Shipping API DojoShipping API Dojo

Legal

Privacy Policy

This policy describes how Shipping API Dojo handles anonymous browser progress, signed-in account data, subscription records, and transactional email for the hosted product at shipping.apidojo.app.

Controller and contact

Shipping API Dojo is operated by Ball Lightning AB. Privacy and support requests currently route through info@balllightning.cloud.

This remains the manual request path for access, export, and deletion handling until dedicated account tooling is expanded.

Current tracking position

The current issue-12 implementation assumes no analytics, remarketing pixels, session replay tooling, or other optional tracking identifiers are enabled.

That is why the product can currently rely on necessary auth/session and requested-service storage without a consent banner. If optional tracking is introduced later, this position must be revisited.

What we process

Anonymous progress in your browser

When you use the public learning product without signing in, progress stays in your current browser storage.

  • We store anonymous lesson, drill, XP, streak, and scenario progress in browser localStorage.
  • This data stays on the device and browser profile you are using unless you export, import, reset, or clear browser storage.
  • The anonymous experience does not require an account.
Signed-in accounts and server-backed progress

When you sign in, we also store account, session, and progress records on our hosted services so progress can persist across sessions and devices.

  • Better Auth manages sign-in, password reset, magic-link flows, and cookie-backed sessions.
  • Signed-in progress is stored in our hosted database together with merge-event records used when local anonymous progress is synced into an account.
  • Entitlement and subscription state can also be associated with your account when paid features are enabled.
Billing and payment-provider records

Paid subscriptions are handled through Creem, and we store the subscription and webhook records needed to reflect billing state inside the app.

  • Creem acts as the payment and subscription system for paid plans.
  • We receive billing events, subscription status, and plan information needed to update account entitlements and handle disputes, fraud checks, or accounting obligations.
  • We do not use this repository as a credit-card vault. Payment-card handling stays with the payment provider.
Transactional email and delivery events

We send sign-in, password-reset, welcome, and billing lifecycle email through Resend and record tracked delivery events that help us operate those messages safely.

  • Transactional emails can include sign-in links, password resets, welcome messages, payment-failure notices, subscription confirmations, or subscription-cancellation notices.
  • We store tracked delivery, bounce, complaint, and suppression webhook events when Resend reports them back to us.
  • These records help us troubleshoot delivery issues, avoid repeat sends to bad destinations, and respond to abuse or support requests.

How we use the data

  • Provide the learning product and keep requested features working.
  • Authenticate signed-in users and secure account access.
  • Persist signed-in progress across sessions and devices.
  • Reflect subscription and entitlement state for paid features.
  • Send transactional account and billing email.
  • Prevent abuse, investigate incidents, and meet legal, accounting, or fraud-prevention obligations.

Key service providers

  • Better Auth powers account and session flows inside the product.
  • Hosted database infrastructure stores account, progress, entitlement, billing-event, and email-event records used by the product.
  • Creem handles subscriptions and payment-provider events for paid plans.
  • Resend handles transactional email delivery and webhook event reporting.

Retention summary

Anonymous browser progress

Stored in your browser until you clear it, reset/import over it, or the browser removes it.

  • No server-side account is required for this data.
  • You can clear it immediately through browser storage controls or the settings reset action.
Signed-in account and progress data

Kept while the account is active and while the service needs it to provide account features.

  • Deletion requests are handled manually in this phase so we can review linked progress, auth, billing, and support records together.
  • Some minimal security or backup traces may persist temporarily after a request while scheduled cleanup completes.
Billing, subscription, and dispute records

Kept as long as needed for accounting, tax, fraud prevention, contractual record-keeping, or dispute handling.

  • These records are not all immediately erasable on request.
  • Where deletion is restricted, we will explain the legal or operational basis for retaining the record.
Transactional email delivery records

Kept as long as needed to operate email safely, investigate delivery problems, and maintain suppression hygiene.

  • Bounce and complaint records may be retained even if other account data is removed.
  • This helps prevent repeated delivery attempts to unsafe or unavailable destinations.

Your rights and requests

You can use the settings page to manage local browser progress and, once signed in, to reach account-related privacy actions as they are exposed in-product.

For access, export, correction, deletion, or retention questions, contact Ball Lightning AB support at info@balllightning.cloud. Deletion requests are currently handled manually because account data can span auth, progress, subscriptions, billing events, and email-event records.

Some records may need to be retained even after a deletion request is processed where billing, accounting, tax, fraud-prevention, abuse prevention, or dispute obligations apply.

Email a deletion request

For a storage-specific view of browser storage, cookies, and hosted records, see the Cookie & Storage Disclosure.