Privacy Policy

Effective July 17, 2026

This Privacy Policy explains how TableHQ LLC ("Company", "we", "us", or "our") collects, uses, discloses, and retains personal information when you use Makefile FYI at makefile.fyi, including the course and related account and billing services (together, the "Services").

TableHQ LLC is responsible for the personal information described in this policy. Questions and privacy requests may be sent to support@makefile.fyi.

This policy is a notice about our practices, not a contract requiring you to waive a privacy right. Depending on where you live, applicable law may give you additional rights.

1 Scope

This policy applies to personal information we process through the Services, including information associated with free accounts, paid passes, lifetime access, and legacy subscriptions. It does not govern a third-party website or service that has its own privacy policy.

The source-code snapshots displayed in the course are public learning material. They are not populated with learner data.

2 Information we collect

2.1 Account and profile information

When you create or use an account, we collect:

  • Your email address.

  • A profile name if you choose to provide one. You may skip the name field.

  • Internal user and organization identifiers, account creation and update times, and generated avatar colors.

  • The login method used, such as email verification or Google, and records needed to authenticate and secure your session.

If you choose Google sign-in, we request the openid and email scopes. We receive your email address and authentication information needed to complete sign-in. We do not request access to your Google contacts, files, or password.

For email sign-in, we send a time-limited verification code and magic link. We do not ask you to create or store a Makefile FYI password.

2.2 Purchase and access information

When you start or complete a purchase, we and Stripe process information such as:

  • Your email address and Stripe customer identifier.

  • Checkout session, payment intent, subscription, invoice, and price identifiers, as applicable.

  • The course, offer, purchase type, unit quantity, price, currency, subtotal, total, payment status, and payment time.

  • Your temporary access expiration, units credited toward lifetime access, locked pricing terms, lifetime-access status, and legacy subscription status.

Stripe collects payment-card, billing, fraud-prevention, and other checkout information directly on its hosted page. We do not store your full card number or card security code in our application database. Stripe may provide us with limited payment details and transaction results needed to manage access, support, refunds, disputes, and accounting.

An organization-level Stripe customer may be reused for multiple courses sold through Makefile FYI, while each course keeps its own purchase and access records.

2.3 Communications

We collect the information you include when you contact support, report an error, request a refund or privacy action, or send feedback. This may include your email address, message, attachments, and our response history.

We also process your email address and message-delivery information when sending authentication, welcome, purchase, access, security, or support messages.

2.4 Technical and usage information

When a browser requests the Services, our systems and infrastructure providers may process technical information needed to deliver and protect the site. This can include your IP address, browser and device type, operating system, requested URL, referring URL, request time, response status, and security or error information.

We also process limited preferences such as color scheme, selected theme, and time zone so pages render appropriately. We do not currently use third-party advertising or behavioral analytics on Makefile FYI.

2.5 Lesson completion and resume state stored on your device

The course stores completed lesson identifiers and the most recently visited core lesson in your browser's local storage under makefile-fyi:course-progress. The course-progress feature does not send that completion record to us or synchronize it with your account. It remains on the device and browser profile where it was created until you clear site data.

Ordinary requests for lesson pages may still appear in the technical records described in Section 2.4. Those requests do not tell us whether you marked a lesson complete in local storage.

3 Sources of information

We collect information:

  • Directly from you, when you enter an email address or name, make a purchase, or contact us.

  • From your browser or device, when it requests a page, stores a preference, or sends technical information through standard web protocols.

  • From Google, if you choose Google sign-in.

  • From Stripe, when it creates a customer, processes checkout or a legacy subscription, and sends us transaction and account-status events.

  • From service providers, when they return delivery, security, error, or support information needed to operate the Services.

