Skip to main content

Privacy Policy

Last updated: March 2026

What we collect

Email address

Used for passwordless login and optional email communications (lesson reminders, product updates). You can unsubscribe from any category at any time.

Session cookie

One essential cookie (opal_session) keeps you signed in. It is strictly necessary and exempt from GDPR consent requirements.

Anonymous analytics

We use Vercel Analytics, which is cookieless and collects no personally identifiable information. It gives us aggregate page-view and performance data only.

LocalStorage

A few keys store UI preferences (cookie notice dismissal, theme) locally on your device. This data never leaves your browser.

Third-party embeds

Some pages embed Wistia videos and Google Slides. These providers may set their own cookies when you interact with embedded content. We don't control those cookies.

Why we collect it

  • Email: To authenticate you and send communications you opt into.
  • Session cookie: To keep you logged in between visits.
  • Analytics: To understand which pages are useful and improve the product.

Cookie disclosure

If your browser timezone suggests you're in the EU/EEA, we show a brief disclosure banner explaining our one essential cookie. Since we don't use tracking cookies or non-essential cookies, no consent gate is needed under GDPR — just a disclosure. The banner saves a localStorage key when you dismiss it so it doesn't reappear.

Email communications

We use Resend to send emails. Every email includes a one-click unsubscribe link. You can manage per-category preferences from the unsubscribe page. If your email address bounces, we automatically opt you out of all future emails.

Third-party services

  • Vercel — hosting, serverless functions, cookieless analytics
  • Supabase — PostgreSQL database (stores your agents, progress, and email)
  • Resend — transactional and marketing email delivery
  • Google Gemini — AI agent generation (your prompts are sent to Google's API)
  • Wistia — video hosting for lesson content

Your rights

You have the right to access, correct, or delete your personal data. To make a request, email us at the address below. We'll respond within 30 days.

Transparency: known gaps

  • No automated self-service data export or account deletion yet (manual via email)
  • EU detection uses browser timezone heuristics, not GeoIP — it may not be perfectly accurate
  • No formal Data Processing Agreements (DPAs) with sub-processors
  • Third-party embeds (Wistia, Google Slides) may have their own cookie policies we can't control

Contact

Questions about your data or this policy? Email support@optimizely.com

← Back to home