#100Days Centi
Get started Sign in
Privacy policy

Data protection & responsible usage

Last updated: October 19, 2025

This policy explains how Centi handles personal data collected as part of the #100DaysOfCode challenge. The information below reflects the current state of the open-source project and must be reviewed before any public deployment.

1. Data controller

Data processing is handled by the maintainer of the open-source project. For any question or request regarding your personal data, contact hello@jiordiviera.me.

No dedicated company exists at this stage. Contributors deploying the project should adapt this section according to their legal status.

2. Data we collect

  • Account data: name, email address, password (hashed), timezone, interface preferences.
  • Content you create: daily logs, projects, tasks, comments, optional attachments.
  • Integrations: GitHub access tokens (encrypted at rest), organisation IDs, repository provisioning status, WakaTime API key (encrypted) and imported activity stats.
  • Technical data: IP addresses, user-agent, application logs (errors, response times) kept for diagnostics.

3. How we use your data

  • Provide the core features (daily log, streak tracking, project/task management).
  • Generate AI-assisted content (summary, tags, coach tip, social drafts).
  • Synchronise actual coding activity (WakaTime) and produce tailored insights.
  • Maintain, secure, and troubleshoot the service.
  • Handle user support through the feedback form or GitHub Issues.

4. Data sharing & processors

Data is neither sold nor rented. It can be shared with third parties only for the following purposes:

  • AI providers: prompts sent to Groq (Mixtral) and, as a fallback, to OpenAI (GPT-4o-mini). Log content may be included to generate summaries and tips.
  • WakaTime: fetching activity statistics via your personal API key.
  • Hosting infrastructure: Hetzner Cloud (Germany) VPS managed with Ansible, running Ubuntu, Nginx, and PostgreSQL. Application data, logs, and encrypted backups are stored on this server.
  • Authorities or legal obligations: only when required by law.

As of today, no CDN, analytics suite, or transactional email provider is used. Should we add one, this section will be updated with the new processor.

5. Data retention

  • Account data: kept while the user has access; deleted on request.
  • Logs, projects, tasks: kept until manually deleted or the account is closed.
  • API keys / OAuth tokens: stored encrypted and revoked when the service is disconnected.
  • Technical logs: stored on the Hetzner VPS and purged manually during maintenance windows (no automated rotation configured yet).

6. Security

The application relies on Laravel’s security features: password hashing, encrypted sensitive fields (GitHub/WakaTime), CSRF protection, and permission policies. Contributors should avoid exposing secrets in logs or shared screenshots.

7. Your rights

You can request access, rectification, deletion or portability of your data. Contact us using the channel above, mentioning the email linked to your account. Proof of identity may be requested.

8. Policy changes

This policy may be updated to reflect technical or regulatory developments. The update date shown above will change accordingly.