Legal

Privacy Policy

Last updated: May 10, 2026

Delta-V Academy (the "Service") is an educational orbital mechanics simulator operated by BuildingRome. This policy describes what information the Service collects, how it is used, and the third parties involved. Using the Service means you accept the practices described here.

1. Summary

  • You can use the Kids levels and Novice Lesson 1 anonymously, with no account.
  • Every other lesson and the AI Mission Architect require a free account (email + password or Google sign-in). All curriculum content is free at every level for any signed-in user; only AI usage past the free daily allowance is paid.
  • No marketing cookies. No advertising trackers. No data brokers. We do not sell or share data with advertisers.
  • We collect anonymous usage analytics so we can understand how the site is used and keep it working.
  • For signed-in users, we store your email, account tier, and lesson progress in Firestore.
  • Prompts you submit to the AI Mission Architect are sent to Google Gemini for processing.
  • If you choose to support the project or subscribe to AI Pro, Stripe handles the transaction on a Stripe-hosted page. We receive a Stripe customer identifier and high-level subscription status only; card details never touch our servers.
  • You can request account and data deletion at any time by emailing us.

2. Information We Collect

2.1 Account information (signed-in users)

Creating a free account is required to access most lessons and the AI Architect. When you sign up:

  • Email + password sign-up: we collect the email address you supply. The password is hashed and stored by Firebase Authentication; we never see or store the plaintext.
  • Google sign-in: Google returns a verified email address and a stable Firebase UID to us. We do not request access to contacts, calendar, Drive, or any other Google scope.

For each authenticated user we store the following in our Firestore database:

  • Firebase UID (an opaque identifier for your account)
  • Email address
  • Account tier — one of free (default), ai_pro (paid AI subscription), educator (verified teacher), or institution (school or district contract). Paid tiers are not yet active; everyone is currently free.
  • Account creation timestamp
  • Lesson progress: which lessons and steps you have completed and the highest level reached per lesson
  • If you have ever made a payment (AI Pro subscription or voluntary support contribution): a Stripe customer identifier (cus_...) and, for active subscribers, current subscription status (active, past_due, canceled). The webhook at /api/stripe/webhook writes this on Stripe events. We never store full card numbers; Stripe holds those.

2.2 Session cookies

After sign-in we set an HTTP-only, SameSite=Lax session cookie named __session issued by Firebase. The cookie is used solely to identify your account on subsequent requests. It is not used for advertising, cross-site tracking, or analytics. Signing out clears the cookie.

2.3 Usage analytics (PostHog and Vercel)

The Service uses two analytics tools to understand how the product is used:

  • PostHog captures named interaction events and page views. We use it with autocapture disabled, meaning only the specific events listed below are recorded. PostHog uses browser localStorage (not cookies) for session persistence. For unauthenticated visitors, no persistent person profile is created (PostHog runs in person_profiles: 'identified_only' mode). For signed-in users we identify the PostHog session with your Firebase UID so completed-lesson and feature-usage counts can be attributed to your account. We never send your email, password, or AI Architect prompt content to PostHog. Events we capture include:
  • Page views and page-leave events
  • Lesson menu opened, lesson selected (lesson ID and title), lesson completed
  • Difficulty level selected (kids, novice, intermediate, or advanced)
  • Mission changed (mission ID)
  • Time-speed control used (speed multiplier)
  • AI Architect modal opened, generate / refine completion event (provider, model, satellite count, success or failure code)
  • Account created, account gated (a feature was attempted that required sign-in)
  • Replay menu opened, replay started (replay ID and title)
  • Help / Info modal opened
  • Screenshot taken (resolution setting); video recording started and stopped (resolution and duration)
  • Global overlay controls toggled (control name and on/off state)
  • Feedback button clicked (current mission, lesson, and level — no free-text content)
  • Simulator error boundary triggered (error name and message)

Each event may include browser type, approximate geographic region (country and city level), device category, and operating system as inferred by PostHog from your request headers.

  • Vercel Analytics measures page views and Core Web Vitals (performance signals). It is cookie-less and does not collect personally identifying information. Aggregated metrics include approximate region, device type, browser, and referrer.

2.4 Local storage on your device

The Service uses the browser's localStorage and sessionStorage to remember settings such as lesson progress (mirrored locally for offline use), difficulty level, panel layout, and the welcome modal dismissal state. PostHog also uses localStorage (key prefix ph_) to persist a session identifier between page loads. Clearing your browser storage erases these values.

2.5 AI Mission Architect prompts

The AI Architect requires sign-in. When you use it, the natural-language prompt you type is transmitted to Google's Gemini API to generate a mission configuration. We do not store prompt content on our servers, but Google may process and retain prompts under Google's Privacy Policy. We do log a per-request analytics event (success or failure code, satellite count, model used, whether a self-repair pass was needed) keyed to your account so we can detect abuse and quota issues. The prompt text itself is not in that event. Do not include personal, confidential, or proprietary information in Architect prompts.

2.6 Server logs and rate limiting

Our hosting provider (Vercel) maintains standard server logs that may include IP address, request path, user-agent, and timestamps. These logs are used for security, abuse prevention, and operational diagnostics, and are retained per Vercel's policies. We also keep short-lived in-memory counters of requests per IP and per account so we can apply per-minute and per-day rate limits to the AI Architect and authentication endpoints. These counters are not persisted to disk and reset when a server instance restarts.

