Privacy Policy | DevOpsPath

Our Commitment to Privacy

At DevOpsPath, we believe in building educational tools that respect your privacy. We collect only what's necessary to provide you with a personalized learning experience. This policy explains exactly what data we collect, how we use it, and your rights.

Data We Collect

1. Account Information (When You Sign In)

When you sign in with GitHub or Google OAuth, we collect:

Your name and email address
Profile picture (optional)
OAuth provider ID (GitHub or Google user ID)
Account creation and last sign-in timestamps

We never store your password. Authentication is handled securely through OAuth providers.

2. Learning Progress Data

To provide personalized learning experiences and track your achievements, we store:

Lesson Progress: Which lessons you've completed, steps you've finished, and completion timestamps
Achievements: Milestones reached, badges earned, and learning streaks
Activity Logs: Session timestamps, lesson views, and interaction patterns
Learning Insights: Session duration, study time preferences, and learning velocity

All learning data is encrypted in our PostgreSQL database and never shared with third parties.

3. Analytics (Optional - Requires Consent)

With your consent, we use analytics services to understand how users interact with DevOpsPath and improve the platform:

Google Analytics (GA4)

Pages you visit and features you use
Time spent on lessons and topics
Your approximate location (city/region only)
Device type and browser information
Anonymized IP address (we enable IP anonymization)

Vercel Analytics

Page performance metrics (load times, web vitals)
Navigation patterns
Geographic data (country/region)
Referrer information
Privacy-focused (does not use persistent cookies)

You control analytics. You can decline analytics when you first visit, or change your preference anytime in Cookie Settings.

4. Local Storage

We use your browser's localStorage to cache certain data for better performance:

Your cookie consent preferences
Cached lesson progress (synced with our database)
Achievement state and streak milestones
Search history (stays on your device)

Cookies We Use

We use cookies to provide authentication and (with consent) analytics:

Cookie	Purpose	Type	Duration
next-auth.session-token	Maintains your login session	Essential	30 days
next-auth.csrf-token	Security protection	Essential	Session
_ga	Distinguishes unique users	Analytics	2 years
_ga_*	Persists session state	Analytics	2 years

How We Use Your Data

Authentication: To securely identify you and maintain your session
Progress Tracking: To save your learning progress across sessions and devices
Personalization: To provide lesson recommendations and personalized learning paths
Achievements: To track milestones, streaks, and display your accomplishments
Analytics: To understand usage patterns and improve the platform (only with consent)
Communication: To send important updates about the platform (rare)

Your Rights (GDPR)

If you're in the European Union, you have these rights under GDPR:

Right to Access: Request a copy of all your data we hold. Visit your Profile Settings to export your data as JSON.
Right to Rectification: Correct inaccurate information in your profile settings
Right to Deletion: Delete your account and all associated data permanently. This action cannot be undone.
Right to Object: Decline analytics cookies and opt-out of data processing for analytics purposes
Right to Portability: Download your data in a machine-readable format (JSON)
Right to Restrict Processing: Limit how we use your data (contact us for this)

To exercise these rights, visit your Profile Settings or contact us.

Data Retention

Account Data: Stored until you delete your account
Learning Progress: Retained as long as your account is active
Google Analytics: Data retained for 26 months (Google's standard policy)
Activity Logs: Kept for 12 months for security and analytics purposes
Deleted Accounts: All data is permanently removed within 30 days of account deletion

Third-Party Services

We use the following third-party services:

GitHub OAuth: For authentication. GitHub Privacy Policy
Google OAuth: For authentication. Google Privacy Policy
Google Analytics: For usage analytics (only with consent). Google's Privacy Policy
Vercel: For hosting and privacy-focused analytics (only with consent). Vercel Privacy Policy | Data Processing Addendum
Neon (PostgreSQL): For database hosting. Neon Privacy Policy

Data Processing Addendums (DPAs): We rely on DPAs with our service providers to ensure GDPR compliance and secure data handling.

Data Security

We take security seriously and implement industry-standard measures to protect your data:

All data is transmitted over encrypted HTTPS connections
Passwords are never stored (OAuth-based authentication)
Database connections are encrypted and access-controlled
Regular security audits and updates
Access logs for administrative actions

Children's Privacy

DevOpsPath is designed for professional developers and is not directed at children under 13. We do not knowingly collect data from children. If you believe we've collected data from a child, please contact us immediately.

International Data Transfers

Your data may be transferred to and processed in countries outside the EU. We ensure adequate protection through:

Data Processing Addendums with service providers
Standard Contractual Clauses (SCCs) where applicable
Privacy Shield equivalent mechanisms

Changes to This Policy

We may update this policy occasionally to reflect changes in our practices or legal requirements. Significant changes will be noted at the top with a new "Last updated" date. Continued use of DevOpsPath after changes means you accept the updated policy.

Contact Us

Questions about privacy? Need to exercise your GDPR rights? Contact us:

📧 Email: hello@devopspath.io
🏢 Controller: Tech Trail Solutions LLC, VA, USA
🐙 GitHub: https://github.com/devopspath/devopspath/issues