Privacy Policy
1. Information We Collect
Account Information
When you create an account, we collect:
- Display name
- Email address
- Password (stored as a secure, salted hash — we never store plaintext passwords)
Usage Data
As you use the Service, we automatically collect:
- Challenge scores, completion times, and submission history
- Tournament participation and results
- Achievement progress
- Login timestamps and session activity
Technical Data
We may collect standard technical information including:
- IP address
- Browser type and version
- Operating system
- Referring URLs
2. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service
- Authenticate your identity and manage your account
- Display leaderboards, rankings, and public profiles
- Process subscriptions and payments
- Send transactional emails (password resets, email verification, account notifications)
- Detect and prevent cheating, fraud, and abuse
- Analyze usage patterns to improve the platform
3. Public Information
Certain information is visible to other users by default:
- Your display name
- Your avatar (generated from your initials)
- Challenge scores and rankings on leaderboards
- Tournament participation and results
- Earned achievements
- Your public profile page
Your email address is never displayed publicly.
4. Cookies & Local Storage
We use the following browser storage mechanisms:
- Authentication cookie — a secure, HTTP-only cookie containing your session token
- Local storage — stores your authentication token, theme preference, and UI state (e.g., dismissed banners)
- Service worker cache — caches static assets (CSS, JS, fonts, images) for offline performance
We do not use third-party tracking cookies or analytics cookies.
5. Data Sharing
We do not sell your personal data. We may share data only in the following circumstances:
- Payment processing — subscription and billing data is shared with our payment processor to complete transactions
- Legal compliance — we may disclose data when required by law, legal process, or government request
- Safety — we may share information to protect the rights, safety, or property of CadDoneQuick, its users, or the public
6. Data Retention
We retain your data for as long as your account is active. If you delete your account:
- Your profile, scores, achievements, and personal data are permanently deleted
- Anonymized aggregate data (e.g., total challenge completions) may be retained for analytics
- Data required for legal or compliance purposes may be retained as required by law
You can export all your data at any time from your account settings before deletion.
7. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Password hashing with bcrypt (salted, cost-factor hardened)
- HTTPS encryption for all data in transit
- HTTP-only, secure cookies for authentication
- Content Security Policy (CSP) headers
- Rate limiting on authentication endpoints
- Input validation and SQL injection prevention
No system is perfectly secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Your Rights
You have the right to:
- Access your personal data (available in your account settings)
- Export your data as JSON (available in your account settings)
- Correct inaccurate data (update your profile at any time)
- Delete your account and associated data (available in your account danger zone)
- Withdraw consent for optional data processing
9. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has created an account, we will promptly delete the account and associated data.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification. Continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact
If you have questions about this Privacy Policy or our data practices, please contact us at [email protected].