Privacy Policy

This Privacy Policy explains how EBAT (Engineering Blogs and Tutorials) ("EBAT," "we," "us," or "our") collects, uses, shares, and protects personal information when you visit https://ebat.dev, create an account, or interact with our services.

This policy is designed to meet common requirements for website compliance, OAuth application verification (including Google, GitHub, LinkedIn, Discord, and X/Twitter developer programs), and general data protection expectations. It should be read together with our Terms of Service.

EBAT is the controller of personal information processed through the Service. For privacy-related requests, contact [email protected].

Account and profile information

• Name, email address, username, password (hashed for email accounts), profile photo, bio, job title, company, years of experience, and external profile links you choose to provide
• Account role, karma points, account status, and moderation records (including bans)

Authentication and session data

• Session tokens, login timestamps, IP address, browser user agent, and impersonation records when administrators act on your account for support or moderation
• OAuth account identifiers, access tokens, refresh tokens, ID tokens, scopes, and token expiry dates when you sign in with Google, GitHub, or LinkedIn
• Email verification and password reset tokens

User-generated content and activity

• Posts, comments, votes, bookmarks, follows, completion status, challenge submissions, uploaded images and videos, and moderation logs
• Post view counts and engagement metrics
• Search queries and feed interactions processed by the Service

Technical and device data

• Browser type, device information, operating system, referring URLs, and pages viewed
• Cookies and similar technologies used for authentication, preferences, analytics, and error monitoring
• Client-side draft content stored in your browser local storage (including editor drafts and playground code)

We use personal information to:

• Provide, maintain, and improve the Service
• Create and manage accounts and authenticate users
• Send transactional emails (verification, password reset)
• Display and distribute user-generated content to the community
• Operate moderation, approval workflows, karma, roles, and admin tools
• Store and deliver coding challenge submissions
• Measure performance, diagnose errors, and prevent abuse
• Enforce our Terms of Service and protect users and the platform
• Comply with legal obligations and respond to lawful requests

We do not sell your personal information. We do not use your data for unrelated third-party marketing without your consent.

Where applicable under laws such as the GDPR, we process personal information based on:

• Contract: to provide the Service you request
• Legitimate interests: security, analytics, fraud prevention, and platform improvement
• Consent: where required for optional features or cookies beyond what is strictly necessary
• Legal obligation: when required by applicable law

We may share information with:

• Service providers that help us operate EBAT, including hosting (Vercel), database (PostgreSQL), caching and rate limiting (Upstash Redis), object storage (AWS S3 / Cloudflare R2 at storage.ebat.dev), email delivery (Novu), workflow automation (Upstash QStash), and error monitoring (Sentry)
• OAuth providers when you choose social login (Google, GitHub, LinkedIn)
• Analytics providers including Microsoft Clarity and Google (Google Ads conversion tracking)
• Other users when you publish public content or profile fields visible on the platform
• Authorities when required by law or to protect rights, safety, and security

Third-party processors are authorized to use data only as needed to provide services to EBAT and are expected to maintain appropriate security measures.

When you sign in with Google, GitHub, or LinkedIn, we receive information from those providers according to the permissions you grant. Typically this includes your name, email address, profile picture, and provider account identifier. We store OAuth tokens securely to maintain your session and linked accounts.

EBAT may also operate or register applications on third-party developer platforms (including Discord, X/Twitter, Google, GitHub, and LinkedIn). When you authorize such applications, we access only the data and scopes disclosed at authorization time and use that data solely for the stated integration purpose.

Community links to Discord and GitHub on our site do not automatically share your EBAT account data with those platforms unless you separately choose to connect or join them.

We use cookies and similar technologies for:

• Essential cookies: authentication sessions, including cross-subdomain cookies on ebat.dev in production
• Preference cookies: theme selection (light/dark mode)
• Analytics cookies: Microsoft Clarity (session recordings and usage analytics)
• Advertising/measurement cookies: Google Ads conversion tracking (gtag)
• Monitoring cookies/scripts: Sentry error tracking and session replay on a sampled basis

You can control cookies through your browser settings. Disabling essential cookies may prevent you from signing in. Where required by law, we will obtain consent before using non-essential cookies.

We store certain data locally in your browser, including post editor drafts and playground code templates keyed by post and challenge identifiers. This data remains on your device unless you clear browser storage or submit content to our servers.

Coding challenges execute locally in your browser using StackBlitz WebContainer. Code and terminal output during an active session are processed on your device. When you submit a solution, your code and submission metadata are transmitted to and stored on EBAT servers.

Our editor may offer AI-assisted writing tools. When you use these features, selected text and relevant editor context may be sent to external AI service providers for processing. Do not submit sensitive personal data or confidential information through AI features.

Authorized administrators and moderators may access user data to review content, enforce policies, investigate abuse, manage roles, ban accounts, revoke sessions, and provide support. Administrators may impersonate user accounts for legitimate operational purposes; such actions are logged through session metadata.

We retain personal information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our policies.

• Account data persists until you or an administrator deletes it
• Sessions expire according to session settings and may be revoked
• Search and comment caches are stored temporarily (for example, up to several hours)
• Analytics and error monitoring data retention is governed by third-party provider policies (Clarity, Google, Sentry)

We implement administrative, technical, and organizational measures to protect personal information, including encrypted transport (HTTPS), access controls, rate limiting, and secure credential handling. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

EBAT may process and store information in countries other than your own, including where our service providers operate. When we transfer data internationally, we take steps designed to ensure appropriate safeguards consistent with applicable law.

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Request deletion of your account and associated data
• Object to or restrict certain processing
• Withdraw consent where processing is consent-based
• Request a portable copy of your data
• Lodge a complaint with a supervisory authority

To exercise these rights, email [email protected]. We may need to verify your identity before fulfilling requests. Some information may be retained as required by law or for legitimate business purposes.

You can update profile information in your account settings. You can revoke OAuth access through the provider's account permissions page and unlink accounts where supported.

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will take steps to delete it.

Residents of certain U.S. states may have additional privacy rights, including the right to know, delete, and opt out of certain processing. EBAT does not sell personal information. To submit a privacy request, contact [email protected].

We may update this Privacy Policy from time to time. We will revise the "Last updated" date when changes are posted. Material changes may be communicated through the Service or by email where appropriate.

For privacy questions or requests:

• Email: [email protected]
• Legal: [email protected]
• Website: https://ebat.dev
• Discord: https://discord.gg/UKNCtK7Y5x