Privacy Policy

Last updated: 28 June 2026

This policy explains what personal data Python Academy collects, why, and the choices you have. We keep data collection to the minimum needed to run the service.

Who we are

Python Academy is operated by [Your registered business name], [Your business address]. For any privacy question or request, contact support@example.com. We are the data controller for the personal data described below.

Data we collect

• Account data — your email address and an encrypted password, used to sign you in and save your work. Authentication is provided by Supabase.
• Learning data — which lessons and exercises you have completed, so we can show your progress.
• Purchase data — which course(s) you have bought, so we can unlock them. We do not see or store your full card details; payments are handled by Paddle.
• Support communications — the content of emails you send us.

Service providers (processors)

We share data only with the providers needed to operate the service:

• Supabase — database, authentication and storage of your account and progress data.
• Vercel — hosting and delivery of the website.
• Paddle — our reseller and Merchant of Record, which processes payments, handles billing and tax, and emails your receipt. Paddle is the controller of the payment data you enter at checkout; see Paddle's own buyer privacy notice.

Cookies

We use only essential cookies required to keep you signed in (your session). We do not use advertising or third-party tracking cookies. The in-browser Python engine (Pyodide) runs locally in your browser and does not send your code to us.

Why we use your data (legal bases)

We process account, learning and purchase data to perform our contract with you (providing the courses you signed up for or bought), and to meet our legal obligations (e.g. tax records via Paddle). Where we rely on a legitimate interest (e.g. keeping the service secure), we balance it against your rights.

Retention

We keep your account and learning data for as long as your account is active. If you ask us to delete your account, we remove your personal data except where we must retain certain records (for example, transaction records required for tax/accounting, which are held by Paddle).

Your rights

Subject to applicable law (including the GDPR for EU/UK users), you have the right to access, correct, delete, restrict or object to the processing of your personal data, and to data portability. To exercise any of these, email support@example.com. You also have the right to lodge a complaint with your local data protection authority.

International transfers

Our providers may process data outside your country. Where required, such transfers are protected by appropriate safeguards (such as the European Commission's Standard Contractual Clauses).

Changes

We may update this policy from time to time; the "last updated" date above will change. Material changes will be communicated where appropriate.

Contact

Questions or requests: support@example.com.