Privacy Policy

Effective Date: March 26, 2025
Last Updated: March 27, 2025

1. Introduction

Welcome to MuscleCode.io (the "Platform"), operated by Devostack OÜ ("we," "us," or "our"). We are developing a learning platform for software developers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website musclecode.io (the "Site") and participate in our private beta program (the "Service").

We are committed to protecting your privacy. This policy complies with the General Data Protection Regulation (GDPR - Regulation (EU) 2016/679) and relevant Romanian data protection laws.

Please read this Privacy Policy carefully. By accessing or using the Site or Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the Site or participate in the Service.

2. Data Controller

The data controller responsible for your personal data is:
Devostack OÜ
Registry country: Estonia
Registry code: 16260039
EU VAT number: EE102387294
Address: Sepapaja tn 6, 15551 Tallinn, Harju Maakond, Estonia
Contact: claudiu.bogdan@devostack.com

3. Information We Collect

We may collect information about you in a variety of ways. The information we may collect includes:

Personal Data:

Contact Information: When you sign up for the beta program, we collect personally identifiable information, such as your name and email address, necessary to grant you access and communicate with you. We may also collect information about your role (e.g., junior developer, team lead) or company if you provide it.

Usage Data:

Interaction Data: We automatically collect information about how you interact with the Service. This includes features you use, time spent on different parts of the platform, courses generated or undertaken, progress in coding challenges, chat history with AI models and the AI trainer, content you create (like notes, flashcards, algorithm entries), avatar progress, and feedback you provide.

Technical Data: We may collect information your browser sends whenever you visit our Site or use the Service, such as your computer's Internet Protocol (IP) address, browser type, browser version, the pages of our Site you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

Feedback Data: Any feedback, suggestions, or comments you provide voluntarily regarding the Service, whether through forms, surveys, emails, or interviews.

Cookies and Tracking Technologies: We may use cookies and similar tracking technologies (like web beacons and pixels) to track activity on our Site and Service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

4. How We Use Your Information

We use the information we collect for various purposes, based on legitimate interests, contractual necessity, and your consent:

To Provide and Maintain the Service (Contractual Necessity & Legitimate Interest):

  • To grant you access to the private beta.
  • To manage your account and provide customer support.
  • To personalize your learning experience (e.g., tailoring courses, providing relevant hints via the AI trainer).

To Improve the Service (Legitimate Interest):

  • Crucially: To understand how users interact with the platform, identify bugs, analyze feature usage, and gather insights to develop, improve, and optimize the Platform. This is the core purpose of collecting detailed Usage Data during the beta phase.
  • To analyze feedback and incorporate it into future development.

To Communicate With You (Legitimate Interest, Contractual Necessity, & Consent):

  • To send you essential emails regarding your beta participation, critical service updates, security alerts, requests for direct feedback on the beta service, and important notices about the Service or changes to our terms or policies (based on Contractual Necessity or Legitimate Interest).
  • To send you emails about product news, feature releases, tips for using the platform, and relevant educational content (based on Legitimate Interest, where applicable and offering an opt-out, or Consent).
  • To invite you to participate in surveys regarding your experience, future features, or market research (based on Legitimate Interest, offering an opt-out, or Consent).
  • To send you marketing communications, such as special offers, promotions, information about paid plans (when available), or other commercial messages related to MuscleCode.io. **We will only send these types of communications with your explicit prior consent.** You may opt-out at any time.

For Security and Compliance (Legitimate Interest & Legal Obligation):

  • To monitor usage for security purposes and prevent fraudulent activity.
  • To comply with legal obligations.

5. Legal Basis for Processing (GDPR)

Our legal basis for collecting and using the personal information described above depends on the specific context:

  • Performance of a Contract: Processing is necessary to provide you with access to the beta Service you requested (the agreement to participate forms a contract). This includes essential service communications.
  • Legitimate Interests: Processing Usage Data and Feedback Data is necessary for our legitimate interest in improving and developing our product. We may also rely on legitimate interests to send you non-promotional communications about product updates, feature news, relevant surveys, or requests for feedback, provided these interests are not overridden by your data protection rights and we offer an easy way to opt-out. We carefully balance our interests against your rights in these cases.
  • Consent: We will obtain your explicit consent before sending you direct marketing communications, such as emails containing special offers, promotions, or other commercial messages. Where we rely on consent for any processing (including potentially some surveys or informational emails if not covered by legitimate interest), you have the right to withdraw this consent at any time.
  • Legal Obligation: Processing may be necessary to comply with applicable laws (e.g., maintaining suppression lists for opt-outs, responding to legal requests).

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following situations:

  • With Service Providers: We may share your information with third-party vendors, consultants, and other service providers who perform services on our behalf (e.g., hosting providers, analytics providers, AI model providers, email services). These providers are obligated to protect your data and use it only for the purposes for which it was disclosed.
  • For Legal Reasons: We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of MuscleCode.io, our users, or others.
  • Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company. We will notify you before your Personal Data is transferred and becomes subject to a different Privacy Policy.
  • Aggregated or Anonymized Data: We may share aggregated or anonymized information that does not directly identify you for research, analysis, or product improvement purposes.

7. Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. This includes retaining data collected during the beta program to analyze and improve the product even after the beta concludes, unless you request its deletion. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.

8. Your Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights:

  • Right to Access: You have the right to request copies of your personal data.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to Erasure ('Right to be Forgotten'): You have the right to request that we erase your personal data, under certain conditions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to Object to Processing: You have the right to object to our processing of your personal data based on legitimate interests (including for direct marketing purposes where legitimate interest is claimed), under certain conditions.
  • Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • Right to Withdraw Consent: Where our processing is based on your consent (e.g., for sending marketing emails with offers), you have the right to withdraw that consent at any time. This withdrawal will not affect the lawfulness of processing based on consent before its withdrawal. You can typically withdraw consent via an 'unsubscribe' link in the relevant email communication or by contacting us.

To exercise any of these rights, or to opt-out of specific communications, please contact us at legal@devostack.com. We will respond to your request within one month.

You also have the right to lodge a complaint with a supervisory authority. You can complain to the data protection authority in your country of residence (for instance, the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) - Website: http://www.dataprotection.ro/) or to our lead supervisory authority, the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon - AKI) - Website: https://www.aki.ee/en.

9. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

10. International Data Transfers

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in Romania and the EEA. If we transfer your Personal Data outside the EEA, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or transfer to countries deemed adequate by the European Commission.

11. Children's Privacy

Our Service is not intended for use by children under the age of 16. We do not knowingly collect personally identifiable information from children under this age. If you become aware that a child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We may also inform you via email or through a notice on the Service prior to the change becoming effective. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us:

By email: legal@devostack.com
Or via the contact details listed in Section 2.