datarekha
Policy Last updated May 27, 2026

Privacy

Short version: we collect as little as we can, we don't sell any of it, and we run no third-party trackers. The longer version is below — in plain English, no dark patterns.

What we collect

Only the things this site needs to work for you:

  • Your email, if you choose to sign in. We use it to authenticate your sessions and recover your account.
  • Your learning progress — which lessons you've completed, your streak, your XP, and the last lesson you visited. This lives on your device first (in localStorage); if you sign in, a copy is kept in our database so it follows you across devices.
  • Anonymized activity events — when a signed-in user starts or completes a lesson, we record the lesson reference and a timestamp so we can show a "live" community feed. We do not record who did it.
  • Standard server logs — IP, user-agent, requested URL — kept briefly for security and abuse prevention by our hosting provider (Vercel). We do not enrich, cross-reference, or sell them.

What we don't collect

  • No third-party analytics scripts (no Google Analytics, no Segment, nothing).
  • No advertising pixels, no remarketing, no fingerprinting.
  • No telemetry from the code you write in the in-browser playgrounds — that code runs locally in your browser via WebAssembly and never reaches our servers.
  • No social-media share trackers.

Cookies and similar tech

Strictly essential storage only:

  • Auth session (cookie / localStorage entry, managed by Supabase) so you stay signed in.
  • Theme preference (localStorage theme) so light/dark sticks across visits.
  • Progress data (localStorage dr:progress:v1) for the visual journey and streaks.
  • Started-event dedupe flags (sessionStorage) so the live feed doesn't double-count.

No tracking cookies are set, so we don't show a cookie banner.

Where the data lives

  • Hosting: Vercel (vercel.com) serves the static pages.
  • Database & auth: Supabase (supabase.com) — your progress row, magic-link emails, and optional Google sign-in flow.
  • Optional Google OAuth: if you choose "Continue with Google", Google receives a sign-in request from us. Their terms apply to that interaction.

Data centers are typically in the region closest to our user base; this site is currently configured for Supabase's ap-south-1 (Mumbai) region.

Sharing

We do not sell your data. We do not share it with third parties for their marketing. The only entities that touch it are the processors listed above (Vercel, Supabase, and Google when you choose Google sign-in) — each acting under their own terms to provide the service.

Your rights

  • Access: while signed in, you can see your progress on every page. Email us for a full export.
  • Deletion: email us to delete your account; we remove your profiles, progress, and comments rows. Anonymized activity events have no link to you and are kept.
  • Withdraw consent: clear your browser data, or sign out, and we stop syncing.

Children

The site is intended for users 13 and over (16 in the EEA). We don't knowingly collect data from younger children. If you believe a child has signed up, contact us and we'll delete the account.

Security

All data in transit is TLS-encrypted. Database access is gated by Supabase Row-Level Security — by policy, only you can read or modify your own progress row. Service-role credentials are never exposed to the browser.

Changes

If we materially change how we handle data, we'll update this page and bump the "last updated" date at the top. Returning here is the canonical way to see the current policy.

Contact

Privacy questions, deletion requests, or anything else: hello@datarekha.com.

Skip to content