Privacy Policy

Last updated: 16 June 2026

This policy explains what personal data brookebit collects, why, and how you can control it. If you have questions, email us at [email protected].

1. Who we are

brookebit is an educational tool for IB Computer Science students, operated by Michael Brooke. References to "we", "us", or "brookebit" in this policy refer to the data controller for your personal data.

Contact: [email protected]

2. What data we collect

When you create an account and use brookebit, we collect:

Your email address — used as your login identifier
Your password — stored as a one-way hash; we never store or transmit your plain-text password
Exercise progress — which exercises you have attempted and passed
XP, levels, and cosmetic choices — in-app gamification state
Daily activity dates — used to calculate streaks

We do not use analytics tools, advertising trackers, or tracking pixels. We do not collect your name, date of birth, or location.

3. Legal basis for processing (GDPR)

We process your data on the following bases under UK/EU GDPR Article 6:

Contract (Art. 6(1)(b)) — processing your email and password is necessary to provide the account-based service you signed up for
Legitimate interests (Art. 6(1)(f)) — storing exercise progress and XP is necessary to deliver the core learning experience you expect from the app

4. Under-16s

brookebit is designed for IB CS students, many of whom may be under 16. If you are under 16, you should obtain your parent or guardian's permission before creating an account. By registering, you confirm either that you are 16 or older, or that a parent or guardian has given their consent.

If you are a parent and believe your child has registered without consent, contact us at [email protected] and we will delete the account promptly.

5. Where your data is stored

Your data is stored in a PostgreSQL database hosted on Supabase, located in the EU (Ireland, eu-west-1). This means your data remains within the European Economic Area and is subject to GDPR-standard data protection.

6. How long we keep your data

We retain your account data for as long as your account is active. If you request deletion, we will remove all personal data associated with your account within 30 days.

7. Your rights

Under UK/EU GDPR, you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — ask us to correct inaccurate data
Erasure — ask us to delete your account and all associated data
Restriction — ask us to pause processing of your data in certain circumstances
Portability — request your data in a machine-readable format
Objection — object to processing based on legitimate interests

To exercise any of these rights, email [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or your local EU supervisory authority.

8. Third-party services

We use the following third-party processors:

Supabase — database hosting (EU). Privacy policy ↗
Render — application hosting. Privacy policy ↗
Cloudflare — DNS and static site hosting. Privacy policy ↗

We do not sell or share your personal data with any third party for marketing purposes.

9. Cookies

brookebit does not use cookies for tracking or advertising. The app uses browser localStorage to keep you logged in between sessions. This data stays on your device and is not transmitted to third parties.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the date at the top of this page. Continued use of brookebit after changes are posted constitutes acceptance of the updated policy.

Questions or requests: [email protected]