What we collect, why, and how to take it back.

What we collect

Three buckets of data, all tied to your account:

1. Account fields — your email (required for sign-in), and optionally your first name, last name, organization name, and organization domain. You set these yourself on /account; we don’t enrich them from third-party sources.
2. Activity data — which modules you open, how far you scroll, which ones you complete, what you bookmark, and the timestamp of your last sign-in.
3. Personal scratch space — any notes you write on individual modules. These are private to you. The database policy explicitly forbids admins (including us) from reading them.

Why we collect it

Account fields let us authenticate you and address you by name when it makes the experience feel less generic.

Activity data powers your dashboard (“continue where you left off”), the per-card progress badges, the saved-modules list, and the analytics we use to decide what to publish next. We look at trends, not individual sessions.

Personal scratch space is for you. We collect it so you can read it back later — that’s the only purpose.

Who sees it

You, always. Portal admins (currently Matt Marrs at CaptivContent and any teammates he grants admin access) can see your account fields and your aggregate activity for analytics purposes. Admins cannot read your notes — that’s enforced by the database, not just the UI.

Supabase, our database and authentication provider, processes the data on our behalf. They have their own privacy policy and act as a sub-processor under our control.

We do not sell your data. We do not share it with advertisers. We do not stuff your email into a marketing nurture sequence. If you arrived via a CaptivContent client integration (e.g., a GoHighLevel handoff), the contact information you submitted there flows here, but the activity data stays inside the portal.

How long we keep it

Account and activity data are retained for as long as you have an active account. Notes are retained until you edit them or delete the account. When you delete your account, every row tied to your user ID is removed from the database immediately via cascading foreign keys — views, progress, bookmarks, downloads, notes. Backups are rotated on Supabase’s schedule; ask if you need specifics.

Your rights

You can export everything we have on you, as a JSON file, from /account. The download includes your profile, every module-view event, all progress rows, bookmarks, downloads, and notes — everything that has your user ID on it.

You can delete your account from the same page. Deletion is immediate and irreversible.

You can correct any account field at any time on /account. Email us if you want a field changed that isn’t editable in the UI.

Security

All traffic to the portal goes over HTTPS. The database enforces row-level security so members can only read their own personal data; there’s no shared-account model where data leaks between users. Authentication uses single-use magic links; we don’t store passwords.

We don’t pretend to be SOC 2 certified. If you’re evaluating the portal for an enterprise compliance program, email us with your specific requirements.

Cookies and tracking

The portal uses one essential cookie set by Supabase’s authentication flow. It stores your session token. There are no analytics cookies, no third-party trackers, no advertising pixels. We don’t need a consent banner because there’s no consent to obtain — the session cookie is required for the portal to function and is considered “strictly necessary” under GDPR.

Changes to this policy

We’ll update the “Last updated” date at the top whenever this changes. Material changes get a separate heads-up email to your account address.