Skip to main content

Privacy Policy

Effective Date: January 1, 2026

Last Updated: January 29, 2026

Introduction

Welcome to Code350 ("we," "us," or "our"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, online courses, and tutoring services (collectively, the "Service").

By using Code350, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

Contact Information:

Privacy Questions: Contact Page

1. Information We Collect

1.1 Personal Information You Provide

We collect information that you voluntarily provide when using our Service:

  • Account Information: Name, email address, password (encrypted), profile photo (optional)
  • Payment Information: Billing details processed through Stripe (we do not store credit card numbers)
  • Tutoring Information: For 1-on-1 tutoring clients: parent/guardian contact information, session notes, scheduling preferences
  • Course Progress: Lessons completed, certificates earned, time spent on platform
  • Communications: Messages sent through our contact form, support emails, feedback

1.2 Information Automatically Collected

When you access our Service, we automatically collect:

  • Usage Data: Pages viewed, courses accessed, features used, time spent on platform
  • Device Information: IP address, browser type, operating system, device identifiers
  • Cookies and Tracking: Session data, preferences, analytics information
  • Log Data: Access times, errors, referral URLs

1.3 Information from Third Parties

We may receive information from:

  • OAuth Providers: If you sign in with Google or GitHub, we receive your name, email, and profile photo
  • Payment Processor: Stripe provides transaction status and billing information
  • Video Platform: Zoom provides session attendance data for tutoring and consulting clients

2. How We Use Your Information

We use your information to:

2.1 Provide and Improve the Service

  • Create and manage your account
  • Process course enrollments and payments
  • Track course progress and issue certificates
  • Deliver tutoring services and schedule sessions
  • Respond to support requests and inquiries
  • Improve platform features and user experience

2.2 Communications

  • Send transactional emails (account confirmations, password resets, receipts)
  • Send marketing emails about new courses and updates (you can opt out)
  • Notify you of important changes to our Service or policies

2.3 Analytics and Performance

  • Analyze usage patterns to improve content and features
  • Monitor platform performance and troubleshoot issues
  • Conduct research and development

2.4 Legal and Security

  • Comply with legal obligations
  • Prevent fraud and abuse
  • Enforce our Terms and Conditions
  • Protect the rights and safety of our users

3. Third-Party Services

We use the following third-party services that may collect and process your information:

3.1 Essential Services

  • Supabase: Database hosting and user authentication (PostgreSQL, authentication services)
  • Stripe: Payment processing (we do not store your credit card information)
  • Vercel: Website hosting and analytics
  • Zoom: Video conferencing for tutoring sessions, consulting, and client communication
  • Cloudflare Turnstile: Bot protection and form verification

3.2 Marketing, Communication, and Scheduling

  • Resend: Transactional and marketing email delivery
  • Calendly: Scheduling for onboarding and inquiry sessions
  • Internal Booking System: Our own scheduling platform for tutoring session bookings

3.3 AI Services

  • Groq: AI-powered chat assistance for course learning (processes chat messages)

3.4 Analytics

  • Vercel Analytics: Website performance and usage analytics

Each third-party service has its own privacy policy. We encourage you to review their policies for more information about how they handle your data.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers (listed in Section 3) who assist in operating our platform, processing payments, and delivering services. These providers are contractually obligated to protect your information.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

  • Comply with legal processes
  • Enforce our Terms and Conditions
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our users or the public

5. Tutoring Services - Special Privacy Considerations

5.1 Minor Students (Under 18)

For students under 18 receiving tutoring services:

  • We require parental/guardian consent before providing services
  • Parent/guardian contact information is collected and stored
  • We encourage parents/guardians to be aware of tutoring session schedules and content

5.2 Session Recording Policy

  • Code350 does NOT record tutoring sessions by default
  • Parents/guardians may record sessions locally on their own devices for educational purposes
  • For users 18 and older, sessions may be recorded with explicit consent from all parties
  • Video sessions are conducted via Zoom, subject to Zoom's privacy policy

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: Passwords are hashed using industry-standard encryption
  • HTTPS: All data transmitted between your device and our servers is encrypted
  • Access Controls: Limited employee access to personal data on a need-to-know basis
  • Regular Audits: We review security practices and update as needed

Important: No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights and Choices

7.1 Access and Correction

You can access and update your account information at any time by logging into your account settings. If you need assistance, contact us via our Contact Page.

