Docs Privacy Policy Privacy Policy

Here we describe how we treat your data.

If you want to delete your data, then send us a mail to

3rd Party Services We Use

  • EthicalAds for privacy focused ads
  • Vercel for partial website hosting
  • PostHog for privacy friendly analytics
  • Self-hosted Umami for anonymized website analytics
  • Google and GitHub for OAuth login
  • Stripe to process credit card payments

What do we store in our database(s):

  • An unique identifier of your account
  • Type of sign in method (Google, GitHub, Email)
  • Provider's account ID
  • Access token
  • When your account was created and when was it last updated
  • Your notes
  • Your nickname / name
  • Your email
  • When was your email verified
  • Link to your accounts image if signed in with a 3rd party provider
  • Stripe customer ID
  • Stripe period end
  • Verfifcation token if signed in with email
  • That's mostly it!

We do NOT link your IP to your account on our servers!

Your privacy is important.

Protecting your privacy is really important to us. With this in mind, we’re providing this Privacy Policy to explain our practices regarding the collection, use and disclosure of information that we receive through our Services. This Privacy Policy does not apply to any third-party websites, services or applications, even if they are accessible through our Services. In this Privacy Policy:

We’ll refer to our website as “Site” and "website". We’ll refer to as pwn. or “we” or “us” or “our”. We’ll refer to all the products and services we provide individually and collectively, as the “Services”. We’ll refer to you, the person or entity accessing our Site or using our Services, as “you” or “your” or (if you are a purchaser of our Services, our “customer”).

Some other definitions we’ll be using in this Privacy Policy

What is a Data Controller? For general data protection regulation purposes, the “Data Controller” means the organization who decides the purposes for which and the way in which any personal data is processed. Our customers are the Data Controllers.

What is a Data Processor? A “Data Processor” is an organization which processes Personal Information for a Data Controller. We are the Data Processor for our customers. As a Data Processor, we are bound by the requirements of the General Data Protection Regulations (the “GDPR”).

What is Data Processing? Data processing is any operation or set of operations performed upon Personal Information (whether automated or not). Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.

How do we collect Personal Information?

We collect Personal Information from you by visiting our website(s) or/and getting information by you inputting it manually into our system.

We may also receive information about you, including Personal Information, from third parties, and may combine this information with other Personal Information we maintain about you. If we do so, this Privacy Policy governs any combined information that we maintain in personally identifiable format. What information do we collect?

We may collect the following types of Personal Information from you:

Your email address Your name / nickname Your notes Sign in method (with email, Google or GitHub) Your subscribtion status (subscribed to PLUS / not subscribed) We may retain (if needed) server logs which include the IP address of every request to our server

We may also collect and aggregate information about the use of our Site and our Services. That information could include information such as your Internet Protocol (IP) address, browser type, operating system, the web page that you were visiting before accessing our Site, the pages or features of our Site which you browsed and the time spent on those pages or features, search terms, the links on our Site that you clicked on and other statistics. If you access our Site using a mobile device, we may collect information such as a device identifier, user settings and the operating system of your device, as well as information about your use of our Services. What do we use your Personal Information for?

We will use your Personal Information, in compliance with this Privacy Policy, to help us deliver the Services to you. Any of the information we collect from you may be used in any of the following ways:

To authenticate users when they browse the training material To provide analytics for our customers To improve our Site and our Services — we continually strive to improve our site offerings based on the information and feedback we receive from you. To improve customer service — your Personal Information helps us to more effectively respond to your customer service requests and support needs. To send periodic emails — The email address you provide may be used to send you information, notifications that you request about changes to our Services, to alert you of updates, and to send periodic emails containing information relevant to your account.

We may also use your Personal Information where necessary for us to comply with a legal obligation, including to share information with government and regulatory authorities when required by law or in response to legal process, obligation, or request.

We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose your Personal Information to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas); (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general; and (iii) to stop any activity that we consider illegal, unethical or legally actionable activity.

We will request your consent before we use or disclose your Personal Information for a materially different purpose than those set forth in this Policy. Consent may be obtained by any legally sufficient method. For example, depending on the circumstances and applicable laws, consent may be obtained by providing you with notice and the opportunity to opt-out.

By signing up to you agree to us sending you emails. You can unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving commercial email from us by sending us an email at Please be aware that if you opt-out of receiving commercial e-mail from us, it may take up to ten business days for us to process your opt-out request, and you may receive commercial e-mail from us during that period. Additionally, even after you opt-out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding our Services.

Do we use cookies?

Yes. We may use both session Cookies and persistent Cookies to identify that you’ve logged in to the Services and to tell us how and when you interact with our Site. We use cookies to understand and save your preferences for future visits and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may also use Cookies to monitor aggregate usage and web traffic routing on our Services and to customize and improve our Services. Unlike persistent Cookies, session Cookies are deleted when you log off from the Services and close your browser. Although most browsers automatically accept Cookies, you can change your browser options to stop automatically accepting Cookies or to prompt you before accepting Cookies. Please note, however, that if you don’t accept Cookies, you may not be able to access all portions or features of the Site or the Services. We may also collect information via standard server logs or clear GIFs (also known as “Web beacons”). If we link or associate any information gathered through passive means with Personal Information, we treat the combined information as Personal Information under this Privacy Policy. Otherwise, we use information collected by passive means in non-personally identifiable form only.

Who at may access your Personal Information?

Designated members of our staff may access Personal Information to help our customers with any questions they have, including help using the product, investigating security issues, or following up on bug fixes with the customer. This activity is logged in our system for compliance, and we maintain different levels of access for its employees depending on their role in our company. Do we disclose any information to outside parties?