4 How we use information

We use personal information to:

  1. Create, authenticate, secure, and support your account.
  2. Deliver free and paid course material and remember account-level access.
  3. Process purchases, credit access units, grant passes or lifetime access, maintain locked offer terms, and administer legacy subscriptions.
  4. Send verification, purchase, access, security, welcome, and support messages.
  5. Diagnose errors, prevent fraud and abuse, enforce our Terms of Service, and protect users and the Services.
  6. Understand aggregate demand, maintain reliability, and improve course and account features without using cross-site behavioral advertising.
  7. Keep business, tax, accounting, and transaction records and comply with legal obligations.
  8. Establish, exercise, or defend legal claims and respond to lawful requests.

We do not use your personal information to make solely automated decisions that produce legal or similarly significant effects for you. Stripe and other providers may independently use automated systems for payment security or fraud prevention under their own policies.

5 Cookies and local storage

We use first-party cookies and browser storage for the following purposes:

  • en_session keeps you signed in, carries short-lived authentication state, and protects account flows. It is an essential, HTTP-only session cookie.

  • en_theme remembers a theme you select. CH-prefers-color-scheme and CH-time-zone remember device preferences so server-rendered pages match your browser.

  • makefile-fyi:course-progress in local storage remembers the device-only course progress described in Section 2.5.

You can block or delete these through your browser. Blocking an essential session cookie prevents sign-in, and deleting browser storage resets the preferences or local course progress stored there.

Stripe, Google, or another third party may use cookies on pages it controls when you choose to interact with it. Its policy governs those cookies.

We do not currently use advertising cookies or sell or share browser activity for cross-context behavioral advertising. Because there is no such sale or sharing to opt out of, a Global Privacy Control signal does not change how the Services operate. We do not respond differently to the older “Do Not Track” browser signal, for which there is no uniform industry standard.

6 How we disclose information

We do not sell or rent personal information. We do not share it for cross-context behavioral advertising. We may disclose information in the following circumstances.

6.1 Service providers

Providers process information as needed to perform services for us, including:

  • Stripe for customer records, hosted checkout, payment processing, billing management, fraud prevention, and transaction events. See Stripe's Privacy Center.

  • Google for optional OpenID Connect sign-in that you initiate. See Google's Privacy Policy.

  • Purelymail for delivery and receipt of authentication, account, and support email. See Purelymail's Privacy Policy.

  • Hosting, database, network, security, backup, and software providers that help us operate and protect the Services.

These providers may process technical and account information in the countries where they operate. Their own policies may apply when they act independently, such as when Stripe assesses payment fraud or Google administers your Google account.

6.2 Legal, safety, and business purposes

We may disclose information:

  • To comply with law, regulation, subpoena, court order, or another valid legal process.

  • To protect the rights, safety, security, and property of users, the Company, service providers, or the public, including investigating fraud or abuse.

  • To professional advisers such as lawyers, accountants, auditors, or insurers where reasonably necessary and subject to appropriate duties of confidentiality.

  • In connection with a financing, merger, acquisition, reorganization, bankruptcy, sale of assets, or similar transaction, subject to applicable law and appropriate protection of the information.

  • At your direction or with your consent.

We may use and disclose information that has been aggregated or de-identified so it cannot reasonably be linked to you. We do not attempt to re-identify it except to test whether de-identification measures work or as permitted by law.

7 Legal bases for processing

Where applicable law requires a legal basis, we rely on:

  • Contract, to create your requested account, authenticate you, provide course access, process purchases, and respond to support requests.

  • Legitimate interests, to secure and improve the Services, prevent fraud, maintain records, communicate about the Services, and establish or defend legal claims, where those interests are not overridden by your rights.

  • Legal obligations, including tax, accounting, consumer-protection, payment, and lawful disclosure requirements.

  • Consent, when we specifically ask for it. You may withdraw consent at any time for future processing, without affecting processing that was lawful before withdrawal.

8 Retention

We retain information only for as long as reasonably necessary for the purposes described in this policy. The period depends on the type of information and why we hold it:

  • Account and access records generally remain while your account is open so we can authenticate you and honor passes, credited units, locked pricing, and lifetime access. Pass expiration does not delete purchase progress.

