Privacy Policy
Last updated: March 25, 2026
YouBrokeProd is operated by Steven Leggett, based in Canada. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use youbrokeprod.com and related services (the "Service"). We are committed to protecting your privacy in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian privacy legislation.
By using the Service, you consent to the practices described in this policy.
1. Information We Collect
We collect the following categories of personal information:
Account information
When you create an account, we collect your email address and display name. If you authenticate through GitHub or Google OAuth, we receive your name, email address, and public profile information from that provider. We do not receive or store your OAuth provider passwords.
Game session data
We collect data about your interactions with the Service, including which scenarios you attempt, commands typed during simulation sessions, scores, completion times, hints used, and streak data. This information powers leaderboards, progress tracking, and scoring history, and is used to improve the simulation experience.
API key usage
If you generate an API key for MCP or programmatic access, we store a SHA-256 hash of the key - never the key itself in plain text. We also record the last-used timestamp associated with the hash.
Analytics data
We use PostHog to collect page views, feature usage events, session duration, and device and browser type. This data is used to understand how the product is used and to guide product improvements.
Payment information
Payments are processed entirely by Stripe. We do not store your card number, CVV, or full billing address. We receive from Stripe a customer ID, subscription status, and limited billing details such as the last four digits of your card.
Local storage
Some data, such as game progress for unauthenticated users, is stored locally in your browser and is never transmitted to our servers.
2. How We Use It
Under PIPEDA, we collect and use your personal information only for purposes that a reasonable person would consider appropriate. Specifically, we use your information to:
- -Create and manage your account
- -Provide the game experience: scoring, leaderboards, progress tracking, and incident history
- -Improve the product through usage analytics, feedback analysis, and identifying broken flows
- -Process payments and manage subscription status via Stripe
- -Send transactional communications (account verification, password resets, important service updates)
- -Send product updates and announcements via email (opt-in only - you can unsubscribe at any time)
- -Validate API keys for MCP and programmatic access
- -Detect and prevent fraud, abuse, and security incidents
- -Comply with legal obligations under Canadian law
We do not sell, rent, or trade your personal information to third parties.
3. Consent
By creating an account and using the Service, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.
You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. To withdraw consent, you may delete your account or contact us at contact@roboticforce.io. Withdrawing consent may affect our ability to provide you with certain features of the Service.
4. Third-Party Service Providers
We use the following third-party services to operate YouBrokeProd. These providers may process your personal information on our behalf and are contractually obligated to protect it.
Supabase
Authentication and user data storage. Processes your account credentials and session data. Privacy policy
Turso
Edge database storage. Stores structured game data to enable leaderboards and progress tracking. Privacy policy
PostHog
Product analytics. Collects page views, usage events, and device information. Privacy policy
Stripe
Payment processing. Handles all credit card data directly and is PCI-DSS compliant. Privacy policy
Resend
Transactional and notification email delivery. Privacy policy
Vercel
Hosting and edge infrastructure. May log request metadata as part of normal infrastructure operation. Privacy policy
Some of these providers may store or process data outside of Canada. We take reasonable steps to ensure that your information is protected in accordance with this Privacy Policy and applicable law wherever it is processed.
5. Data Storage and Security
We protect your personal information using physical, organizational, and technological security measures appropriate to the sensitivity of the information:
- -All data is transmitted over HTTPS (TLS).
- -Game data and user records are stored in Turso (edge SQLite) and Supabase.
- -API keys are stored as SHA-256 hashes only - the plain-text key is never persisted.
- -Access to production data is restricted to authorized personnel only.
- -Regular security reviews of our infrastructure and third-party providers.
6. Data Retention
We retain your personal information only as long as necessary to fulfil the purposes for which it was collected, or as required by law:
- -Account data is retained for as long as your account is active.
- -Game data and scores are retained for the lifetime of your account to support leaderboard and progress features.
- -Server logs and technical data are retained for up to 90 days for security and diagnostic purposes.
- -Payment records are retained as required by applicable tax and financial reporting laws.
When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.
6. Cookies and Tracking
We use cookies and similar local storage mechanisms to maintain your authentication session and to store game state in your browser. These are essential cookies required for the Service to function.
PostHog sets analytics cookies to track page views and product usage. You can opt out by enabling "Do Not Track" in your browser, or contact us and we will opt your account out of analytics collection.
We do not use third-party advertising cookies or sell data to ad networks.
You can configure your browser to refuse cookies, but doing so may prevent certain features of the Service from working correctly.
7. Your Rights (PIPEDA)
Under PIPEDA and applicable Canadian privacy legislation, you have the following rights:
- -Access the personal information we hold about you and receive an account of how it has been used and disclosed.
- -Request correction of any personal information that is inaccurate or incomplete.
- -Request deletion of your personal information, subject to legal requirements.
- -Withdraw your consent to the collection, use, or disclosure of your personal information.
- -File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.
To exercise any of these rights, contact us at contact@roboticforce.io. We will respond within 30 days, as required by PIPEDA.
8. Children's Privacy
The Service is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at contact@roboticforce.io and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we may also notify registered users by email. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.
10. Contact
For privacy questions, data access requests, or to report a concern, contact us at:
If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.