# Privacy Policy

1. Introduction

IKIGAI Ventures BV ("we", "us", "our"), a company registered in the Netherlands (KVK: 87875438, BTW: NL864433815B01), operates code-agents.ai (the "Platform"). This Privacy Policy explains how we collect, use, and protect your information when you use our Platform.

2. Information We Collect

We collect the following categories of information:

• Account information — email address and password, managed through Supabase Authentication
• OAuth metadata — when you sign in via GitHub or Google, we receive your provider name, display name, username, and avatar URL
• Profile data — referral code, access level, and activation status
• Purchase data — content tier purchased, price paid, and Polar.sh order identifier. We do not store your credit card number or payment details.
• Course progress — chapter completions and quiz results used to track your learning progress
• Referral data — referral relationships, referral status (pending or confirmed), and milestone achievements
• Gift pass data — gift passes sent and received, claim status, and expiry information
• B2B interest form — email address, company size, and current AI tool, submitted voluntarily through our Teams interest form
• Community interest — opt-in preference for Discord community notifications

3. Information We Do NOT Collect

We want to be transparent about what we do not do:

• We do not use analytics or tracking scripts (no Google Analytics, no pixel trackers)
• We do not collect advertising identifiers
• We do not store credit card numbers — all payment processing is handled by Polar.sh as our Merchant of Record

4. Cookies and Local Storage

We use the following cookies and browser storage, all first-party and functional:

• Session cookies — httpOnly cookies provided by Supabase Authentication to keep you signed in. These are strictly required for authentication.
• Referral attribution cookie — when you arrive via a referral link (e.g. ?ref=code), we store the referral code in a first-party cookie (ca_ref) for up to 30 days. This ensures the referral is credited if you sign up later in a different session. The cookie is deleted after signup. We also mirror this value to browser localStorage as a fallback.

We do not use marketing cookies, advertising trackers, or any third-party cookie-based tracking.

5. How We Use Your Information

We use the information we collect to:

• Authenticate your identity and manage your account
• Process purchases and grant access to purchased content tiers
• Operate the referral program — track referrals, confirm activations, and unlock content at milestone thresholds
• Manage gift passes — issue, track, expire, and return unclaimed credits
• Send transactional emails — purchase confirmations, milestone notifications, and gift pass alerts
• Track your course progress and display it on your dashboard
• Follow up on B2B interest form submissions
• Maintain platform security through Row Level Security policies on all database tables

6. Third-Party Services

We rely on the following third-party services to operate the Platform:

• Supabase — authentication and database hosting (Privacy Policy)
• Polar.sh — Merchant of Record for payment processing, tax, VAT, and GST compliance (Privacy Policy)
• Resend — transactional email delivery (Privacy Policy)
• AWS Amplify — application hosting (Privacy Policy)
• GitHub / Google — OAuth sign-in providers (GitHub Privacy, Google Privacy)

7. Data Security

We protect your data through the following measures:

• All traffic is encrypted via HTTPS
• Row Level Security (RLS) is enabled on all database tables, ensuring users can only access their own data
• Passwords are hashed using bcrypt via Supabase Authentication
• Session tokens are stored in httpOnly cookies to prevent client-side script access

8. Data Retention

• Account data — retained while your account is active. Deleted upon account deletion request.
• Gift pass records — retained for auditing purposes
• Purchase records — retained for financial and tax compliance
• B2B interest submissions — retained for outreach purposes until you request removal

9. Your Rights

You have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and associated data
• Portability — request your data in a portable format

To exercise any of these rights, contact us at onder@code-agents.ai.

10. Referral Program Data

When you sign up, a unique referral code is automatically generated for your account. If you share your referral link and someone registers through it, we record the referral relationship. A referral is only "confirmed" when the referred user completes at least one course step — signup alone creates a "pending" referral. Confirmed referrals affect your access level on the Platform.

If a visitor arrives via a referral link before signing up, we store the referral code in a first-party cookie and browser localStorage so the attribution is preserved across page visits. This data is deleted automatically after the referral is linked at signup. See Section 4 for details.

11. Children's Privacy

The Platform is not directed at individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us at onder@code-agents.ai and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Your continued use of the Platform after changes are posted constitutes acceptance of the revised policy.