Privacy Policy

Last updated: March 10, 2026

1. Introduction

Welcome to The Drill Sergeant ("we," "our," or "us"), operated by Epic Technology Limited, a company registered in Hong Kong. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website mydrillsergeant.com and its subdomains (including our dashboard at hq.mydrillsergeant.com) (collectively, the "Site") and use our Chrome browser extension (the "Extension").

By accessing the Site or using the Extension, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not access the Site or use the Extension.

2. Our Core Privacy Philosophy: Local-First

The Drill Sergeant is architected with a "Local-First" design to maximize your privacy:

  • Browsing History (URLs you visit): Processed 100% locally on your device. We never transmit, collect, or store your browsing history on our servers.
  • Settings (Rules you create): Your blocking rules and schedules are stored locally for immediate performance. They are synchronized to our cloud servers only to keep your devices in sync when you are logged in.

3. Information We Collect

We collect information in the following ways:

A. Information You Provide

When you create an account, we collect personally identifiable information such as your:

  • Email address
  • Name (optional)
  • Profile image (if logging in via third-party providers such as Google)

B. Synchronization Data

When you are logged in, we sync your configuration settings to our secure cloud servers (hosted on Google Cloud Platform / Firebase) to provide a seamless experience across multiple devices. This includes:

  • Your custom list of blocked domains.
  • Your schedule configurations (e.g., work hours).
  • Your custom motivation messages.
  • Subscription status and feature flags (e.g., "Hardcore Mode" status).

C. Payment Data

Financial information is processed by our third-party payment processors, Stripe and PayPal. We do not store credit card numbers or financial account information on our servers. We retain only a transaction identifier and subscription status to verify your access to premium features.

D. Automatically Collected Data

When you visit our Site (not the Extension — see Section 5), we may collect anonymized usage data through Google Analytics 4, but only if you have provided consent via our cookie banner. This may include pages viewed, time spent on pages, browser type, device type, approximate geographic location (country/city level), and referral source.

E. Error & Diagnostic Data

Our Dashboard application (hq.mydrillsergeant.com) uses Sentry for error monitoring. When a technical error occurs, Sentry may automatically collect error messages, stack traces, browser type, and operating system. Sentry does not receive your browsing history, blocked website list, or any personal account data.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or a jurisdiction that requires a legal basis for processing personal data, we rely on the following grounds:

  • Contractual Necessity: Processing your account information and synchronization data is necessary to provide the services you have signed up for (Article 6(1)(b) GDPR).
  • Consent: Analytics cookies and tracking technologies are only activated after you provide explicit, informed consent via our cookie banner (Article 6(1)(a) GDPR). You may withdraw consent at any time.
  • Legitimate Interest: We process limited technical data (e.g., error reports via Sentry) to maintain the security, stability, and performance of our services (Article 6(1)(f) GDPR). This does not override your fundamental rights and freedoms.
  • Legal Obligation: We may process data where required to comply with applicable laws or regulations (Article 6(1)(c) GDPR).

5. How We Use Your Information

We use the information we collect to:

  • Create and manage your account.
  • Synchronize your settings and preferences across your authenticated devices.
  • Process payments and manage subscriptions.
  • Send transactional emails regarding your account or orders.
  • Monitor and improve the performance and reliability of our services.
  • Prevent fraudulent transactions and protect against criminal activity.
  • Comply with applicable legal requirements.

We do not use your data for profiling, automated decision-making, or targeted advertising.

6. Cookies & Tracking Technologies

Important: We do not use any analytics, tracking scripts, or cookies within the Chrome Extension itself. The Extension does not contain Google Analytics, Sentry, or any other third-party tracking code. All tracking technologies described below apply only to our website (mydrillsergeant.com) and dashboard (hq.mydrillsergeant.com).

A. What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work more efficiently and to provide reporting information.

B. Types of Cookies We Use

  • Strictly Necessary Cookies: Essential for the website to function. These cannot be switched off and include cookies that remember your cookie consent preferences. No consent is required for these cookies.
  • Analytics Cookies (Google Analytics 4): Used to understand how visitors interact with our website — such as which pages are visited and how long users stay. This data helps us improve the site experience. These cookies are only set after you provide explicit consent.

