Privacy Policy

Last updated: May 2026

What We Collect

Cyber Command Center collects the minimum data needed to provide the service:

Account data — email address and display name when you create an account
Progress data — task completion status, study notes, and timer sessions
Authentication tokens — managed securely by Supabase

If you use guest mode, no personal data is collected. All data is stored locally in your browser.

How We Use It

Your data is used solely to save and sync your training progress across devices. We do not sell, share, or use your data for advertising.

Third-Party Services

Supabase — database and authentication (their privacy policy)
Google OAuth — optional sign-in (their privacy policy)

Data Storage

Account data is stored in a Supabase-managed PostgreSQL database with Row Level Security enabled. Each user can only access their own data.

Data Lifecycle

Guest mode - progress, notes, and study sessions stay in your browser local storage until you clear site data.
Signed-in mode - account, progress, notes, and session data stay in Supabase until you request deletion or the project owner removes the account.
Backups - deleted account data may remain in provider-managed backups for the provider's normal backup retention window.

Do not store passwords, API keys, client-private data, payment details, or live incident evidence in task notes.

Data Deletion

You can request deletion of your account and all associated data by contacting us. Guest mode data can be cleared by clearing your browser's local storage.

Security and Incidents

Security controls, known gaps, and reporting steps are documented in the Security Policy.

Contact

For privacy or deletion requests, email meidie@mdpstudio.com.au. For security issues, use the subject "Security report: Cyber Command Center".