← Back to Home

Data Policy

Last updated: October 31, 2025

1. Overview

This Data Policy explains in detail how Pitch Rise collects, uses, stores, and protects your data. This policy supplements our Privacy Policy and provides transparency about our data practices.

2. Data We Collect

2.1 Account Data

  • Authentication: Email, password (encrypted), auth provider (Google/GitHub)
  • Profile: Display name, birth date (for age verification), region/location
  • Avatar: Character selection or photo URL, nickname (for under-18)
  • Preferences: Theme settings, notification preferences

2.2 Learning Progress Data

  • Problem Attempts: Timestamp, correctness, time spent, XP earned
  • Skill Levels: Current difficulty level for math and reading
  • Progress Metrics: Total problems solved, accuracy rate, streak days
  • Achievements: Certificates earned, badges, milestones reached

2.3 Engagement Data

  • Usage Patterns: Login frequency, session duration, feature usage
  • Leaderboard: Rankings, points, regional standings
  • Social: Challenge participation, cohort membership
  • Survey Responses: Feedback on learning experience

2.4 Technical Data

  • Device Info: Browser type, OS, screen resolution
  • Network: IP address (anonymized after 30 days)
  • Performance: Page load times, errors encountered
  • Analytics: Page views, click events, navigation paths

3. How We Store Your Data

3.1 Infrastructure

We use industry-leading platforms to ensure your data is secure:

  • Firebase (Google Cloud): All user data, authentication, and learning progress
  • Vercel: Application hosting with edge caching
  • Data Centers: Multiple regions for redundancy and performance

3.2 Encryption

  • In Transit: TLS 1.3 encryption for all data transmission
  • At Rest: AES-256 encryption for stored data
  • Passwords: Bcrypt hashing with salt
  • Birth Dates: Encrypted and access-restricted

3.3 Access Controls

  • Role-based access control (RBAC)
  • Minimum necessary access principle
  • Multi-factor authentication for admin access
  • Regular access audits and reviews

4. Data Usage

4.1 Adaptive Learning

We use your learning data to:

  • Calculate appropriate difficulty levels based on last 10 attempts
  • Identify knowledge gaps and recommend focus areas
  • Track progress over time and generate reports
  • Provide personalized feedback and explanations

4.2 Platform Improvement

We analyze aggregated, anonymized data to:

  • Improve problem difficulty calibration
  • Enhance AI explanation quality
  • Optimize user experience and interface
  • Develop new features and content

5. Data Sharing

5.1 What We Never Share

We NEVER:

  • Sell your personal data
  • Share student data with advertisers
  • Use student data for marketing purposes
  • Share birth dates or age verification data
  • Provide identifiable student information to third parties without consent

5.2 Service Providers

We share limited data with trusted service providers who help us operate the Platform:

Firebase/Google Cloud:

  • Authentication services
  • Database hosting
  • Covered by Google's Data Processing Agreement

AI Providers (OpenAI, Anthropic):

  • Problem explanations and hints
  • No personally identifiable information sent
  • Only anonymized problem content and solutions

6. Data Retention

Data TypeRetention Period
Account InformationUntil account deletion + 90 days
Learning ProgressUntil account deletion + 90 days
IP Addresses30 days (then anonymized)
Survey Responses3 years or until deletion requested
Analytics (Aggregated)Indefinitely (anonymized)

7. Your Data Rights

7.1 Access Your Data

You can request a copy of all your data at any time. We will provide it in a machine-readable format (JSON) within 30 days.

7.2 Correct Your Data

You can update most of your information directly in your account settings. For other corrections, contact us at data@ludwitt.com.

7.3 Delete Your Data

You can request account deletion at any time. We will:

  • Delete your personal information within 90 days
  • Anonymize learning data used in aggregated analytics
  • Retain only what's legally required (e.g., financial records)
  • Provide confirmation once deletion is complete

7.4 Port Your Data

You can export your learning progress, achievements, and profile data to transfer to another service.

8. Data Breach Protocol

In the unlikely event of a data breach, we will:

  • Immediately investigate and contain the breach
  • Notify affected users within 72 hours
  • Report to relevant authorities as required by law
  • Provide guidance on protective measures
  • Conduct a thorough post-incident review

9. Contact Our Data Protection Team

For data-related questions or requests:

Data Protection Officer: dpo@ludwitt.com

Data Access Requests: data@ludwitt.com

Data Deletion Requests: delete@ludwitt.com

Security Concerns: security@ludwitt.com