Privacy by Design

We want to be completely open about how we handle your information. This page explains our approach to privacy and data security, which we've carefully designed to be respectful and comprehensive.

Your Personal Information

We collect and store as little of your information as possible.

For most users, the only info you need to give us is your email address. For users on a team, we may also require your name and country, to help team supervisors review your learning progress. This information is visible to you, other people on your team, and our site admins. You can update it through our website, or by emailing our support staff. When your account is deleted, we delete this information too.

We record your IP address to assist with support inquiries, measure site traffic, prevent fraud, and detect malicious usage. It is only visible to our site admins, and is deleted after 30 days.

All other information we store about you is based strictly on how you use the site, is not personally identifiable on its own, and is destroyed or becomes completely anonymous when you delete your account.

Finally, to ensure we're storing as little personal information as possible, we automatically delete most accounts after 3 years of inactivity.


We use cookies to store some temporary data needed for the basic functionality of our site, like storing whether or not you are logged in. These cookies are encrypted, private, and apply only to our site — they cannot be used for cross-site tracking.

We use a service named Paddle to process your payment when you sign up for a paid membership, and they set a few cookies in the process. We do not use their tracking, recovery, or "audience" services. You can read their privacy policy here.

We use a service named Vimeo to play videos, and they set a cookie. You can read their privacy policy here.


We will only email you:

  • to activate your account,
  • to reset your password,
  • to reply to your requests or inquiries,
  • if you turn on specific email notifications,
  • if there's an important update about your account or our service.

We use DMARC and other modern email technologies to fight spam.

Password Storage

Your password is never stored or logged. We cannot recover your password if you forget it.

We use BCrypt for one-way encryption, with a high cost factor.

Secure Communication

We use HTTPS secure connections between your browser and our servers, and between our backend services. We do everything we can to keep your data safe in transit.

Our SSL score is A+.

3rd Parties

We use a small number of service providers to host LunchBox Sessions, store data, securely process payments, and communicate with you. We don't use any analytics, tracking, targeting, advertising, or remarketing integrations.

These services are responsible for transmitting, processing, and storing data for the essential operation of the site, and have access to the personal information you give to us:

We use these services to host our learning content. They see your IP address, but no other personal info:

We use these services for communication with you. They have access to any information included in email messages to or from us, including your name and email address:

If you have a question about these services, please email our designated employee in charge of privacy, Ivan Reese at

Responsible Disclosure

If you discover a vulnerability in LunchBox Sessions, let us know via or, and we will immediately work with you to address the issue.

Privacy Policy

For more detail on our approach to privacy, please see the section of our Terms of Service titled Privacy Policy.

We Are Here To Help You

Find Answers at the Help Center


Toll Free (North America) 1-866-628-3224

Monday to Friday, 8am to 4pm MST

Bad News

JavaScript is not enabled in your browser.

We use JavaScript to power our training media, so you'll need to turn JavaScript on before you can use LunchBox Sessions. If you need help, email us at