Cookies

We only use cookies to store temporary data, like whether you're currently logged in. Our cookies are encrypted, private, and cannot be used for cross-site tracking. We also use browser local storage to save anonymous settings, like what background color you use for simulations.

The following are the only third-parties that use cookies on our site, and they can't see you if you aren't logged in. Paddle, the service we use to process your payments, uses cookies when you pay for a membership or update your membership details. Vimeo, the service we use for some of our video content, uses cookies that are essential for the operation of their video player.

Your Personal Information

• To create an account, we need your email address.
• To join a team, we need your name and country so that team supervisors can manage your account.
• We record your IP address to measure site traffic, prevent fraud, and detect malicious usage.
• We generate additional information as you use the site, such as your payment history and learning history.

This information is visible to our staff, and you can update it by emailing us.

When your account is deleted, all the information we've collected about you is destroyed or becomes completely anonymous within 90 days.

To ensure we're storing as little personal information as possible, we automatically delete most accounts after 3 years of inactivity.

We use Paddle to process your membership payments. When you become a member, we give them your email address, and you give them your billing address, payment details, and other information, so that they can collect payments, send you receipts, handle returns, and process taxes. They retain some information indefinitely for tax purposes. You can learn more about the information collected, how it's stored, and how you can manage it, by reading their Privacy Policy.

Anti-Spam

We will only email you:

• to verify your email,
• to reset your password,
• to reply to your requests or inquiries,
• if you turn on specific email notifications,
• if there's an important update about your account or our service.

We use DMARC and other modern email technologies to fight spam.

Password Storage

Your password is never stored or logged. We cannot recover your password if you forget it.

We use BCrypt for one-way encryption, with a high cost factor.

Secure Communication

We use HTTPS secure connections between your browser and our servers, and between our backend services. We do everything we can to keep your data safe in transit.

3rd Parties

We use a small number of service providers to host LunchBox Sessions, store data, securely process payments, and communicate with you. We don't use any analytics, tracking, targeting, advertising, or remarketing integrations.

These services are responsible for transmitting, processing, and storing data for the essential operation of the site, and have access to the personal information you give to us:

• Heroku (a SalesForce company)
• Paddle

We use these services to host our learning content. They see your IP address, but no other personal info:

• Amazon AWS
• Vimeo

We use these services for communication with you. They have access to any information included in email messages to or from us, including your name and email address:

• Postmark by Wildbit
• Google
• Highrise
• Slack

If you have a question about these services, please email our support team at support@lunchboxsessions.com.

Responsible Disclosure

If you discover a vulnerability in LunchBox Sessions, let us know via support@lunchboxsessions.com or team@cdiginc.com, and we will immediately work with you to address the issue.