FDE-001Mastery

DWG. FDE-T02 / PRIVACY POLICY

Privacy policy.

EFFECTIVE 2026.05.25 · LAST UPDATED 2026.05.25

1.0 / What we collect

Three categories, all minimal:

  • Account.Your email address (entered when you request a magic-link sign-in). That’s the only personal identifier required.
  • Course progress.Which modules you’ve marked complete, when. Your interview-prep responses and self-grades. Your capstone submissions and any files you upload.
  • Operational telemetry. Standard server logs (IP, user-agent, timestamps), anonymized page-view analytics (PostHog, with anonymous IPs by default), error reports (Sentry). No third-party advertising cookies. No cross-site tracking.

2.0 / How we store it

All persistent data lives in Supabase Postgres in the AWS us-east-1 region. Storage uploads (capstone files) live in a Supabase Storage bucket in the same region. The data is encrypted at rest. Access requires authentication.

Database row-level security policies enforce that you can read and write only your own rows. We’ve verified this both at the policy level and by direct query simulation; it’s in the build log.

3.0 / How we use it

We use the data to render the course for you. That’s the whole of it. We don’t sell personal data. We don’t license it to third parties. We don’t use submissions to train models. We don’t serve third-party advertising.

We may use aggregated, non-identifying patterns (e.g., “X% of users complete Module 12 within 7 days of starting Module 11”) to improve the course. Aggregated patterns are not linked to identifiable users in any public surface.

4.0 / Subprocessors

The course site is built on a small set of services. Each processes a specific slice of data on our behalf:

  • Supabase — database, authentication, file storage. Stores your email, course progress, submissions.Privacy policy.
  • Vercel — application hosting + edge analytics. Processes request logs. Privacy policy.
  • Resend — transactional email delivery for magic-link sign-in. Privacy policy.
  • Sentry — error monitoring. Receives error stack traces and request context when an unhandled error fires. Privacy policy.
  • PostHog — product analytics. Anonymized page-view + event data; IP addresses anonymized by default.Privacy policy.
  • Stripe — payment processing. Handles card data directly; we never receive raw card information. Privacy policy.

We’ll add or remove subprocessors as the product evolves. We’ll keep this list current.

5.0 / Your rights

You can:

  • Export your data. Visit /learn/account and click Export progress as JSON. You get every progress record, submission, and interview response associated with your account.
  • Delete your account. Email contact@fdemastery.com with a deletion request. We’ll process within five business days, confirm via reply, and remove your account and all associated data. We’ll retain transaction records (for tax and accounting compliance) for the period required by law; everything else is purged.
  • Correct any inaccuracy. Email the same address. The only personal data we hold beyond email is course progress, which you control through the site.

6.0 / Cookies

We use one functional cookie: the Supabase auth session cookie (sb-spwtupccvsucrzcqqyun-auth-token), set when you sign in. PostHog uses a session-tracking cookie for analytics. We don’t use third-party advertising cookies.

7.0 / Changes to this policy

Material changes surface in the site or by email. Continued use after a material change means you accept the new policy.

8.0 / Contact

Privacy questions or data-rights requests: contact@fdemastery.com.