7.2 Account Deletion

You can delete your account at any time through your account settings. Deleting your account will:

  • Remove your personal information from our active databases
  • Cancel any active course enrollments
  • Remove access to your course progress and certificates

7.3 Marketing Opt-Out

You can unsubscribe from marketing emails by:

  • Clicking the "Unsubscribe" link in any marketing email
  • Updating your email preferences in account settings
  • Contacting us via our Contact Page

8. International Users and Data Transfers

Code350 is based in the United States. If you access our Service from outside the U.S., your information will be transferred to, stored, and processed in the United States. By using our Service, you consent to this transfer.

9. Children's Privacy (COPPA Compliance)

Our Service is intended for users aged 13 and older. We comply with the Children's Online Privacy Protection Act (COPPA).

9.1 Users Under 13

We do not knowingly collect personal information from children under 13 without parental consent. If we discover we have collected information from a child under 13 without proper consent, we will delete it immediately.

9.2 Users Ages 13-17

Students ages 13-17 may create accounts and access online courses. For 1-on-1 tutoring services, we require:

  • Parental/guardian consent before providing services
  • Parent/guardian contact information
  • Parents/guardians are encouraged to be aware of session schedules and content

10. Data Retention

We retain your personal information for as long as necessary to:

  • Provide the Service and fulfill the purposes described in this Privacy Policy
  • Comply with legal obligations (e.g., tax records)
  • Resolve disputes and enforce agreements

Retention Periods:

  • Active Accounts: Data retained while account is active
  • Deleted Accounts: Most data deleted within 30 days; some records retained for legal/accounting purposes (up to 7 years)
  • Marketing Lists: Removed immediately upon unsubscribe request
  • Payment Records: Retained for 7 years for tax and accounting compliance
  • Tutoring Notes: Retained for 3 years for educational continuity, unless earlier deletion is requested by the user or their parent/guardian

Code350 Workplace - AI Coding Platform Privacy

The following privacy disclosures apply specifically to Code350 Workplace, our collaborative AI-powered coding education platform. These disclosures supplement the general privacy policy above.

11. Information We Collect for Workplace

11.1 Additional Information for Minor Users (Ages 13-17)

For users ages 13-17, we collect additional information to ensure safety and comply with applicable laws:

  • Date of Birth: Required to verify age and apply appropriate safety measures
  • Parent/Guardian Email: Required so we can notify parents about account creation
  • First and Last Name: For account identification and parent communication

11.2 Parent Notification Process

  • When a minor (ages 13-17) registers, they must provide a parent/guardian email address
  • Parents receive a notification email with details about our platform, AI safety measures, and content filtering
  • Parents can contact us at any time to request information about or deletion of their child's account

12. AI Interaction Data

12.1 What We Store

When you use AI features in Code350 Workplace, we collect and store:

  • Chat Conversations: All messages exchanged with AI assistants, including timestamps and your user ID
  • AI Model Information: Which AI model was used for each response
  • Token Usage: Number of tokens consumed per request for billing purposes
  • File Attachments: Images, code files, or documents you share with the AI
  • Project Context: File trees, code content, and project structure provided for AI analysis

12.2 What We Send to AI Providers

To provide AI assistance, we transmit the following to third-party AI providers:

  • Your message content and relevant conversation history
  • Code files and project structure for analysis
  • Images or documents for vision-based tasks
  • For minor users: Additional safety context is automatically appended to all requests to enforce content filtering

12.3 AI Providers Used

ProviderPurpose
Anthropic (Claude)Primary AI provider for coding assistance
OpenAIOptional AI models
XAI (Grok)Optional AI models
Vercel AI GatewayRouting and load balancing