Except as set out below, we do not sell, trade, or otherwise transfer to outside parties your personal information without your consent.. Non-personally identifiable visitor information, however, may be provided to other parties for marketing, advertising, or other uses.

We may disclose Personal Information to third-party service providers (for example, payment processing and data storage and processing facilities) that assist us in our work. We limit the Personal Information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such Personal Information. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

We may also release your Personal Information when we believe release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property, or safety.

Your Personal Information may also be transferred to another company in the event of a transfer, change of ownership, reorganization or assignment of all or part of our businesses or assets. This will occur if the parties have entered into an agreement under which the collection, use and disclosure of the information is limited to those purposes of the business transaction, including a determination whether or not to proceed with the business transaction. You will be notified via email or prominent notice on our websites for thirty (30) days of any such change in ownership or control of your Personal Information or as otherwise may be required or permitted by law. How do we handle global transfers and process of your Personal Information?

Although we welcome people from all over the world, keep in mind that no matter where you live or where you happen to use our services, your Personal Information may be shared. This means that we may collect your Personal Information from, transfer it to, and store and process it in the United States and other countries outside of where you live. For example, some of our third-party providers may be located in different countries. Where this is the case, we will take steps to make sure the right security measures are taken so that your privacy rights continue to be protected as outlined in this Privacy Policy. By submitting your Personal Information, you’re agreeing to this transfer, storing or processing. If we transfer your Personal Information from the E.U. and process it in the United States, we do so in accordance with applicable law. With respect to information received or transferred, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We will not transfer your Personal Information outside the European Economic Area (“EEA”) unless it takes such measures as are necessary to provide adequate protection for such Personal Information consistent with the requirements of applicable laws. To the extent that we process (or causes to be processed) any Personal Information originating from the EEA in a country that has not been designated by the European Commission as providing an adequate level of protection for Personal Information, the Personal Information shall be deemed to have adequate protection (within the meaning of EU Data Protection Legislation) by virtue of the European Commission’s Standard Contractual Clauses for data transfers between EU and non-EU countries, whereby you will be regarded as the Data Exporter and we will be regarded as the Data Importer. In the event that the Contractual Clauses are deemed to no longer be a valid mechanism to legitimize transfers of personal data outside the European Economic Area, we will amend this Policy in order to establish a legitimate transfer of personal data outside the European Economic Area. Principle of Onward Transfer

In the context of an onward transfer of data to a third party, we have responsibility for the processing of Personal Data we receive and subsequently transfer to a third party acting as an agent on our behalf. We shall remain liable under applicable law if our agent processes such Personal Data in a manner inconsistent with applicable law, unless we prove that we are not responsible for the event giving rise to the damage. Retention of your Personal Information

We retain your Personal Information for as long as we need to fulfill our Services. In addition:

We may keep data linked to cookies and other online identifiers up to three years. If we are involved in litigation or a governmental or regulatory investigation, then we keep data throughout the period of litigation or investigation and for 5 years after that. If a settlement means that we have to keep data for longer, then we keep data for the period required to administer the settlement. If we provide data to law enforcement agencies, then we keep a record of this for one year beyond the end of the investigation.

Third-party Links

Occasionally, at our discretion, we may include or offer third-party products or services on our Site. This Privacy Policy only applies to our Site, so when you link to other websites you should read those separate and independent privacy policies. We have no responsibility or liability for the content and activities of these linked sites. However, we seek to protect the integrity of our site and welcome any feedback about these sites. Children’s Online Privacy Protection Act Compliance

Our Site, products and services are all directed to people who are at least 18 years old or older. We strive to comply with the requirements of COPPA (Children’s Online Privacy Protection Act). If this server is in the United States, and you are under the age of 13, do not use this site. We do not knowingly collect Personal Information from children under the age of 18 or your country’s age of minority. If you nevertheless believe that your child has provided us with their Personal Information, please contact us and we will delete it. Online Privacy Policy Only

This Privacy Policy applies only to information collected through our site and not to information collected offline. Your Consent

By using our site, you consent to this Privacy Policy. Your Rights

Other rights you have include the rights to:

Ask for a copy of your Personal Information This is known as a Subject Access Request. If you would like a copy of some or all of one of your user's Personal Information, please contact us as Ask us to correct your Personal Information It is your right to lodge an objection to the processing of your Personal Information if you believe that the legal ground “relating to your particular situation” applies. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defense of a legal claims. Ask us to erase certain categories or types of information If you choose to remove your Personal Information, you acknowledge that we may retain archived copies of your Personal Information in order to satisfy our legal obligations, or where we reasonably believe that we have a legitimate reason to do so. Our customers may request that one of their users be removed from our system entirely by contacting us at Ask us to restrict certain processing You have the right to object to processing of Personal Information. Where we have asked for your consent to process information, you have the right to withdraw this consent at any time. “Opt out” of certain sharing of Personal Information You may limit or "opt-out" of our sharing your Personal Information with third parties. Obtain the information you provide in a structured, machine readable format, and Ask us to transfer your Personal Information to other organizations.

If we decide to change our privacy policy, we will post those changes on this page. If we are going to use Personal Data collected through the Site in a manner materially different from that stated at the time of collection, then we will notify users via email and/or by posting a notice on our Site for 30 days prior to such use or by other means as required by law. Contacting Us

Our website is hosted on Vercel, so their privacy policy found on is also affective for our whole or partial website.

If you are a paying customer, then your billing information goes through Stripe. You can see their privacy policy on

If you have any questions, comments, or concerns about this privacy policy, please contact us at

Please dont sue us uwu