GET 40% OFF WITH DISCOUNT CODE: "MEOWARE1337"
Legal

Privacy Policy.

Last updated: February 2026

1. What we collect

When you use pwnb4y we collect:

  • Email address — used for account creation, login, and transactional emails
  • Payment data — handled entirely by our payment processor, we never see or store your card details
  • Subscription status — whether your membership is active, used solely to control access to content
  • Course progress — which lessons you have completed, stored to show your progress

2. What we don't collect

We do not collect your name, location, IP address, browsing behaviour, or any data beyond what is strictly necessary to operate your account. We do not use cookies for tracking or advertising. We do not run ads. We do not sell, share, or trade your data with anyone.

3. How we use your data

Your data is used only for the following:

  • Logging you into your account
  • Sending account-related emails — confirmation, password reset, membership status
  • Granting or restricting access to content based on your subscription status
  • Tracking your course progress so you can resume where you left off

We do not send unsolicited marketing emails. If you signed up without subscribing, you may occasionally receive a single email about membership — you can ignore it or ask us to stop.

4. Third-party services

We use a small number of trusted services to run the platform. Each handles your data under their own privacy policies:

  • Supabase — stores your account, membership, and progress data securely
  • Our payment processor — handles all billing, card processing, and subscription management. We never see your full card number
  • Resend — delivers transactional emails (account confirmation, password reset)
  • Vercel — hosts the platform and serves all pages

No advertising networks, analytics platforms, or data brokers are used.

5. Data retention

Your account and progress data is kept for as long as your account exists. Payment records are retained as required for accounting purposes. If you want your data deleted, contact us and we will remove your account and all associated data within 30 days.

6. Security

All data is stored encrypted at rest. Passwords are hashed using industry-standard algorithms and never stored in plain text. Access to member content is enforced server-side on every request — not just in the browser.

7. Your rights

You have the right to access the data we hold about you, correct inaccuracies, or request deletion at any time. To exercise any of these rights, contact us via the contact page and we will respond within 7 days.

8. Contact

Questions about your privacy or data? Reach out via the contact page.
← Back to home