Privacy Policy

Last updated: February 17, 2026

1. Introduction

PowerShellNerd ("we", "us", or "our") operates the website at powershellnerd.com ("the Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform. We are committed to safeguarding your privacy and being transparent about our data practices.

2. Information We Collect

2.1 Account Information (via OAuth)

When you sign in using GitHub or Google OAuth, we collect the following information from your authentication provider:

  • Name: Your display name as provided by the OAuth provider
  • Email address: Your primary email address
  • Profile image: Your avatar or profile photo URL
  • Provider account ID: Your unique identifier with GitHub or Google
  • GitHub OAuth token: When signing in with GitHub, we store your OAuth access token to enable features such as the repository picker for tool submissions and repository browsing

2.2 Newsletter Subscription

If you subscribe to our newsletter, we collect your email address. Our newsletter uses a double opt-in process: after subscribing, you will receive a verification email and must confirm your subscription before receiving newsletters.

2.3 User-Generated Content

When you use the Service, we collect content you voluntarily provide, including:

  • Tool submissions (descriptions, tags, repository URLs)
  • Script requests and associated files
  • Q&A questions and answers
  • Comments, reviews, and ratings
  • Profile information (bio, username)
  • Bookmarks

2.4 Automatically Collected Information

We may automatically collect certain technical information when you visit the Service, including your IP address, browser type, and general usage patterns. This information is used solely for rate limiting, security purposes, and improving the Service.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account on the platform
  • Authenticate your identity and maintain session security
  • Enable tool submissions by accessing your public GitHub repositories
  • Display your profile information to other community members
  • Send newsletter emails to confirmed subscribers
  • Send notifications about activity related to your content (new followers, ratings, comments)
  • Calculate community statistics
  • Enforce rate limits and protect against abuse
  • Improve the Service and develop new features

4. Cookies and Session Management

We use cookies for the following purposes:

  • Session cookies: We use HTTP-only session cookies to maintain your authentication state after signing in. These cookies are essential for the Service to function and cannot be disabled while using authenticated features.
  • OAuth state cookies: During the sign-in process, we use temporary cookies to store OAuth state parameters for CSRF protection. These cookies are deleted after authentication is complete.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not track your browsing activity across other websites.

5. Third-Party Services

We integrate with the following third-party services to provide the Service. Each has its own privacy policy governing its handling of your data:

GitHub (Microsoft)

Used for OAuth authentication and accessing your public repositories for tool submissions. We request access to your public profile information and public repository list.

GitHub Privacy Statement

Google

Used as an alternative OAuth authentication provider. We request access to your basic profile information and email address.

Google Privacy Policy

Azure Database for PostgreSQL (Microsoft)

Our database provider, hosted on Microsoft Azure's managed PostgreSQL Flexible Server infrastructure. All user data, account information, and content are stored in our Azure PostgreSQL database.

Microsoft Privacy Statement

Resend

Used to send transactional emails including newsletter messages, verification emails, and notification emails. Your email address is shared with Resend for email delivery.

Resend Privacy Policy

Azure App Service (Microsoft)

Our hosting provider for the website and API. Requests to the Service are processed through Azure App Service infrastructure (Linux, Node.js).

Microsoft Privacy Statement

Azure Cache for Redis (Microsoft)

Used for server-side caching to improve performance. Cached data may include anonymized aggregated content such as search results and platform statistics.

Microsoft Privacy Statement

6. Data Retention

We retain your data as follows:

  • Account data: Retained for as long as your account is active. Upon account deletion, your personal information will be removed within 30 days.
  • User-generated content: Tool submissions, Q&A content, and other contributions may be retained after account deletion to preserve community resources, but will be disassociated from your personal information.
  • Newsletter subscriptions: Your email is retained until you unsubscribe. You can unsubscribe at any time using the link provided in every newsletter email.
  • Session data: Session cookies expire automatically. Server-side session records are cleaned up periodically.
  • Rate limiting data: IP-based rate limiting data is stored in memory and is not persisted beyond the lifetime of the server process.

7. Data Security

We implement reasonable security measures to protect your personal information, including:

  • HTTPS encryption for all data in transit
  • Cryptographically secure tokens for session management (generated with crypto.randomBytes)
  • OAuth state validation for CSRF protection during authentication
  • HTML escaping of user-generated content to prevent injection attacks
  • Server-side input validation on all API endpoints
  • Rate limiting to prevent abuse and brute-force attacks
  • HTTP-only cookies to prevent client-side script access to session tokens

While we strive to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your information.

8. Your Rights

You have the following rights regarding your personal information:

  • Access: You can view your account information, profile data, and submitted content at any time through your dashboard and profile settings.
  • Correction: You can update your profile information, bio, and username through the settings page.
  • Deletion: You can request deletion of your account and associated personal data by contacting us. We will process deletion requests within 30 days.
  • Data portability: You can request a copy of your personal data in a machine-readable format by contacting us.
  • Opt-out: You can unsubscribe from newsletters at any time. You can manage your notification preferences through the platform.
  • Revoke OAuth access: You can revoke PowerShellNerd's access to your GitHub or Google account at any time through your provider's settings.

9. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe that a child under 13 has provided us with personal information, please contact us and we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by updating the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at contact@powershellnerd.com.

Please also review our Terms of Service for the rules governing your use of the PowerShellNerd platform.