Privacy Notice

Last updated: June 10, 2026

DrillDeck USA ("we", "us") is the data controller for personal data processed through the Service.

1. Data we collect

• Account data: email, display name, branch, ship date, theme.
• Authentication: login credentials (passwords are hashed), session tokens.
• Usage & progress: module activity, quiz scores, fitness inputs, study progress.
• Support messages: any messages you send via the feedback form or email.
• Technical data: IP address, device identifiers, browser/user-agent, basic telemetry for security and product improvement.
• Cookies: essential cookies for sign-in and preferences. We do not use advertising cookies.

2. Why we use it (purposes & legal basis)

• Provide the Service and your account — contract performance.
• Premium features, AI coaching, progress tracking — contract performance.
• Security, fraud and abuse prevention — legitimate interests.
• Customer support — legitimate interests / contract performance.
• Product improvement and analytics — legitimate interests.
• Service emails (e.g. reminders, progress reports) — contract performance; marketing emails only with your consent.
• Legal obligations (tax, accounting via our MoR) — legal obligation.

3. Who we share data with

• Service providers / subprocessors: hosting and database (Supabase), email delivery (Resend), analytics, error logging.
• Merchant of Record: Paddle.com handles all payments, subscription management, billing, tax compliance, and invoicing.
• Professional advisers: legal and accounting, where necessary.
• Authorities: where required by law.

We do not sell your personal data.

4. Retention

We retain account and usage data while your account is active and for a reasonable period afterward to meet legal, tax, and security obligations. You may request deletion at any time (see "Your rights" below); we will delete or anonymize data no longer needed.

5. Security

We apply appropriate technical and organizational measures including encryption in transit, access controls, row-level security on the database, and least-privilege service credentials. No system is 100% secure; please use a strong, unique password.

6. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, export, restrict or object to processing of your personal data, and to withdraw consent. To exercise these rights, email support@drilldeckusa.com. You also have the right to lodge a complaint with your local data protection authority.

7. International transfers

Our subprocessors may process data in the United States and other countries. Where required, we rely on appropriate safeguards (e.g. Standard Contractual Clauses) for international transfers.

8. Children

The Service is intended for users 13 and older. If you believe a child under 13 has provided us personal data, contact us and we will delete it.

9. Contact

DrillDeck USA — support@drilldeckusa.com.