  • Purchase, payment, entitlement, refund, and dispute records may remain for the life of the account and afterward for applicable tax, accounting, contract, fraud-prevention, and legal limitation periods.

  • Authentication, security, request, and error records are kept for the shorter period reasonably needed to operate, diagnose, and protect the Services, unless an incident or legal obligation requires longer retention.

  • Support and other communications remain for as long as needed to resolve the request, maintain an appropriate business record, or address a dispute.

  • Device-only course progress remains until you clear it; we cannot delete local storage on a device we do not control.

Backups and provider systems may retain residual copies for a limited period after deletion. We may retain information longer where law requires it or where reasonably necessary for a legal claim, security investigation, or fraud-prevention purpose.

9 International processing

We and our providers may process information in the United States and other countries whose laws may differ from those where you live.

Where applicable law requires a transfer mechanism or safeguard for personal information sent across borders, we use an available lawful mechanism and take appropriate steps to protect the information. You may contact us for more information about safeguards relevant to your information.

10 Security

We use reasonable administrative, technical, and organizational measures designed to protect personal information. These include access controls, secure authentication-cookie settings in production, transport security, restricted credentials, and payment collection through Stripe rather than our own card form.

No internet transmission, storage system, or security measure is perfectly secure. We therefore cannot guarantee absolute security. If you believe your account or information has been compromised, contact us promptly and avoid sending sensitive payment data by email.

11 Your rights and choices

Depending on where you live and subject to legal exceptions, you may have the right to:

  • Know whether we process your personal information and access or receive a copy of it.

  • Correct inaccurate personal information.

  • Delete personal information.

  • Receive information you provided in a portable format.

  • Restrict or object to certain processing.

  • Withdraw consent for future processing where consent is the legal basis.

  • Opt out of a sale, cross-context behavioral advertising, or certain profiling. We do not currently conduct those activities.

  • Receive equal service and not be discriminated against for exercising an applicable privacy right.

To make a request, email support@makefile.fyi, preferably from the address associated with your account, and describe the request. We may ask for information reasonably needed to verify your identity and protect the account. An authorized agent may submit a request where applicable law permits, but we may need proof of authority and verification from you.

We will respond within the period required by applicable law. Some information may be exempt from a request, and deleting necessary account or access records may require closing the account. If we deny a request, we will explain why and provide an appeal method when required. You may also lodge a complaint with the privacy or data-protection authority where you live.

11.1 U.S. state disclosures

For U.S. state laws that use defined categories, we may have collected the following during the preceding 12 months:

  • Identifiers, such as email address, name, IP address, internal IDs, and Stripe IDs.

  • Commercial information, such as purchases, prices, amounts, access units, and legacy subscription records.

  • Internet or electronic activity, such as requested pages, browser data, preferences, and security or error events.

  • Inferences, limited to access status and purchase progress calculated from transaction records. We do not use these to infer sensitive personal characteristics.

We collect these categories from the sources in Section 3, use them for the purposes in Section 4, and disclose them to the provider and legal-recipient categories in Section 6. We have not sold these categories or shared them for cross-context behavioral advertising, and we do not knowingly sell or share the personal information of people under 16.

12 Children's privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child under 13 has provided personal information, contact us so we can investigate and delete it where required.

Users between 13 and the age of majority must have a parent or legal guardian review and agree to the Terms of Service, and an adult must authorize any purchase.

13 Third-party links

Course material and source snapshots link to documentation, repositories, and other websites we do not control. Visiting a link may allow that third party to receive information such as your IP address and referring page. Review its privacy policy before providing information. We are not responsible for a third party's privacy, security, or content.

14 Changes to this policy

We may update this policy as the Services, providers, or legal requirements change. The date at the top identifies the current version. If a change materially affects how we use information already collected, we will provide reasonable notice through the Services or by email when required by law.

15 Contact

The organization responsible for this policy is TableHQ LLC.

For privacy questions or requests, email support@makefile.fyi.