Privacy Policy

1. Information We Collect

When you create an account via GitHub OAuth, we receive your GitHub username, email address, display name, and avatar URL. We do not access your repositories, private data, or GitHub tokens beyond the initial authentication.

When you use StepThru, we store the problems you create, your solution code, practice session history, spaced repetition state, study decks, and algorithm visualizations. All content you create is yours.

2. How We Use Your Information

• To provide and maintain your account and study data
• To power spaced repetition scheduling and practice sessions
• To generate AI-powered hints, editorials, and visualizations when you request them
• To process subscription payments through Stripe
• To send transactional emails (account changes, billing receipts)

3. AI Features

When you use AI-powered features (hints, editorial chat, voice feedback, visualization generation), your solution code and problem context are sent to Anthropic's API for processing. We do not use your code to train AI models. You may optionally provide your own Anthropic API key, in which case requests are sent directly using your key.

4. Code Execution

All code execution happens entirely in your browser. Python runs via Pyodide (WebAssembly), Ruby runs via ruby.wasm (WebAssembly), and TypeScript runs natively. Your code is never sent to our servers for execution.

5. Payment Processing

Subscription payments are processed by Stripe. We do not store your credit card number, CVC, or full billing details. Stripe handles all payment data in accordance with PCI-DSS standards. We receive only your subscription status and billing email from Stripe.

6. Data Storage & Security

Your data is stored in a PostgreSQL database hosted on Render. Images are stored on Cloudflare R2. Connections are encrypted in transit via TLS. We use industry-standard security practices but cannot guarantee absolute security.

7. Data Sharing

We do not sell your personal information. We share data only with the service providers necessary to operate StepThru: Render (hosting), Stripe (payments), Anthropic (AI features), and Cloudflare (image storage and CDN). If you mark problems as public, their content is visible to other users.

8. Data Export & Deletion

You can export all your problems and visualizations as JSON from the Settings page at any time. To delete your account and all associated data, contact us at the email below. We will process deletion requests within 30 days.

9. Cookies

We use essential cookies only: authentication tokens (access and refresh tokens) stored as browser cookies to keep you logged in. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

10. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via the application. Continued use of StepThru after changes constitutes acceptance of the updated policy.

Contact

Questions about this policy? Email us at support@stepthru.dev