Privacy Policy
Last updated: 31 May 2026
This Privacy Policy explains how Parod ("we", "us", "our") collects, uses, stores, and protects your personal data when you use parod.io. It also explains the cookies and similar technologies we use. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
Data controller: Druidic Limited, trading as Parod
Contact / Data protection enquiries: hello@parod.io
1. What data we collect
Account data
- Email address (required to create an account)
- Display name and professional details (current role, target role, focus areas) you provide during onboarding
Usage data
- Your written responses to practice questions
- AI-generated feedback and scores associated with your sessions
- Session history and progress metrics
Technical and operational data
- IP address and browser/device information (including user-agent) collected automatically when you connect
- Operational telemetry: performance metrics, request traces, and error reports we use to keep the service reliable and secure. Error and reliability monitoring runs for all users; performance and product-usage analytics run only with your consent (see Section 8)
Payment data
- If you subscribe to Pro, payment is handled by Stripe. We store only your Stripe customer ID — we never see or store your full card details.
2. How we use your data and our lawful basis
| Purpose | Lawful basis |
|---|---|
| Providing the coaching service | Contract |
| Sending practice questions by email | Contract |
| Processing AI evaluation of your responses | Contract |
| Billing and subscription management | Contract |
| Monitoring reliability, errors, and information security | Legitimate interest |
| Detecting abuse and fraud | Legitimate interest |
| Product and performance analytics | Consent |
| Complying with legal obligations | Legal obligation |
Where we rely on legitimate interest for reliability, security, and error monitoring, we have carried out a balancing assessment and consider this proportionate and within your reasonable expectations as a user of an online service. You can object to this processing at any time (see Section 7).
Where we rely on consent (analytics and performance cookies/storage), you can give, refuse, or withdraw it at any time without affecting the service (see Section 8).
3. AI processing
Your written responses are sent to Anthropic (our AI provider) for evaluation. Anthropic processes this data under their commercial API terms and does not use API inputs to train their models. We do not send personally identifying information (such as your name or email) alongside your responses. Evaluation is assistive feedback only and is not used to make any decision producing legal or similarly significant effects about you.
4. Data sharing and processors
We share data only with the following processors and service providers, each operating under a data processing agreement:
- Anthropic — AI evaluation of responses
- Supabase — Database hosting and authentication (EU/London region)
- Stripe — Payment processing
- Resend — Transactional email
- PostHog — Product analytics (EU-hosted; consent-based — see Section 8)
- Honeycomb — Application performance monitoring and error tracking (EU-hosted)
- Cloudflare — Hosting, CDN, and edge security
We do not sell your data, and we do not share your data with advertisers.
5. International transfers
We host data in the UK/EU wherever we can. Some of our processors are US-headquartered (including Anthropic, Stripe, PostHog, Honeycomb, and Cloudflare), and their staff may access data from outside the UK/EU. Where personal data is transferred outside the UK, we rely on appropriate safeguards — the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses — together with a transfer risk assessment, as required by UK GDPR.
6. Data retention
- Account data: retained while your account is active and for 30 days after deletion
- Session history and responses: deleted within 30 days of account deletion
- Payment records: retained for 7 years to meet legal obligations
- Operational telemetry (performance traces, error reports): automatically deleted within 60 days
Telemetry held by Honeycomb is operational and pseudonymous (keyed to a random account identifier, not your name or email) and is removed by this time-based expiry rather than by individual deletion.
7. Your rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you
- Rectification of inaccurate data
- Erasure ("right to be forgotten") — request account deletion from your settings page
- Restriction of processing in certain circumstances
- Portability — request a copy of your data in a structured, machine-readable format
- Object to processing based on legitimate interest (including our reliability and security monitoring)
- Withdraw consent at any time where processing is based on consent (such as analytics cookies) — see Section 8
To exercise any of these rights, email hello@parod.io. We will respond within one month. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, though we'd appreciate the chance to address your concerns first.
8. Cookies and similar technologies
We use cookies and browser storage (localStorage and sessionStorage) for two distinct purposes. Under PECR, strictly necessary technologies do not require consent, while everything else requires your prior opt-in consent.
Strictly necessary (always on, no consent required)
| Technology | Type / storage | Purpose |
|---|---|---|
| Supabase authentication | Cookie | Keeps you securely signed in across pages |
parod_cookie_consent |
localStorage | Remembers your cookie choice (and its version) |
We also run error and reliability monitoring for all users. This is storage-free — it uses no cookies, localStorage, or sessionStorage — and captures crash and error details (with secrets removed) to keep the service working. Because it neither stores nor reads information on your device, it falls outside PECR consent and runs under legitimate interest.
Analytics and performance (only with your consent)
These are loaded only after you select "Accept" on our cookie banner:
| Technology | Type / storage | Purpose |
|---|---|---|
| PostHog | Cookies / localStorage | Product analytics: which features are used, so we can improve Parod (EU-hosted; inputs and text are masked) |
| Honeycomb Web SDK | sessionStorage | Performance monitoring (Core Web Vitals, page timings) using a short-lived session identifier to group your interactions during a visit |
If you decline, none of the analytics or performance technologies load, and no analytics cookies or storage identifiers are set. Declining does not affect your ability to use Parod.
Changing or withdrawing your consent
You can change your choice at any time using the "Cookie preferences" link in the site footer. This clears your stored choice, stops any running analytics immediately, and re-displays the consent banner so you can make a fresh decision.
If we materially change the cookies or storage we use, we increment the version recorded with your consent. Your previous choice is then treated as expired, and the banner automatically reappears so we can obtain your consent again for the updated use.
9. Security
We use industry-standard security measures including encrypted connections (HTTPS), row-level security on our database, scoped access controls, and minimisation of the data sent to our monitoring tools. No system is completely secure — if you have concerns, contact us at hello@parod.io.
10. Children
Parod is intended for working and aspiring software professionals and is not directed at children under 16. We do not knowingly collect data from children.
11. Changes to this policy
We may update this policy periodically. We will notify you of material changes by email and, where the change affects cookies or storage, by re-requesting your consent via the banner. The date at the top of this page reflects when it was last updated.
Contact
For privacy questions or to exercise your rights: hello@parod.io