Privacy Policy
Last Updated: February 2, 2026
This Privacy Policy explains how BreachLogic.ai ("we," "us," or "our"), operated by Vitaly Simonovich, collects, uses, shares, and protects your personal information when you use our website and services (collectively, the "Services").
We are committed to protecting your privacy and being transparent about our data practices. This policy is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.
1. Information We Collect
1.1 Information You Provide
Account Information
- Email address (required for account creation)
- Name and display name
- Profile picture (if using Google OAuth)
Communication Data
- Contact form submissions (name, email, message)
- Service inquiries
- Support requests
Learning Data
- Course enrollments
- Lesson progress and completion status
- Quiz responses and assessments
1.2 Information Collected Automatically
Technical Information
- IP address
- Browser type and version
- Device information
- Operating system
Usage Information
- Pages visited
- Time spent on pages
- Referring website
- General location (country/region level, derived from IP)
Security Information
- Google reCAPTCHA interaction data (for spam prevention)
1.3 Information from Third Parties
Authentication Providers
- Google OAuth: Email, name, and profile picture (with your consent during sign-in)
2. How We Use Your Information
We use your information for the following purposes:
2.1 Service Delivery
- Create and manage your account
- Provide access to courses and content
- Track your learning progress
- Process service inquiries
2.2 Communication
- Send account-related notifications
- Respond to your inquiries and support requests
- Send course updates and announcements (with your consent)
2.3 Security and Fraud Prevention
- Protect against spam and abuse (via reCAPTCHA)
- Monitor for security threats
- Prevent unauthorized access
2.4 Analytics and Improvement
- Analyze usage patterns to improve our Services
- Understand which content is most valuable
- Identify and fix technical issues
2.5 Legal Compliance
- Comply with applicable laws and regulations
- Respond to legal requests
- Protect our legal rights
3. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Account creation and service delivery | Performance of contract |
| Security and fraud prevention | Legitimate interests |
| Analytics (Plausible) | Legitimate interests |
| Marketing communications | Consent |
| Legal compliance | Legal obligation |
You have the right to withdraw consent at any time where we rely on consent for processing.
4. Data Sharing and Third Parties
We do not sell your personal information. We share data only with the following parties:
4.1 Service Providers
Supabase (Database & Authentication)
- Purpose: Stores account data, course progress, and provides authentication
- Data shared: Email, name, profile picture, learning progress
- Location: United States
- Privacy: Supabase Privacy Policy
Plausible Analytics
- Purpose: Privacy-focused website analytics
- Data shared: Anonymized usage data (no personal identifiers)
- Features: Cookie-free, GDPR compliant by design, no cross-site tracking
- Location: European Union
- Privacy: Plausible Privacy Policy
Google reCAPTCHA
- Purpose: Spam and bot prevention on contact forms
- Data shared: Interaction data, IP address
- Privacy: Google Privacy Policy
4.2 Legal Requirements
We may disclose information when required by law, court order, or to protect our legal rights.
4.3 Business Transfers
In the event of a merger, acquisition, or sale, your information may be transferred to the new entity.
5. Your Privacy Rights
5.1 GDPR Rights (EEA, UK, Switzerland)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Request limited processing of your data
- Data Portability: Receive your data in a machine-readable format
- Object: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time
To exercise these rights, contact us at privacy@breachlogic.ai.
5.2 CCPA Rights (California Residents)
You have the right to:
- Know: Request disclosure of personal information collected
- Delete: Request deletion of your personal information
- Opt-Out: Opt out of the sale of personal information (we do not sell data)
- Non-Discrimination: Receive equal service regardless of exercising privacy rights
Categories of Personal Information Collected:
- Identifiers (email, name, IP address)
- Internet activity (pages visited, interactions)
- Inferences (learning progress, preferences)
Business Purposes for Collection:
- Providing and improving our Services
- Security and fraud prevention
- Analytics
To exercise your CCPA rights or designate an authorized agent, contact us at privacy@breachlogic.ai.
5.3 Other Jurisdictions
If you are located in another jurisdiction with applicable privacy laws, we will honor your rights under those laws to the extent required.
6. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days |
| Course progress | Duration of account + 1 year |
| Contact form submissions | 2 years |
| Analytics data (Plausible) | 2 years (anonymized) |
| Security logs | 1 year |
After the retention period, data is securely deleted or anonymized.
7. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States (Supabase) and the European Union (Plausible).
For transfers from the EEA/UK to third countries, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Service providers' certifications and commitments
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (TLS/HTTPS)
- Encryption of data at rest
- Access controls and authentication
- Regular security assessments
- Secure authentication via OAuth and magic links (no password storage)
While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
9. Cookies and Tracking
9.1 Our Approach
We use Plausible Analytics, a privacy-focused analytics solution that:
- Does not use cookies
- Does not track users across websites
- Does not collect personal identifiers
- Is GDPR and CCPA compliant by design
9.2 Essential Cookies
We may use strictly necessary cookies for:
- Session management (keeping you logged in)
- Security features
These cookies are essential for the Services to function and cannot be disabled.
9.3 Third-Party Cookies
Google reCAPTCHA may set cookies for bot detection purposes on forms where it is implemented. See Google's Cookie Policy for details.
10. Children's Privacy
BreachLogic.ai is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete such information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@breachlogic.ai.
11. Do Not Track
Some browsers include a "Do Not Track" (DNT) feature. Because Plausible Analytics does not track users across websites and does not use cookies, we effectively honor DNT by default.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will:
- Update the "Last Updated" date at the top
- Post the revised policy on our website
- Notify you by email for significant changes (if you have an account)
We encourage you to review this policy periodically. Your continued use of the Services after changes become effective constitutes acceptance of the revised policy.
13. Contact Us
If you have questions about this Privacy Policy, your privacy rights, or our data practices, please contact us:
Privacy Inquiries: Email: privacy@breachlogic.ai
General Contact: Email: contact@breachlogic.ai
Data Protection Inquiries (GDPR): For data subject requests or to contact our data protection representative: Email: privacy@breachlogic.ai
Response Time: We aim to respond to all privacy-related inquiries within 30 days.
14. Supervisory Authority
If you are in the EEA and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority. A list of EU Data Protection Authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en.
By using BreachLogic.ai, you acknowledge that you have read and understood this Privacy Policy.