Privacy Policy
Last Updated: April 11, 2026
Effective Date: April 11, 2026
This policy explains what information SDLC 101 collects, why it's collected, how it's used, and what rights you have regarding your data. This site is a small, instructor-run course platform — we collect only what's necessary to operate the course and communicate with prospective students.
01 Who we are
SDLC 101 is an instructor-led online course teaching the Software Development Lifecycle to beginner and junior developers. The course website is operated independently by Angel, a full-stack software engineer. The website is hosted at sdlc-dev.vercel.app and is not affiliated with any corporation or institution.
For the purposes of this policy, "we," "us," and "our" refer to the operator of SDLC 101. "You" refers to any visitor, waitlist applicant, or enrolled student who uses this website.
02 What data we collect
We collect personal data through two channels on this site:
A. Waitlist form
When you submit the waitlist form at /waitlist, we collect:
- Your full name
- Your email address
- Your stated reason for wanting to attend the course (free-text response)
- Submission of this form also involves a CAPTCHA bot-detection check via Cloudflare Turnstile (see Section 4). No submission is processed without passing this check.
B. Google sign-in (enrolled students)
Enrolled students sign in via Google OAuth 2.0 through NextAuth.js. During sign-in, we receive basic Google account information, which may include:
- Your display name
- Your Google account email address
- Your Google profile photo (if set)
- A unique Google account identifier
We do not request access to your Gmail, calendar, contacts, Google Drive, or any other Google service beyond basic profile identity. No Google services are used beyond the OAuth 2.0 sign-in flow.
C. Automatically collected data
Like most websites, our hosting provider (Vercel) may automatically collect technical data such as your IP address, browser type, operating system, and pages visited. This data is collected at the infrastructure level and is not actively used by us for marketing or tracking purposes.
03 How we use your data
| Data | Purpose | Legal basis |
|---|---|---|
| Waitlist name & email | To contact you when new course enrollment slots open | Your consent (form submission) |
| Waitlist reason text | To understand applicant backgrounds and improve curriculum fit | Legitimate interest |
| Google account info | To authenticate enrolled students and grant access to course content | Contractual necessity (course access) |
We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not use your data for automated profiling or decision-making.
04 Third-party services
This website relies on the following third-party services to function. Each has its own privacy policy governing how they handle data.
| Service | Purpose | Data involved |
|---|---|---|
| Vercel | Website hosting and deployment | IP address, request logs |
| Google OAuth 2.0 | Student authentication via NextAuth.js | Google account profile data (name, email, photo) |
| Cloudflare Turnstile | Bot protection on the waitlist form | Browser signals and IP (evaluated by Cloudflare; no personal data stored by us) |
We encourage you to review the privacy policies of these providers if you have concerns about how they handle data:
vercel.com/legal, vercel.com/legal/privacy-policy, cloudflare.com/privacypolicy
05 Data storage & retention
Waitlist submissions are stored securely and retained for as long as needed to manage future course enrollment rounds. Once you have been enrolled, declined, or have asked to be removed, your waitlist data will be deleted within a reasonable timeframe.
Authentication session data for enrolled students is managed by NextAuth.js and retained for the duration of your active enrollment and a reasonable period thereafter for record-keeping. You may request deletion at any time (see Section 7).
06 Cookies & tracking
This website does not use advertising cookies, analytics trackers, or third-party tracking pixels. The only cookies that may be set are:
- NextAuth.js session cookies — set to keep enrolled students signed in after Google OAuth authentication. These are essential for site functionality.
- Cloudflare Turnstile tokens — short-lived tokens used to validate your waitlist form submission as human-initiated.
We do not use Google Analytics, Facebook Pixel, or any similar behavioral tracking service on this site.
07 Your rights
Depending on your location, you may have the following rights regarding your personal data. We will make reasonable efforts to honor these requests in a timely manner:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate data
- Deletion — request deletion of your data (right to be forgotten)
- Withdrawal of consent — withdraw your waitlist submission at any time by contacting us
- Objection — object to certain uses of your data
To exercise any of these rights, contact us at the email address listed in Section 10. We do not require account creation to submit a rights request.
08 Children's privacy
SDLC 101 is intended for adult learners (18 years of age or older). We do not knowingly collect personal data from minors. If you believe a minor has submitted data through this site, please contact us immediately so we can remove it promptly.
09 Changes to this policy
We may update this privacy policy from time to time as the course or site evolves. When changes are made, the effective date at the top of this page will be updated. We encourage you to review this policy periodically. Continued use of the site after updates constitutes acceptance of the revised policy.
Significant changes that affect how we use your data will be communicated through the Announcements section of the website.
10 Contact us
For any privacy-related questions, data requests, or concerns, please reach out: