Privacy policy

Last updated: April 4, 2026

1. Who we are

CultCode is a session marketplace that connects builders with experienced professionals for one-on-one mentorship and guidance. We operate the website located at cultcode.dev and all associated services (collectively, the “Platform”). CultCode is operated as a private entity registered in India. For any privacy-related inquiries, you can reach us at privacy@cultcode.dev.

2. What data we collect

We collect several categories of information to provide, maintain, and improve the Platform. We are committed to collecting only what is necessary and being transparent about how that data is used.

• Account data— When you create an account, we collect your full name and email address. Authentication is handled through Clerk, and we do not store passwords on our own servers. If you sign up via a social provider (such as Google or GitHub), we receive your name, email, and profile image from that provider.
• Payment data— All payment processing is handled by DodoPayments. We never store your credit card number, CVV, or full card details on our servers. We retain only a reference to your DodoPayments customer ID, the last four digits of your card for display purposes, and transaction identifiers for bookkeeping.
• Session data— When you book or conduct a session, we store session metadata including the date, time, participants, session topic, and any notes or messages exchanged between the builder and the pro before or after the session.
• Usage data— We collect anonymised usage data such as pages visited, features used, referral sources, and device type. This data is aggregated and cannot be used to identify individual users.
• Cookies— We use a single authentication session cookie issued by Clerk to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

3. How we use your data

We use the information we collect for the following purposes:

• To provide and operate the Platform, including matching builders with pros, processing payments, and facilitating sessions.
• To send transactional emails such as booking confirmations, session reminders, cancellation notices, and payment receipts.
• To improve the Platform by analysing aggregated, anonymised usage patterns and identifying areas where the user experience can be enhanced.
• To respond to support requests and communicate with you about your account.
• To comply with legal obligations, enforce our Terms of Service, and protect the rights and safety of our users.

We will never sell, rent, or trade your personal data to third parties for marketing or advertising purposes. Your data is yours.

4. Third-party services

We rely on a small number of trusted third-party services to operate the Platform. Each of these services has their own privacy policy governing the data they process on our behalf:

• Clerk— Handles user authentication, session management, and identity verification. Clerk processes your email, name, and authentication tokens. See Clerk's Privacy Policy.
• DodoPayments— Handles payment processing, including card storage, billing, and payouts to pros. DodoPayments is PCI DSS Level 1 certified. See DodoPayments's Privacy Policy.
• Resend— Handles transactional email delivery for booking confirmations, reminders, and account notifications. See Resend's Privacy Policy.
• Supabase— Provides the database infrastructure where session records, user profiles, and platform data are stored. Data is encrypted at rest and in transit. See Supabase's Privacy Policy.
• Vercel— Hosts the Platform and serves web pages. Vercel may process IP addresses and request headers as part of standard web hosting. See Vercel's Privacy Policy.

5. Data retention

We retain your data for only as long as necessary to fulfil the purposes outlined in this policy:

• Account data— Retained for as long as your account is active. When you delete your account, we remove your personal data within 30 days, except where retention is required by law.
• Session logs— Session records, including notes and metadata, are retained for 2 years from the date of the session. After this period, they are permanently deleted.
• Payment records— Transaction records and invoices are retained for 7 years to comply with applicable tax and financial reporting requirements under Indian law.

6. Your rights

You have the following rights with respect to your personal data:

• Access— You can request a copy of all personal data we hold about you at any time.
• Correction— You can update or correct inaccurate information in your account settings, or contact us to make changes on your behalf.
• Deletion— You can request the deletion of your account and associated personal data. Some data may be retained where required by law.
• Export— You can request an export of your session logs and account data in a machine-readable format.

To exercise any of these rights, please contact us at privacy@cultcode.dev. We will respond to your request within 30 days.

7. Cookies

We use a single, strictly necessary authentication cookie issued by Clerk to maintain your logged-in session. This cookie does not track your behaviour across websites and is required for the Platform to function. We do not use advertising cookies, analytics cookies, or tracking pixels of any kind. For more details, see our Cookie Policy.

8. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. If we make material changes that affect how we handle your personal data, we will notify you by email at the address associated with your account at least 14 days before the changes take effect. Non-material changes (such as formatting or clarifications) may be made without notice. We encourage you to review this page periodically.

9. Contact

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at privacy@cultcode.dev. We aim to respond to all inquiries within 30 days.