Privacy Policy

Effective Date: January 1, 2025

Last Updated: January 1, 2025

Legal Disclaimer

This Privacy Policy is provided for informational purposes and should be reviewed by a qualified attorney in your jurisdiction to ensure compliance with applicable laws and regulations.

1. Introduction

Welcome to Winning Code Lab ("we," "our," or "us"). We are committed to protecting your privacy and handling your personal information with care and transparency. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform and services.

By using our website and services, you consent to the data practices described in this policy.

2. Data Collection

We collect the following types of personal information:

2.1 Identity Information

When you create an account or interact with our platform, we collect:

  • Full name
  • Email address
  • User role (Client, Team Member, Administrator)
  • Account credentials (encrypted and stored via Supabase Authentication)

This information is stored in our profiles table, which is securely linked to Supabase Auth.

2.2 Project Data

For authenticated clients, we collect and store:

  • Project names and descriptions
  • Project budgets and timelines
  • Project status and milestones
  • Custom project requirements and specifications

This data is stored in our client_projects table. We implement Row Level Security (RLS) to ensure users can only access their own data.

2.3 Files and Documents

Clients may upload proprietary documents, design files, and project assets through our secure file upload system. These files are stored using Supabase Storage with the following security measures:

  • Signed URLs: All files are accessed via time-limited, cryptographically signed URLs. Files are never publicly accessible.
  • Access Control: Only authorized users (the client owner and assigned team members) can access uploaded files.
  • Automated Validation: Files are scanned and validated to prevent malicious uploads.

2.4 Communications

Messages exchanged between clients and our team are stored in a secure messages table. This includes:

  • Message content
  • Timestamps
  • Sender and recipient information
  • Message status (read/unread)

2.5 Analytics and Usage Data

We collect non-personally identifiable information about how you use our platform, including:

  • Page views and navigation patterns
  • Browser type and version
  • Device information
  • IP address (for security purposes)

3. Security Measures

We implement industry-standard security practices to protect your data:

3.1 Row Level Security (RLS)

Our database utilizes Row Level Security (RLS) policies to ensure that clients can only access their own data. This means:

  • Clients cannot view other clients' projects, files, or messages
  • Database-level enforcement prevents unauthorized data access
  • Even in the event of application-level vulnerabilities, RLS provides an additional layer of protection

3.2 Automated Input Validation

We use automated Edge Functions to:

  • Validate and sanitize user inputs
  • Prevent spam submissions on contact forms
  • Detect and block malicious file uploads
  • Rate-limit requests to prevent abuse

3.3 Encryption

All data is encrypted:

  • In Transit: All communications use HTTPS/TLS encryption
  • At Rest: Database and file storage are encrypted at rest
  • Passwords: User passwords are hashed using industry-standard algorithms

4. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

4.1 Authentication Cookies

Essential cookies are used for session management and user authentication. These cookies:

  • Maintain your logged-in state
  • Protect against unauthorized access
  • Are strictly necessary for platform functionality

4.2 Language Preference Cookies

We store your language preference (English, French, Haitian Creole, or Spanish) to provide a personalized experience. This cookie remembers your selection across sessions.

4.3 Managing Cookies

You can control cookies through your browser settings. However, disabling authentication cookies will prevent you from accessing your client dashboard.

5. Third-Party Service Providers

We work with the following trusted third-party providers:

5.1 Supabase (Backend Provider)

Supabase provides our database, authentication, and storage infrastructure. They are SOC 2 Type II compliant and implement industry-leading security practices. Data is stored in secure, geographically distributed data centers.

5.2 Vercel (Hosting Provider)

Vercel hosts our frontend application and provides CDN services for fast, global content delivery. They maintain strict security and uptime standards.

Both providers are bound by strict data processing agreements and are prohibited from using your data for their own purposes.

6. Data Retention

We retain your personal data only as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

Upon account termination or deletion request, we will delete or anonymize your personal data within 30 days, unless legal retention requirements apply.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to certain processing activities
  • Withdraw Consent: Withdraw previously given consent

To exercise these rights, please contact us at privacy@winningcode.dev.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place to protect your information.

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending email notifications for material changes (if you have an account)

Your continued use of our services after such changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Winning Code Lab

Email: privacy@winningcode.dev

General Inquiries: hello@winningcode.dev