Plain-language heads-up: we're a small team and this is a straightforward draft, not yet reviewed by a privacy lawyer. If something here conflicts with your rights under PIPEDA, the GDPR, CCPA, or another applicable law, your rights win.
The short version
- We collect the minimum needed to run Phended.
- We never sell your data.
- You can email support@phended.com any time to see, correct, or delete what we have.
Who we are
Phended is a cybersecurity education project based in British Columbia, Canada. We operate phended.com, learn.phended.com, and dave.phended.com. In this policy, "we," "us," and "Phended" refer to the people running these sites.
What we collect
When you read the blog or visit Resources: nothing that identifies you, unless you've opted into analytics cookies. See our Cookie Policy.
When you chat with Dave: your messages and Dave's replies, held in your browser and briefly on our servers so the conversation works. We don't use Dave conversations to train external models.
When you subscribe to the newsletter: your email address. The newsletter is delivered through Substack, so their privacy policy also applies.
When you create a Phended Learn account: your name, email, a password (we only store a one-way hash), and your course progress.
When you enroll in a course without an account: just an email, used to send you a magic link so you can resume later.
When you contact us: whatever you put in the form or the email.
Automatic data when you visit: standard web logs (IP address, browser, pages visited). We use these to keep the site working and detect abuse.
How we use it
- Deliver the thing you asked for (the post, the lesson, the reply).
- Send the newsletter you subscribed to.
- Save your course progress so you can come back.
- Improve Phended. We look at aggregated usage to understand what's helpful and what needs rewriting.
- Respond to your questions.
- Spot and stop abuse or fraud.
What we don't do
- Sell your data.
- Rent your data to advertisers.
- Share your email with anyone we haven't told you about.
- Use your personal information to train third-party AI models.
Who processes data for us
To run Phended we use a small number of trusted providers:
- Vercel: hosts our websites (US).
- Neon: hosts the database for Phended Learn (US).
- Resend: sends transactional email like magic links and verification (US).
- Substack: hosts the newsletter and RSS archive (US).
- Google Analytics: optional, only loaded if you accept analytics cookies (US).
- OpenRouter / Anthropic: provides the model that powers Dave (US).
- FormSubmit.co: relays contact-form messages to our inbox.
Each of these processes data under their own privacy policy. We only send them what's needed to do their job.
How long we keep it
- Account data: until you delete your account.
- Course progress: until you delete your account, or 5 years of inactivity, whichever is first.
- Dave chat history: in your browser only. We keep short-lived server-side logs for abuse prevention and delete them within 30 days.
- Newsletter email: until you unsubscribe.
- Web logs: up to 90 days.
Your rights
Whatever country you're in, you can email support@phended.com to:
- See what data we have about you.
- Correct anything wrong.
- Delete your account and associated data.
- Opt out of analytics, or adjust your consent in the cookie banner.
- Unsubscribe from the newsletter (also one-click via the email).
If you're in Canada, you have rights under PIPEDA. If in the EU/UK, under the GDPR. If in California, under the CCPA. These laws grant additional specific rights (data portability, etc.). Email us and we will honor them.
Children
Phended is designed for all ages, including older children learning about online safety. We don't knowingly collect data from children under 13 without parental consent. If you believe we have, email us and we'll delete it.
Security
We use HTTPS everywhere, hash passwords, and keep access to servers limited to the people running Phended. No system is perfectly secure, but we treat your data with care.
Changes
If we make meaningful changes to this policy we'll update the "Last Updated" date and, for significant changes, email account holders.
Contact
Questions, requests, or concerns: support@phended.com (or legal@phended.com for anything formal).