Privacy Policy

Last updated: March 1, 2026

1. Introduction

Octomate ("we", "our", "us") operates the octomate.io website and platform. This Privacy Policy explains how we collect, use, and protect your personal information when you use our interactive DevOps learning platform.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (stored securely via Firebase Authentication, never in plain text)
  • First and last name (optional)
  • Authentication provider (email or Google)

Learning Activity Data

As you use the platform, we collect:

  • Challenge attempts, completion status, and time spent
  • Challenge difficulty feedback you submit

Technical Data

We automatically collect:

  • IP address and browser user agent (for session management and security)
  • Device type and browser information (derived from user agent)

Local Storage

We store certain preferences and temporary state in your browser's local storage (e.g., theme preference, challenge timer state). This data stays on your device and is not transmitted to our servers.

3. How We Use Your Information

  • Authenticate you and manage your account
  • Provide and personalize the learning experience
  • Track your progress across challenges
  • Send email verification and account-related communications
  • Improve the platform based on usage patterns and difficulty feedback
  • Protect against unauthorized access and abuse

4. Cookies

We use the following cookies:

  • octomate_auth — HTTP-only authentication cookie containing your session token
  • octomate_csrf — CSRF protection token to prevent cross-site request forgery

These cookies are essential for the platform to function and cannot be disabled. We do not use advertising or tracking cookies.

5. Third-Party Services

We use the following third-party services:

  • Google Firebase Authentication — for user authentication and Google Sign-In
  • Google Analytics — for anonymous, aggregated usage analytics (page views and navigation). You can opt out using a browser extension.
  • Resend — for sending email verification messages
  • DigitalOcean — for infrastructure hosting and media storage

Each of these services has its own privacy policy governing how they handle data.

6. Data Security

We protect your data through:

  • HTTPS encryption for all data in transit
  • HTTP-only, secure cookies for authentication
  • CSRF protection on all state-changing requests
  • Password hashing (passwords are never stored in plain text)
  • Rate limiting on authentication and sensitive endpoints
  • Content Security Policy headers to prevent XSS attacks

7. Data Retention

We retain your account data and learning activity for as long as your account is active. Authentication sessions expire automatically after 7 days of inactivity, and inactive sessions are cleaned up periodically.

8. Your Rights

You have the right to:

  • Access your personal information via your account settings
  • Update your name and profile information at any time
  • Delete your account permanently, which removes all associated data including challenge history and session records

You can manage your account from the Settings page.

9. Children's Privacy

Octomate is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can remove it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the "Last updated" date at the top of this page.

11. Contact

If you have questions about this Privacy Policy or your data, contact us at [email protected].