Legal

Privacy Policy

Last updated July 10, 2026

This Privacy Policy explains how Levelly(“Levelly”, “we”, “us”, or “our”) collects, uses, stores, and shares information when you use level.lyand related services (the “Service”).

Levelly is currently operated under the Levelly name. We may update this policy with full legal company details when the Service begins public paid operation or when the operating entity changes.

Privacy questions or requests: support@level.ly

1. Information we collect

Account information

When you sign up, we collect your email address and password. We do not store plain-text passwords.

If you use Google sign-in, we receive basic profile information from Google as permitted by your Google account settings.

Learning data

We store information needed to provide the learning experience, including:

  • lesson progress;
  • code submissions;
  • code run results;
  • tutor conversations;
  • onboarding answers and learning preferences;
  • course and exercise state.

Anonymous users may have some learning data stored locally in the browser. Signed-in users may have this data synced to our servers.

Payment information

Subscriptions are processed by Stripe. We may receive billing status, customer identifiers, subscription status, plan information, and payment-related metadata from Stripe.

We do not store full payment card numbers on our servers.

Usage and technical data

We collect information needed to operate, secure, debug, and improve the Service, such as:

  • IP address;
  • browser and device information;
  • session and authentication data;
  • API request logs;
  • code execution logs;
  • error logs;
  • rate-limit and abuse-prevention signals.

We use this information to enforce usage limits, prevent abuse, diagnose issues, and maintain the reliability of the Service.

2. How we use information

We use the information we collect to:

  • provide, maintain, and improve the Service;
  • authenticate users and manage accounts;
  • save lesson progress and learning preferences;
  • run submitted code in an isolated execution environment;
  • evaluate lesson checks and code results;
  • power the AI tutor with context about the current lesson, submitted code, recent run results, and relevant conversation history;
  • process subscriptions and billing-related communications;
  • send verification, password-reset, account, billing, and other transactional emails;
  • manually review learning data — including lesson progress, code submissions, run results, and tutor conversations — for quality assurance, support, and debugging purposes; such review is limited to authorized personnel and performed over secure, access-controlled methods;
  • enforce our Terms of Use;
  • detect, prevent, and respond to abuse, fraud, security risks, and technical problems;
  • comply with legal, accounting, tax, and regulatory obligations where applicable.

3. Legal bases for processing

Where applicable data protection law requires a legal basis, we process personal data on the following bases:

  • Contract: to create and manage accounts, provide lessons, save progress, run code, provide tutor features, and process subscriptions.
  • Legitimate interests: to secure the Service, prevent abuse, enforce usage limits, diagnose technical issues, improve reliability, and understand how the Service is used.
  • Consent: where we ask for optional permissions or use optional cookies or similar technologies.
  • Legal obligations: where we need to retain records for tax, accounting, billing, dispute, compliance, or legal purposes.

4. AI and third-party providers

The AI tutor uses third-party AI infrastructure to generate responses.

Tutor messages, lesson context, submitted code, run results, and related technical context may be sent to AI infrastructure providers. We currently route AI requests through OpenRouter, which may forward requests to selected model providers.

Provider availability, routing, and data handling settings may change over time. We aim to send only the context needed to provide the tutor feature and avoid sending unnecessary account or billing information.

You should not submit secrets, API keys, passwords, private credentials, confidential business information, or sensitive personal data into the tutor, lesson answers, or code editor.

Other third-party providers may include:

  • Stripe for payments and subscriptions;
  • Resend for transactional email;
  • hosting, database, logging, and infrastructure providers;
  • code execution infrastructure used to run submitted code.

Each provider processes data according to its own policies and our agreements with them. We share only what is reasonably necessary for each service to function.

5. Code execution

When you run code in the Service, the submitted code and related execution context are sent to our code execution infrastructure.

We may store submitted code, execution results, logs, error messages, timing information, and other technical data needed to provide feedback, debug issues, prevent abuse, and improve the Service.

Code execution is intended for learning and testing purposes only. Do not submit malicious code, secrets, credentials, or sensitive data.

6. Cookies and local storage

We use session cookies to keep you signed in and to operate the Service.

We may also use browser local storage for:

  • theme preference;
  • anonymous progress;
  • editor state;
  • onboarding state;
  • similar client-side preferences and learning state.

You can clear cookies and local storage in your browser settings. Doing so may sign you out or reset local progress for anonymous sessions.

7. Data retention

We retain account and learning data for as long as your account is active or as needed to provide the Service.

If you delete your account or request deletion, we will delete or anonymize associated personal data within a reasonable period, except where we need to retain information for legal, security, billing, tax, accounting, fraud-prevention, or dispute-resolution purposes.

We may retain technical logs for a limited period to maintain security, investigate abuse, debug errors, and protect the Service.

8. Your privacy rights

Depending on where you live, you may have the right to request:

  • access to your personal data;
  • correction of inaccurate personal data;
  • deletion of personal data;
  • restriction of processing;
  • objection to processing;
  • a copy of your data in a portable format;
  • withdrawal of consent, where processing is based on consent.

You may exercise these rights by contacting support@level.ly.

We may need to verify your identity before fulfilling a request.

If you are located in the EU or EEA, you also have the right to lodge a complaint with your local data protection authority.

9. Children

The Service is not directed at children under 13, and we do not knowingly collect personal information from children under 13.

If you are under 18, you may use the Service only with permission from a parent or guardian.

If you believe a child has provided us personal information, contact us at support@level.ly and we will take appropriate steps to delete it.

10. Security

We use reasonable technical and organizational measures to protect your information.

However, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

You are responsible for keeping your login credentials secure and for avoiding the submission of secrets, passwords, private keys, API keys, or other sensitive credentials into the Service.

11. International data transfers

Some of our service providers may process personal data outside your country, including outside the EU or EEA.

Where required, we use appropriate safeguards such as data processing agreements, standard contractual clauses, or other lawful transfer mechanisms.

12. Changes to this policy

We may update this Privacy Policy from time to time.

When we make changes, we will post the revised policy on this page and update the “Last updated” date. Material changes may also be communicated by email or in-app notice where appropriate.

Continued use of the Service after the updated policy takes effect means the updated policy applies to your use of the Service.

13. Contact

Privacy questions or requests: support@level.ly

Questions? support@level.ly

See also Terms of Use and Privacy Policy.