EntrepreneurBible

Legal

Privacy policy

Last updated: May 18, 2026

This policy explains what data EntrepreneurBible (the Bible, we, us) collects when you use entrepreneurbible.net, why we collect it, how we store it, and the rights you have over it. We aim for the shortest readable privacy policy a serious operator would write.

What we collect

  • Account data: name, email, and (if you use the credentials sign-in) a securely hashed password. If you sign in with Google or GitHub we receive your name, email, and profile-image URL.
  • Usage data: the resources you bookmark, courses you enrol in, lessons you complete, notes you save, forum threads you post or follow, and votes you cast. This is the data that makes the product useful — without it we can't personalise anything.
  • Technical data: IP address (truncated), browser user-agent, and standard server logs. Used for security, debugging, and analytics in aggregate.
  • Cookies: a single session cookie (NextAuth.js) keeps you signed in. We do not use third-party advertising cookies. See Cookies below.

Why we collect it

  • To run the service you signed up for (contractual basis).
  • To send transactional email — sign-in links, replies you opted into, billing receipts (contractual basis).
  • To improve the product based on aggregate usage (legitimate interest).

Who we share it with

The minimum number of sub-processors needed to run the service:

  • Supabase — primary database (EU region).
  • Cloudflare — CDN, DNS, DDoS protection.
  • Resend — transactional email delivery.
  • Hetzner — application hosting (EU region).
  • Stripe — payments processing (when you purchase a paid course).

We sign a Data Processing Agreement with each. We do not sell personal data. We do not share it for advertising.

Where it lives

Application servers and the primary database are hosted in the European Union. Cloudflare serves traffic from the closest edge to you. Resend processes outbound email in the United States.

How long we keep it

As long as your account exists. If you delete your account, we delete your personal data within 30 days, except where law requires us to keep it (financial records typically 7 years).

Your rights

If you're an EU/UK resident under GDPR, you can:

  • Access the data we hold on you.
  • Correct inaccurate data.
  • Delete your account and data (right to be forgotten).
  • Export your data in a portable format.
  • Object to processing based on legitimate interest.

Email [email protected] with Privacy request in the subject. We respond within 30 days.

Cookies

We use exactly two cookies:

  • next-auth.session-token — keeps you signed in. Expires when you sign out or after 30 days of inactivity.
  • __Secure-next-auth.csrf-token — protects against CSRF on sign-in forms. Session-only.

Neither is used for tracking. We do not have any third-party analytics or advertising cookies. If we add analytics in the future, we'll use a privacy-respecting tool that doesn't set persistent identifying cookies, and we'll update this policy first.

Security

Passwords are hashed with bcrypt. Database connections are TLS-encrypted. The site runs behind Cloudflare with HSTS preload and TLS 1.2+ minimum. Backups are encrypted at rest in the EU.

Changes to this policy

When we materially change this policy we'll update theLast updated date at the top. For substantial changes we'll email you 14 days before they take effect.

Contact

Privacy questions: [email protected].