigate and fix issues in the Service
Analytics data	Understand how the Service is used, improve features

We do not sell your personal information. We do not use your data for advertising. We do not share your data with third parties except as described below.

3. Third-Party Services

The Service uses the following third-party services that may process your data:

Service	Purpose	Data Shared
Google Analytics 4 + Google Tag Manager	Usage analytics	Anonymized page views, interaction events, device info
Cloudflare Turnstile	Bot protection on registration	Device/interaction signals (no CAPTCHA images)
Anthropic (Claude API)	AI learning plans, palette generation, bug triage	Your self-described background text (for onboarding); theme hints (for palettes)
Google (Gemini API)	Alternative AI provider	Same as Anthropic (when selected as provider)
Render	Hosting (frontend, backend, database)	All data is stored on Render's infrastructure
GitHub	Bug report issue tracking	Bug report content (may include your email for follow-up)

Each third-party service is subject to its own privacy policy. We encourage you to review them.

4. Cookies & Local Storage

Cookies

Cookie	Purpose	Duration
accessToken	JWT authentication (httpOnly, secure)	15 minutes
refreshToken	JWT session renewal (httpOnly, secure)	7 days
_ga, _gid	Google Analytics tracking	Up to 2 years

Authentication cookies are httpOnly, meaning they cannot be accessed by JavaScript and are only sent to our server over HTTPS.

Local Storage

ai-onboarding-modal-dismissed — remembers if you've seen the onboarding prompt
Palette/theme preferences — your selected color scheme
Lesson progress (offline mode only) — if the API is unavailable, progress is stored locally

5. Data Storage & Security

All data is stored in a PostgreSQL database hosted on Render's managed infrastructure
Passwords are hashed with bcrypt before storage
Authentication uses httpOnly JWT cookies with separate access and refresh tokens
All connections use HTTPS encryption
Profile images and forum images are stored as base64 data in the database (not on a file server)
User input is sanitized against prompt injection, HTML injection, and cross-site scripting

While we take reasonable measures to protect your data, no system is perfectly secure. The Service is operated by one person on hosting infrastructure with standard security practices.

6. Data Retention & Deletion

Your data is retained for as long as your account exists. Specifically:

Account data — retained until you request deletion
Learning progress — retained with your account
Forum posts — retained even after account deletion (may be anonymized)
AI learning plans — one plan per user, overwritten if regenerated
Peer help messages — retained for the duration of the help session

To request deletion of your account and associated data, contact us at the email below. We will process deletion requests within 30 days.

7. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will take steps to delete it.

8. Your Rights

You have the right to:

Access your personal data — view your profile, progress, and posts in-app
Correct your data — update your display name, email, and profile image in the dashboard
Delete your account — request deletion by contacting us
Export your data — request a copy of your data by contacting us

If you are located in the European Economic Area (EEA), you may have additional rights under the GDPR, including the right to object to processing and the right to data portability.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by an updated "Last updated" date at the top of this page. We encourage you to review this page periodically.

10. Contact

For privacy questions, data requests, or concerns, contact: itay@zero2claude.dev

This Privacy Policy is provided for informational purposes and is not a substitute for professional legal advice.