C. Consent

In accordance with the GDPR and the ePrivacy Directive, all non-essential cookies are disabled by default. When you first visit our website, a cookie consent banner will appear allowing you to accept or decline specific categories of cookies. No analytics or tracking cookies are set until you provide explicit consent.

You can change your cookie preferences at any time by clicking the cookie settings link in the website footer, which will re-open the consent banner.

D. Google Consent Mode

We use Google Consent Mode v2 to ensure that Google Analytics fully respects your consent choices. When you decline analytics cookies, Google Analytics will not store any cookies or collect identifiable data.

7. Chrome Extension Permissions

Our Extension requires specific browser permissions to function. Here is why we request each one:

  • declarativeNetRequest / declarativeNetRequestWithHostAccess: Required to block access to the websites you have specified in your block list. All blocking happens locally on your device.
  • storage: Required to save your settings locally on your device.
  • alarms: Required to schedule background tasks, such as periodic synchronization of your settings.

The Extension does not request or use permissions to read your browsing history, track your activity, or inject advertisements.

8. Disclosure of Your Information

We do not sell, rent, or trade your personal information to third parties. We may share information we have collected about you only in the following circumstances:

A. By Law or to Protect Rights

If we believe the release of information is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by applicable law.

B. Third-Party Service Providers

We share information with third parties that perform services on our behalf. These providers are contractually obligated to use your data only for the purposes we specify:

  • Google Firebase: Hosting, authentication, and database services.
  • Stripe & PayPal: Payment processing services.
  • Google Analytics: Website usage analytics (only when you consent to analytics cookies on the Site).
  • Sentry: Error monitoring and crash reporting for our Dashboard (hq.mydrillsergeant.com). Sentry receives only technical error data and does not receive your browsing history or blocked website list.

9. International Data Transfers

Epic Technology Limited is based in Hong Kong. Our third-party service providers — including Google (Firebase, Analytics), Stripe, PayPal, and Sentry — may process and store data in the United States and other countries outside your jurisdiction.

Where your data is transferred outside the European Economic Area (EEA) or the United Kingdom, our service providers maintain appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission and/or equivalent mechanisms, to ensure your data receives a level of protection consistent with applicable data protection laws.

10. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:

  • Account Data: Retained for as long as your account is active. When you delete your account through the Dashboard settings, your data is permanently removed from our servers.
  • Payment Records: Transaction identifiers and subscription status are retained for the duration required by applicable tax and financial regulations.
  • Error & Diagnostic Data: Sentry error reports are automatically deleted after 90 days.
  • Analytics Data: Google Analytics data is retained according to Google's default retention settings (14 months) and is not linked to your personal account.

11. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS). Access to personal data is restricted to authorized personnel on a need-to-know basis.

Despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against interception or misuse. If you have reason to believe your data has been compromised, please contact us immediately.

12. Your Data Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of any inaccurate or incomplete data.
  • Right to Deletion: Request that we delete your personal data ("Right to be Forgotten"). You can also delete your account directly through the Dashboard settings at any time.
  • Right to Restrict Processing: Request that we limit the processing of your data in certain circumstances.
  • Right to Data Portability: Request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to the processing of your data where we rely on legitimate interest as our legal basis.
  • Right to Withdraw Consent: Where processing is based on consent (e.g., analytics cookies), you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at the email provided below. We will respond within 30 days (or within the timeframe required by applicable law).

If you are located in the EEA or the United Kingdom, you also have the right to lodge a complaint with your local data protection supervisory authority.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of personal information we have collected.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

We do not sell your personal information. We do not share your personal information for cross-context behavioural advertising.

14. Children's Privacy

Our services are not directed to individuals under the age of 16 (or under 13 in jurisdictions where that is the applicable threshold). We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at the email below and we will promptly delete such information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or for operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated Privacy Policy on this page and revising the "Last Updated" date at the top. We encourage you to review this page periodically.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Epic Technology Limited

[email protected]