3. What We Do Not Collect

  • We do not collect names, phone numbers, postal addresses, or payment card numbers through the Service. Card data for AI Pro subscriptions and voluntary support contributions is handled directly by Stripe; we receive only a Stripe customer ID.
  • We do not run advertising networks or sell data to third parties.
  • We do not fingerprint users or build cross-site profiles.
  • We do not capture free-text input from sliders, lesson content, or the 3D view.
  • We do not require a real name on your account.

4. Cookies and Local Storage

The Service does not set advertising or tracking cookies. The__sessioncookie described above is the only cookie we set ourselves and it exists solely to keep you signed in. PostHog stores an anonymous session identifier in your browser's localStorage under keys prefixed with ph_. Vercel may set a small number of essential, first-party operational cookies for hosting and performance measurement. None of these contain personal information or are used for advertising.

5. Third-Party Services

We rely on a small number of third parties to operate the Service:

  • Firebase Authentication and Firestore (Google) host the account system and store user records, lesson progress, and (eventually) subscription state. See Firebase's Privacy Policy.
  • PostHog provides product analytics and event tracking. See PostHog's Privacy Policy. PostHog is configured with person_profiles: 'identified_only', meaning no persistent profile is created for unauthenticated visitors.
  • Vercel hosts the application and provides performance analytics. See Vercel's Privacy Policy.
  • Google (Gemini API) processes prompts you send to the AI Mission Architect. See Google's Privacy Policy.
  • Stripe processes two flows: AI Pro subscriptions ($5/month or $50/year, lifts the daily AI usage cap to unlimited) and voluntary support contributions (one-time or recurring; do not unlock any feature). All checkout and recurring billing happens on Stripe-hosted pages under Stripe's Privacy Policy; we receive only a Stripe customer ID and high-level subscription state via webhook. Self-service cancellation, payment-method updates, and invoice access run through the Stripe-hosted Customer Portal (linked from the in-app account menu). Voluntary support contributions are not tax-deductible while Delta-V Academy is operated by BuildingRome Studio LLC; see the Terms for the full disclosure.
  • Open data sources such as CelesTrak, Space-Track, NASA, ESA, and similar public catalogs may be fetched to populate orbital element references. Requests are made server-side and do not transmit user-identifying data.

6. Children's Privacy

Delta-V Academy is suitable for general audiences interested in learning orbital mechanics, including students. The Kids levels (designed for ages 6 to 14) and Novice Lesson 1 are usable anonymously, with no account or personal information required.

Account creation is required for further lessons. We do not knowingly collect personal information from children under 13 in the United States, or under the equivalent age of digital consent in other jurisdictions, except with verifiable parental or guardian consent. If you are a parent or guardian and believe your child has created an account or otherwise provided personal information, contact us at info@buildingrome.dev and we will delete the account and any associated data.

7. Data Retention

Account information and lesson progress are retained for as long as your account is active. PostHog event data is retained per PostHog's retention policy (currently one year on the free tier; subject to change). Aggregate Vercel Analytics are retained per Vercel's policies. Local-storage values persist on your device until you clear them. Architect prompt text is not retained on our servers.

8. Your Rights and Choices

  • Access and correction. You can see your account email and tier in the app. To request a copy of your stored progress data, email info@buildingrome.dev from your account email and we will export it.
  • Deletion (self-serve).Open the Account menu inside the app, choose "Delete my account", and type your email to confirm. The request immediately deletes your Firebase Authentication record, your users/{uid} Firestore document, and your progress/{uid}/lessons/* subcollection, and revokes any outstanding session tokens. Locally cached lesson progress in your browser is also cleared. Anonymous analytics events that cannot be reattached to an identity may persist in PostHog until they age out of retention. If the in-app flow does not work for you, email info@buildingrome.dev and we will delete your account manually within 30 days.
  • Local data.You can clear your browser's site data at any time to remove all locally stored preferences and PostHog session identifiers.
  • Analytics opt-out. You can opt out of PostHog analytics by enabling Do Not Track in your browser, or by using an analytics-blocking extension. PostHog respects the DNT header. You can opt out of Vercel Analytics with browser-level tracking protection or an ad blocker.
  • AI Architect. You can choose not to use the AI Architect, in which case no prompt data is generated or transmitted to Google.

9. Security

Account credentials are managed by Firebase Authentication, which applies password hashing, brute-force protection, and (for Google sign-in) federated identity verification. Firestore access is constrained by per-user security rules: a signed-in user can read and write only their own progress documents. We use commercially reasonable measures to protect the rest of the Service. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

10. International Users

The Service is operated from the United States and uses Google Cloud (Firebase, Gemini), Vercel (US), and PostHog US infrastructure (us.i.posthog.com). If you access the Service from elsewhere, you consent to the transfer and processing of information in the United States and other regions where our service providers operate.

11. Changes to This Policy

We may update this policy as the Service evolves. Material changes (for example, the activation of AI Pro or voluntary-support payments, a new analytics provider, or any change to data retention) will be reflected by updating the "Last updated" date at the top of this page and, where appropriate, by emailing signed-in users. Continued use of the Service after an update means you accept the revised policy.

12. Contact

Questions, deletion or export requests, and privacy-related complaints can be sent to info@buildingrome.dev. See the Contact page for more options.