Privacy

What we collect (only if you opt in)

• When you start a lesson (lesson slug, e.g. 01-terminal)
• When you complete a lesson (./cf check passes)
• A random anonymous identifier, generated once in your environment, stored in curriculum/.progress.json
• The language of the lesson you're reading (pt, es, en, fr)
• The country Cloudflare detects at the edge (BR, MX, FR, ...) — the IP itself is discarded

What the progress telemetry never collects

• Your GitHub account
• Your code, your files, error messages
• Your IP (Cloudflare reads the country at the edge and discards the IP before it reaches our storage)
• Anything in the telemetry that identifies you individually

Your name and email are not part of telemetry — we receive them only when you buy the course (see below). If you later run ./cf activate to claim your certificate, your previously-anonymous progress becomes linked to that purchase so we can issue it.

What happens to the data

• Stored in a Cloudflare database (D1) controlled by CyberFuturo
• Used to generate the public /stats/ dashboard (aggregate counts only, never per person)
• Never sold, never shared with sponsors, never crossed with third parties

When you buy the course

A purchase is different from the anonymous progress above. To give you access and send your login, we collect:

• Your name and email, as entered at Stripe checkout
• Payment metadata from Stripe: amount, currency, and the checkout session id — we never see or store your card number
• Your language preference and the access credentials we generate for you

Legal basis: we process this to perform our contract with you — delivering the course you paid for (GDPR Art. 6(1)(b) / LGPD Art. 7(V)).

How long we keep it: for as long as you have access to the course. The transaction record itself is kept for up to 5 years to meet tax and accounting obligations, then deleted. You can ask us to delete your data sooner — except a transaction record we are legally required to retain.

Who we share data with

We never sell your data. A small set of trusted providers process it on our behalf, each under its own data-processing terms:

• Stripe — processes your payment. Privacy policy
• Resend — delivers your welcome/access email. Privacy policy
• Cloudflare — hosts the site and database, and detects your country at the edge. Privacy policy
• GitHub — provides the Codespaces practice environment, only if you use it. Privacy policy

Some of these providers operate outside your country; where personal data is transferred internationally, it relies on the safeguards each provider offers.

Your rights — disable or delete

Course progress (telemetry):

• ./cf telemetry off — disables pings from now on
• ./cf telemetry forget — removes your local anon_id and deletes the server-side records
• Or open an issue at github.com/notifuturo/cyberfuturo asking for removal of your anon_id

Purchase data (name, email): email ola@cyberfuturo.com (or reply to your welcome email) and we will delete your personal data within 30 days, keeping only what tax law requires. You may also request a copy of your data and lodge a complaint with your data-protection authority (e.g. the ANPD in Brazil).