← Back

How it works

What this site does, and why it works this way.

A short lesson every day for 10 days

The course is structured as ten short daily lessons. Each one takes a few minutes and includes something to read and a small task to sit with. You can move at your own pace — one a day, one a week, whenever suits you.

The next day unlocks once you've worked through the current one, so the material lands in order.

Your progress is saved, on every device

Once you sign in, the site remembers where you are in the course. Close the tab, switch from your phone to your laptop, come back next week — your place is kept.

The token login: how it works

Instead of asking for your email and password, we give you a random token that looks like ABCD-1234-WXYZ. You also choose a password. The token + password is how you sign back in.

  1. You arrive and tap "Get started".
  2. The site generates a token for you and shows it on screen.
  3. You copy it somewhere safe (password manager, notes app, written down).
  4. You tick "I have saved my token" and pick a password.
  5. From then on you sign in at /login with that token + password.

Why no email? Why a token?

The course is about something personal. We didn't want anything that could tie your progress back to you — not an email address, not a name, not a phone number.

A random token has no link to your identity. We don't know who you are, and we genuinely can't find out. That's the point.

The trade-off: because we have no email for you, we cannot recover a lost token or a forgotten password. If you lose them, the account is gone. Save both somewhere safe.

How your account is kept secure

Your password is hashed with bcrypt before it's stored — we never see the password itself, only the hash. Sign-in is rate-limited to slow down anyone trying to guess tokens.

We also check new passwords against the public "Have I Been Pwned" database to stop you reusing one that's already been leaked elsewhere.

Everything is sent over HTTPS, so the connection between your browser and our servers is encrypted in transit.

Sessions last 30 days

Once you sign in, you stay signed in on that device for up to 30 days of inactivity. Open the site again within that window and you go straight to where you left off. After 30 days without visiting, you'll be asked to sign in again.

What we store, and what we don't

We store: your token (hashed password attached), which day you're on, and any optional notes you choose to save inside a lesson.

We don't store: your name, email, phone, IP-based profile, or any tracking cookies for advertising. There are no third-party trackers on these pages.

See the Privacy & Data Policy for the full detail.

That's it

Ten short lessons. An anonymous token to come back to them. No labels, no judgement, no inbox.