Privacy Policy

NextStepQA is a trading name operated by Caoimh O'Broin, a sole trader based in Ireland. We are the data controller for personal data collected through this Platform.

We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the Irish Data Protection Acts.

Account Data

• Name and email address (collected at sign-up via Clerk)
• Google OAuth profile data if you use Sign in with Google
• Account creation date and last login

Usage Data

• Lessons viewed and completed
• Code submitted for AI review (see Section 6)
• Progress through the course

Technical Data

• Browser type and version
• Device type
• IP address (collected by Clerk and Vercel)
• Cookie identifiers (see Cookie Policy)

We use your personal data to:

• Provide and operate the Platform and your course access.
• Track and display your progress through the course.
• Send you important account and Platform updates.
• Improve the Platform based on usage patterns.
• Respond to your support queries.

We process your personal data under the following legal bases:

• Contractual necessity: to provide you with the Platform access you signed up for.
• Legitimate interests: to improve our Platform and ensure security.
• Consent: for any optional communications such as marketing emails.

We use the following trusted third-party services which may process your data:

• Clerk — Authentication and identity management. Data transfers to the US are covered by Standard Contractual Clauses.
• Supabase — Database hosting for progress and course data.
• Vercel — Platform hosting and deployment.
• Anthropic — AI code review feature. Code snippets you submit may be processed by the Anthropic API. Do not submit sensitive or proprietary code.

We do not sell your personal data to any third party.

Some of these providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

When you use the "Check My Code" or AI review features, the code you submit is sent to the Anthropic API for processing. Please do not submit confidential, proprietary, or sensitive information. Submitted code snippets are not stored permanently by NextStepQA beyond what is required to provide the service. We do not use your submitted code to train our own models.

We retain your personal data for as long as your account is active or until you request deletion, unless we are required to retain it for legal reasons. If you request deletion of your account, we will delete your personal data within 30 days.

As a data subject in the EU/EEA, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your data ("right to be forgotten").
• Restrict or object to processing of your data.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at hello@nextstepqa.com. We will respond within 30 days.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, or loss, including encryption in transit and access controls. All data is transmitted over HTTPS.

If you are unsatisfied with how we handle your personal data, you have the right to lodge a complaint with your local supervisory authority. In Ireland, this is the Data Protection Commission (DPC): www.dataprotection.ie.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on the Platform.

Data Controller: NextStepQA (Caoimh O'Broin, sole trader)

Email: hello@nextstepqa.com

Location: Ireland