PRIVACY.

MDSkill Directory (“we”, “us”, “our”) operates mdskill.dev and the mdskill CLI. This Privacy Policy describes our practices for collecting, using, and protecting personal information in accordance with applicable data protection laws.

Account data — when you sign in with Google, we receive your email address and Google user ID. We store these to identify your account and manage your subscription.

Subscription data — if you subscribe to Pro, our payment processor LemonSqueezy handles billing. We receive a subscription status and expiry date. We do not store card numbers.

Download history — when you download a skill via the website, we record the skill name, type, and timestamp against your account. This powers your dashboard history view.

CLI telemetry (anonymous) — the CLI records which skill slugs are installed and when. No IP address, no user ID, no device fingerprint. You can disable this entirely:

• Set MDSKILL_NO_TELEMETRY=1 in your environment
• Or add telemetry: false to ~/.mdskill/config.json

Log data — our servers log standard HTTP request metadata (method, path, status code, response time) for debugging and uptime monitoring. Logs are retained for 30 days.

We use collected data only for the purposes described here:

• Authenticating your account and authorising CLI access
• Gating premium skill downloads for active subscribers
• Powering the leaderboard rankings (based on anonymous install counts)
• Sending transactional emails (subscription receipts, security alerts)
• Debugging errors and improving service reliability

We do not use your data for advertising, profiling, or any purpose beyond operating the service.

We share data only with the following third-party processors, each bound by data processing agreements:

• Supabase — database and authentication infrastructure (EU region)
• LemonSqueezy — payment processing and subscription management
• Vercel — web hosting and edge delivery

We do not sell, rent, or trade your personal data with any third party. We do not share data with advertisers. We may disclose data if required by law or to protect the rights and safety of users.

• Account data is retained until you delete your account
• Download history is retained for 12 months then automatically purged
• Server logs are retained for 30 days
• Anonymous telemetry is retained indefinitely (no personal data)

On account deletion, all personal data is removed within 30 days. Anonymous/aggregated data may be retained.

We take reasonable technical measures to protect your data including:

• All data in transit encrypted with TLS 1.3
• Database encrypted at rest
• Row-level security policies ensuring users access only their own data
• API tokens are hashed before storage

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to contact@mdskill.dev.

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your account and personal data
• Portability — receive your data in a machine-readable format
• Objection — object to certain processing activities

To exercise these rights, email contact@mdskill.dev. We will respond within 30 days.

We use only strictly necessary cookies:

• Session cookies for authentication state (Supabase)
• No analytics cookies, no advertising cookies, no third-party tracking

We do not use Google Analytics, Meta Pixel, or any behavioural tracking tools.

The service is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

We may update this Privacy Policy periodically. We will notify you of material changes by email and by posting a notice on the platform. The “Last updated” date at the top of this page reflects the most recent revision.