SecureYourself
Sign inGet started free

Privacy Policy

Last updated: 19 April 2026

1. Who we are

SecureYourself.io is a cloud security training platform operated as a sole trader / private project. If you have any questions about this policy, contact us at privacy@secureyourself.io.

2. What data we collect

  • Account data: email address and display name, provided when you register via Clerk.
  • Progress data: which labs you have completed, your point total, and hint unlocks.
  • Session data: temporary container sessions created when you start a lab (auto-deleted after 2 hours).
  • Usage logs: server-side request logs (IP address, timestamp, endpoint) retained for up to 30 days for security and debugging.

We do not collect payment information, run advertising, or sell your data to third parties.

3. How we use your data

  • To provide and operate the platform (authentication, lab progress, leaderboards).
  • To send transactional emails (password reset, invite notifications) via Clerk.
  • To detect abuse and enforce our Terms of Service.
  • To improve the platform based on aggregated, anonymised usage patterns.

4. Legal basis for processing (GDPR)

We process your personal data under the following legal bases:

  • Contract: account and progress data are necessary to provide the service you signed up for.
  • Legitimate interests: server logs for security monitoring and abuse prevention.
  • Consent: strictly necessary session cookies (see Section 6).

5. Third-party processors

  • Clerk (clerk.com): authentication, session management, and email delivery. Processes email and session tokens on our behalf.
  • Amazon Web Services: hosting infrastructure (EU region). Your data does not leave the EU.

6. Cookies

We use strictly necessary cookies only. These are session cookies set by Clerk to keep you authenticated. They are required for the platform to function and do not track you across other websites. No analytics, advertising, or third-party tracking cookies are used.

7. Data retention

  • Account and progress data: retained while your account is active, then deleted within 30 days of account deletion.
  • Lab session containers: auto-terminated after 2 hours. No data from inside containers is retained.
  • Server logs: deleted after 30 days.

8. Your rights (GDPR)

If you are located in the EEA or UK, you have the right to:

  • Access the personal data we hold about you.
  • Rectification of inaccurate data.
  • Erasure (right to be forgotten): you can delete your account from your profile settings, which removes all personal data.
  • Portability: request an export of your data by emailing us.
  • Object to processing based on legitimate interests.

To exercise any of these rights, email privacy@secureyourself.io. We will answer within 3 days.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by updating the date at the top of this page. Continued use of the platform after changes constitutes acceptance.

Back to SecureYourself.io