Privacy policy

Effective date: 2026-05-28

This policy explains what information Khetarpal Teaches Coding (the “Site”) collects, how it’s used, and who it’s shared with. The Site is operated by Ishan Khetarpal as a sole-proprietor independent service. Contact: info@khetarpalteachescoding.com.

1. Information we collect

• Account info you give us: username, optional display name, password (stored as a bcrypt hash — never plaintext), and answers to security questions (also bcrypt-hashed). We do not ask for or store an email address for account creation.
• What you do on the Site: code you submit to challenges, messages you send to the AI tutor, generated challenges, grades and feedback, language/topic preferences, and progress history. This is stored to power the tutor and your progress dashboard.
• Acknowledgement of AI risks: a timestamp recording when you ticked the AI-risk acknowledgement at signup, to evidence your consent.
• Technical data: your IP address (used for rate limiting, abuse detection, and security logging), session cookie (a random ID used to keep you logged in), and standard server logs (timestamps, request paths, response codes). IP addresses are stored in security logs and retained for a limited window for abuse investigation.
• Billing data (only if you subscribe): billing is handled by Lemon Squeezy, a third-party merchant of record. Your name, email, billing address, and payment method are submitted directly to Lemon Squeezy — the Site never sees or stores your payment details. We receive only the subscription state (active / canceled / etc.) and a Lemon Squeezy customer ID, which we associate with your account for entitlement.

2. How we use your information

• To run the Site: authenticate you, generate challenges, grade submissions, run the AI tutor, and track your learning progress.
• To protect the Site: detect and block abuse, brute-force attempts, and bots.
• To handle subscriptions and entitlement decisions (paid vs. trial vs. comp).
• To improve the Site: review aggregate usage and error logs to fix bugs and improve features.

We do not sell your data. We do not use your data for advertising. We do not send marketing email (we don’t collect email addresses for accounts in the first place).

3. Third parties that receive your data

• Anthropic (AI provider): when you generate a challenge, submit code for grading, or chat with the tutor, the relevant content is sent to Anthropic’s API to generate the AI response. This includes the code, prompt, and conversation history needed for the request. Anthropic processes this data under their own terms (anthropic.com/legal/privacy). We do not send your username, password, or security-question answers to Anthropic.
• Lemon Squeezy (payments): only relevant if you subscribe. They receive the information you enter at their hosted checkout (name, email, billing address, card). They act as merchant of record. See lemonsqueezy.com/privacy.
• DigitalOcean (hosting): the Site runs on a DigitalOcean Droplet. They have incidental access to the server in their role as infrastructure provider. See digitalocean.com/legal/privacy-policy.
• Cloudflare (DNS): Cloudflare provides authoritative DNS for the domain. Because the Site uses Cloudflare in DNS-only mode (not proxied), Cloudflare does not see your traffic — only DNS queries.
• Let’s Encrypt (TLS certificate): the Site uses an automatically-issued Let’s Encrypt certificate for HTTPS. No personal data is shared with Let’s Encrypt.

4. Cookies

We use one cookie: a session cookie that stores a random session ID, used to keep you logged in. It is marked HttpOnly, Secure, and SameSite=lax. We do not use analytics, tracking, or advertising cookies.

5. Data retention

Account info, progress, and AI conversation history are retained for as long as your account exists. Security and access logs are retained for a limited window (typically 30–90 days) for abuse investigation. You can request deletion of your account and associated data at any time by emailing info@khetarpalteachescoding.com from an account you control.

6. Your rights

You can request:

• A copy of the data we hold about you.
• Correction of inaccurate data.
• Deletion of your account and associated data.
• That we stop processing your data.

To make any of these requests, email info@khetarpalteachescoding.com. If you are in the EU/UK you have additional rights under GDPR; if you are in California, additional rights under the CCPA — those rights are honored above the same way.

7. Children

The Site is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, please email us and we will delete the account.

8. Data security

Passwords and security-question answers are bcrypt-hashed and never stored in plaintext. Sessions are stored server-side. All traffic to the Site is encrypted with HTTPS (TLS 1.3). Rate limiting and login lockouts are in place to slow brute-force attacks. No system is perfectly secure; you use the Site at your own risk.

9. International users

The Site is hosted in the United States. By using the Site you understand your data is processed in the United States. Anthropic and Lemon Squeezy may process your data in other jurisdictions per their own policies.

10. Changes to this policy

This policy may be updated from time to time. The “Effective date” at the top reflects the most recent revision. Material changes will be announced on the Site.

11. Contact

Questions or requests: info@khetarpalteachescoding.com.

This privacy policy is a plain-language statement of current practice, not legal advice. It is a reasonable starting point but should be reviewed by a qualified attorney before relying on it in a commercial context.