Skip to main content

Sign in

Save your progress and access it from any device.

Or with email

Don't have an account?

Privacy policy

Privacy Policy

Last updated: March 2026

Introduction

Protecting your personal data is a priority for GitQuest. This privacy policy explains what data we collect, why we collect it and how we use it, in accordance with the General Data Protection Regulation (GDPR).

Data controller

The data controller for personal data is Anais, publisher of the gitquest.app website. For any question regarding your data, you can contact us at: anais.camille.sparesotto@gmail.com.

Data collected

We may collect the following data:

  • Account data: email address when signing up via magic link, or username, email address and profile picture when signing in via GitHub OAuth. Account creation is optional.
  • Progress data: completed chapters, validated exercises and certification data. This data is stored locally (localStorage) and, if you are signed in, synchronized to the cloud via Supabase.
  • Certification data: first name, last name, certificate ID and cryptographic signature. This data is required for generating and publicly verifying your certificate.
  • Technical data: IP address, browser type, operating system, pages visited and visit duration. This data is collected anonymously for the purpose of improving the service.
  • Contact data: when you write to us via the contact form, we keep your email and the content of your message in order to respond.

Purposes of processing

Your data is used to:

  • Enable the operation of your account and the saving of your progress.
  • Improve pedagogical content and user experience.
  • Respond to your contact and support requests.
  • Produce anonymized statistics on application usage.

Your data is never sold to third parties and is not used for advertising purposes.

Cookies

GitQuest uses cookies that are strictly necessary for the operation of the website:

  • Supabase session cookies: maintain your login session. These cookies are required only if you choose to sign in.
  • Analytics cookies (Vercel Analytics): anonymous performance data collection (Web Vitals). No personal data is transmitted.
  • Analytics cookies (PostHog): anonymous audience measurement (pages visited, session count, user journeys). PostHog is hosted in the United States. No personally identifiable data is collected without your consent.

No advertising cookies are used.

Third-party services

We use the following third-party services:

  • Vercel Inc. (United States): website hosting. Data is subject to their privacy policy and standard contractual clauses for transfers outside the EU.
  • Supabase Inc. (United States): authentication and storage of progress and certification data. Data is encrypted in transit (TLS) and at rest. Supabase acts as a data processor under the GDPR.
  • GitHub Inc. (United States): OAuth identity provider. When signing in via GitHub, we receive your username, email address and profile picture. No other data from your GitHub account is accessible.
  • PostHog Inc. (United States): audience measurement and user journey analytics (pages visited, sessions, navigation events). Data is anonymized. PostHog acts as a data processor under the GDPR.

Data retention

Account and progress data is retained as long as your account is active. Contact data is retained for a maximum of 12 months after the last exchange. Anonymized technical data is retained for 26 months.

Your rights (GDPR)

In accordance with the GDPR, you have the following rights over your personal data:

  • Right of access: obtain a copy of your personal data.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure: request the deletion of your personal data.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to the processing of your data on legitimate grounds.
  • Right to restriction: request restriction of processing in certain cases.

To exercise these rights, contact us at anais.camille.sparesotto@gmail.com. We respond within 30 days.

Data security

We implement appropriate technical and organizational measures to protect your personal data against loss, unauthorized access, disclosure or destruction. Communications are encrypted via HTTPS.

Complaints

If you believe that the processing of your personal data constitutes a violation of the GDPR, you may file a complaint with the CNIL (Commission nationale de l'informatique et des libertes): www.cnil.fr (opens new window).

Changes to this policy

This privacy policy may be updated at any time. In the event of a substantial change, users will be informed via the application or by email. The date of the last update is indicated at the top of this page.