CodeFromScratch

Privacy Policy

Last updated: April 2026

1. Who We Are

CodeFromScratch is operated by Milos Knezevic, based in Graz, Austria. Contact: office@codefromscratch.org.

2. What Data We Collect

  • Account data: Name, email address, password (hashed), profile image (via OAuth)
  • Usage data: Reading history, saved posts, collections, topic interests, post reactions
  • Payment data: Processed by Stripe. We store your Stripe customer ID but never see your card details.
  • Newsletter: Email address, subscription preferences, confirmation status
  • Contact form: Name, email, subject, message
  • Technical data: IP address (hashed for anonymous reactions), browser type, device info (via analytics)

3. How We Use Your Data

  • Provide and improve our services (personalized recommendations, reading history)
  • Process payments and manage subscriptions
  • Send newsletters and transactional emails (account verification, password reset, purchase receipts)
  • Respond to contact form inquiries
  • Analyze site usage to improve content and user experience

4. Third-Party Services

  • Stripe — Payment processing (Stripe Privacy Policy)
  • Supabase — Database hosting (PostgreSQL)
  • Sanity — Content management system
  • Resend — Email delivery service
  • Plausible Analytics — Privacy-friendly analytics (no cookies, GDPR compliant)
  • Vercel — Hosting and deployment
  • Google / GitHub — OAuth login (optional, user-initiated)

5. Cookies

We use minimal cookies required for authentication (session tokens). Our analytics provider (Plausible) does not use cookies. We do not use tracking cookies or advertising cookies.

  • authjs.session-token — Authentication session (essential, httpOnly)
  • cfs-admin-token — Admin authentication (essential, httpOnly)
  • cookie-consent — Your cookie preference (localStorage)

6. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Export your data (data portability)
  • Withdraw consent for data processing
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at office@codefromscratch.org.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law (e.g., financial records for tax purposes).

8. Data Security

We protect your data with encryption (HTTPS/TLS), hashed passwords (bcrypt), secure session management, and access controls. Payment data is handled exclusively by Stripe (PCI DSS compliant).

9. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or a notice on our website.

10. Contact

For questions about this policy or your data, email office@codefromscratch.org.