Privacy Policy

1. Overview

ReviewDojo ("we", "us", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

• Email address — collected at sign-up via magic link authentication. Used to identify your account and send transactional emails (e.g. login links).
• Full name — optionally provided by you for use on belt certification documents. Not required to use the Service.
• Challenge activity — code annotations, submissions, scores, XP, belt progress, and certifications. Used to power the grading system and your profile.
• Payment information — processed exclusively by Stripe. We do not store card numbers or banking details on our servers.
• Usage data — pages visited, features used, and general interaction patterns. Used to improve the product.

3. How We Use Your Data

• To authenticate you and manage your account
• To grade your code reviews and track your belt progress
• To process credit purchases and fulfill orders
• To send transactional emails (login links, cert notifications)
• To improve the quality of challenges and grading

4. Third-Party Services

We use the following third-party services to operate ReviewDojo:

• Supabase — database and authentication. Your account data and challenge history are stored here.
• Stripe — payment processing. Stripe handles all credit card data under their own Privacy Policy.
• Anthropic (Claude) — AI grading and challenge generation. Code you submit for review is sent to Anthropic's API for processing. Anthropic may use API inputs to improve their models unless you opt out via their enterprise agreement.
• OpenAI — AI challenge generation and test simulation. Code content may be sent to OpenAI's API for processing under their Privacy Policy.

5. Data We Do Not Collect

• We do not collect your phone number or physical address
• We do not store payment card information
• We do not sell your data to third parties
• We do not run advertising networks

6. Data Retention

We retain your account data for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law or for fraud prevention.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Object to certain processing of your data
• Data portability (receive your data in a machine-readable format)

To exercise any of these rights, email us at support@reviewdojo.io.

8. Cookies

We use cookies solely for authentication (session management via Supabase). We do not use tracking or advertising cookies. If we add analytics in the future, this policy will be updated.

9. Security

We use industry-standard practices to protect your data, including encrypted connections (HTTPS), row-level security in our database, and no storage of sensitive credentials on our servers. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or a notice on the site. Continued use of ReviewDojo after changes constitutes acceptance of the updated policy.

11. Contact

Privacy questions or requests? Email us at support@reviewdojo.io.