Privacy Policy

We collect your email when you sign up for the course or buy the Toolkit. We use it to send you the course unlock email, the license key, and occasional updates when something real ships. We do not run third-party analytics, do not set tracking cookies, and do not sell or share your data. Your course progress (chapters visited, exercises checked, XP) lives only in your browser’s localStorage and never reaches our servers.

• Email address — when you sign up for the free course or buy the Toolkit. Stored in our email-sending service (Resend) and, for Toolkit buyers, in our database (Supabase) alongside your license record.
• Payment information — handled directly by Stripe. We never see or store your card details. We do store the Stripe customer ID, payment-intent ID, and checkout session ID alongside your license so we can issue refunds and look up purchases.
• Toolkit license metadata — when the npx claude-cohort installCLI verifies your license, it sends a hashed machine fingerprint so we can enforce the 10-machine cap on each license. The fingerprint is a one-way hash; we cannot reverse it to identify your hardware or your operating system specifically.

• No tracking cookies. No third-party analytics. No advertising pixels.
• Course progress (chapters visited, exercises checked, XP, streaks) is stored only in your browser’s localStorage. It never leaves your device. Clear your browser storage and it’s gone.
• We don’t collect IP addresses for analytics. Hosting infrastructure (Vercel) may briefly hold IPs in server logs for security and abuse prevention; standard Vercel retention applies.

We share data only with the processors who run the service on our behalf, and only the minimum each one needs:

• Stripe — payment processing. Subject to Stripe’s privacy policy.
• Resend — sends the course unlock email and the Toolkit license email. They receive your email address only.
• Supabase — database hosting (license records and install audit log).
• Vercel — application hosting and serverless functions.

We do not sell, rent, or share your data with anyone else for marketing or advertising purposes. Ever.

• License records — kept for the lifetime of the license, plus seven years after the last activity for tax / refund / chargeback records, then purged.
• Email subscriptions — kept until you unsubscribe, then removed within 30 days.
• Server logs — Vercel default retention (typically less than 30 days).

Email amro@amrofilms.shop to:

• Request a copy of every piece of data we hold on you (response within 30 days).
• Request deletion of that data (within 30 days, except where we’re required to retain it by tax law for purchase records).
• Unsubscribe from marketing emails — also doable in one click from any email we send.

Readers in the UK have the rights granted by the UK GDPR and the Data Protection Act 2018. Readers in the EU have the rights granted by the EU GDPR. Readers in California have the rights granted by the CCPA / CPRA. All are honored through the same email above; we don’t require special forms.

UK readers also have the right to complain to the Information Commissioner’s Office (ico.org.uk) if you believe we’ve mishandled your data — though we’d ask you to give us a chance to fix it first.

The course and Toolkit are not directed at children under 13, and we don’t knowingly collect personal data from anyone under 13. If you believe a child has given us personal data, email us and we’ll delete it.

We’ll post material changes on this page and update the “Last updated” date at the top. Continued use of the course or Toolkit after a change means you accept the updated policy.

Privacy questions, data requests, GDPR / CCPA requests, or anything else: amro@amrofilms.shop. The data controller is Claude Cohort, operating from England and Wales.