Privacy Policy

HeroTerminal.com (“HeroTerminal”, “we”, “our”) operates the heroterminal.com website, the app.heroterminal.com application, and the HeroTerminal API. This policy explains what data we collect and how it is used.

Data we collect

• OAuth (GitHub/Google): If you sign in, we store your public GitHub or Google ID, username, avatar URL, and a hash of your access token (never the token itself).
• Hero progress: Completed Leads, Reputation, and HeroCert metadata. Anonymous sessions live only in memory and never hit our database.
• Telemetry: Minimal logs (IP, user-agent, request path) for abuse prevention. Logs roll after 30 days.
• UX Analytics: We use Microsoft Clarity to collect non-personal session data, including heatmaps and session recordings, for the sole purpose of improving our interface and user experience.

How we use data

Data powers the in-browser simulator, leaderboards, HeroCert verification, and API security. We never sell your data to third parties.

Cookies

hero_session (anonymous) and hero_user (signed OAuth ID) are HMAC-signed cookies served directly by our API. Apart from the embedded Microsoft Clarity script for UX analytics, no other third-party trackers are embedded on app.heroterminal.com.

Your rights

EU/EEA and California residents can request data export or deletion by emailing privacy@heroterminal.com. Please include the GitHub or Google username tied to your HeroTerminal account.