Legal

Privacy Policy

Last updated: June 12, 2026

Blacksmith Experience (“Blacksmith,” “we,” “us”) is a product that puts you on a real engineering team and credentials your growth. That work is only useful if you trust us with the details we need to make it work — so this page explains exactly what we collect, why we collect it, and what you can do about it.

If something here is unclear, write to hello@blacksmithexp.dev and a person will answer.

01

Summary in plain English

  • We collect what we need to run the product — your account, the work you do, and basic technical signals to keep it secure.
  • We don't sell your data. We never trade personal data for money, ad targeting, or partnerships.
  • You can see, export, or delete your data at any time. Email us and we'll handle it within a reasonable window.
  • Your code and credentials live with you. The verified history we create is on your GitHub — yours to keep, share, or walk away with.
02

Information we collect

We collect three kinds of information:

Information you give us. Your name, email, organization (if applicable), and anything you put into the product — your repository links, ticket descriptions, pull-request content, messages, and calls with the AI engineering team.

Information from connected services. When you connect a GitHub account, we receive the metadata GitHub provides (username, public profile, and access to the repositories you explicitly authorize). We never read repositories you did not connect.

Information we collect automatically. Standard product telemetry — IP address, device type, browser, pages visited, actions taken — used to run, debug, and secure the service. No third-party advertising trackers.

03

How we use your information

We use your information to:

  • Run the product — create accounts, host sprints, deliver code reviews, log observations against your level.
  • Generate the credential evidence — pull requests, reviews, and standup decisions that back your L1–L5 level.
  • Communicate with you about your account, your sprints, and product changes that affect you.
  • Improve the experience — debug issues, prevent abuse, and refine the AI agents' behavior.
  • Comply with legal obligations when required.

We do not use your content to train third-party foundation models. AI agents we host operate over your work to deliver the product — they do not push your data back into public training corpora.

04

How we share your information

We don't sell your data, and we don't share it with advertisers. We share information only in these narrow cases:

  • Service providers we rely on to host, secure, and operate Blacksmith (e.g. cloud hosting, email delivery, payment processing). They're bound by contract to use the data only for those purposes.
  • Institutions you join through. If you joined via a school or bootcamp partner, that institution sees your progress, evidence, and level — the same way an employer sees an apprentice's review history.
  • Anything you explicitly choose to make public — your GitHub profile, your shareable credential URL, your portfolio.
  • Legal requirements. If we receive a binding legal request, we will comply only to the extent required and tell you whenever we are allowed to.
05

Cookies & analytics

We use a small set of first-party cookies for session authentication, theme preferences, and product analytics. We do not use third-party advertising cookies or cross-site trackers.

You can clear cookies in your browser at any time. Signed-out analytics use a privacy-respecting tool that records aggregate behavior, not personal profiles.

06

Data retention

We keep your account data for as long as your account is active. If you close your account, we delete personal data within 90 days, except where we are legally required to retain it (e.g. financial records).

Your public GitHub history — your shipped code, the PRs you opened, the reviews you received — lives on your GitHub and is yours regardless of whether you stay on Blacksmith.

07

Your rights

Wherever you live, you can ask us to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate or outdated information.
  • Delete your account and associated personal data.
  • Export your data in a portable, machine-readable format.
  • Object to specific uses or withdraw consent where we rely on it.

Email hello@blacksmithexp.dev and we will respond within a reasonable window — usually under 30 days.

08

Security

We protect your account with encryption in transit, encryption at rest for sensitive fields, scoped access tokens, audit logging, and regular security reviews. No system is perfectly secure, but we take this seriously and will notify affected users promptly if a breach occurs.

09

Children's privacy

Blacksmith Experience is built for people aiming at an engineering career and is not directed at children under 13 (under 16 in the European Economic Area). We do not knowingly collect data from children — and if you believe a child has provided us data, write to us and we will delete it.

10

International transfers

Blacksmith is built for the world. Your data may be processed in the country where you signed up, where our service providers operate, or where our team works. We use standard contractual clauses and equivalent legal mechanisms when transferring personal data across borders.

11

Changes to this policy

We update this policy when we change how we handle data. Material changes are announced in-product and via email; minor edits get a new "last updated" date. Past versions are available on request.

12

How to contact us

Privacy questions, data requests, or anything else covered here: hello@blacksmithexp.dev.

For everything else, our contact page will route you to the right person.

Blacksmith Experience
Built for the world.