13. AI Content Filtering for Minors

13.1 Safety Measures

In accordance with our AI providers' terms of service (Anthropic, OpenAI, XAI) and industry best practices, we implement the following safety measures for users ages 13-17:

  • Age-appropriate content filtering enforced via system prompts sent to AI providers
  • AI responses are restricted to coding education and problem-solving topics
  • Prohibited content includes: Mature themes, explicit content, violence, illegal activities, weapons, drugs, and romantic/dating advice

13.2 Automated Moderation & Flagging

We use automated systems to detect and flag concerning content patterns:

  • Self-harm indicators
  • Abuse indicators
  • Crisis language
  • Dangerous or illegal requests

Flagged conversations are reviewed by our moderation team. If immediate danger is detected, we may contact emergency services or the user's parent/guardian.

Crisis Resources

If our systems detect signs of distress, crisis resources are automatically provided, including the 988 Suicide & Crisis Lifeline and Crisis Text Line. These resources are provided by the AI as part of its safety training.

13.3 AI Disclosure

  • All AI-generated content is clearly labeled (e.g., "Powered by Claude AI")
  • AI will never impersonate a human, friend, or trusted adult
  • AI is programmed to remind users it is an AI when appropriate

14. Parent/Guardian Notifications

14.1 What Parents Receive

  • Notification email when their child registers for an account
  • Information about our AI safety measures, content filtering policies, and educational focus
  • Contact information to request data about or deletion of their child's account

15. Additional Third-Party Services for Workplace

In addition to the services listed in Section 3, Code350 Workplace uses:

ServicePurposeData Shared
Anthropic/OpenAI/XAIAI ProcessingConversations, code, files
Fly.ioPreview HostingProject code for deployments
GitHubRepository AccessProfile, repositories (when connected)

16. Enhanced Data Security for Workplace

Code350 Workplace implements additional security measures beyond our standard practices:

  • Encryption: Sensitive data (GitHub tokens, environment variables) encrypted using AES-256-GCM
  • Row-Level Security: Database access controls ensure users can only access their own data
  • CSRF Protection: Origin and Referer validation on all data mutations
  • Secure Token Storage: OAuth tokens and API keys are encrypted at rest

17. Data Retention for Workplace

17.1 Retention Periods

  • Chat History: Stored indefinitely while your account is active
  • AI Usage Logs: Stored indefinitely for audit and billing purposes
  • Token Transactions: Stored indefinitely for billing records
  • Project Files: Stored while account is active; deleted upon account deletion

17.2 Account Deletion

When you delete your Code350 Workplace account, all associated data is permanently deleted including:

  • Projects and files
  • AI chat history
  • Token balances and transaction history
  • Parent/guardian connections
  • All other account data

This deletion is implemented via CASCADE delete and is irreversible. Some anonymized aggregate data may be retained for analytics.

18. Minors & Data Practices

Code350 Workplace requires users to be at least 13 years old. For users ages 13-17:

  • Parent Notification: Parents are notified via email when their child creates an account
  • Limited Data Collection: We only collect information necessary for the service
  • Parent Requests: Parents can contact us to request information about or deletion of their child's account
  • No Behavioral Advertising: We do not use minor data for targeted advertising
  • AI Safety: Content filtering is enforced per AI provider requirements

Educational Platform Note

Code350 Workplace is an educational platform. AI assistance is designed to supplement, not replace, human instruction. Safety measures for minors are implemented in accordance with our AI providers' terms of service and industry best practices.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email if changes are material
  • Post a prominent notice on our website

Your continued use of the Service after changes become effective constitutes your acceptance of the revised Privacy Policy.

20. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us via our Contact Page.

For GDPR or CCPA requests, please include "Privacy Request" in your subject line and specify which rights you wish to exercise.

21. Additional Disclosures

21.1 No Selling of Personal Information

We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration.

21.2 Sensitive Personal Information

We do not collect sensitive personal information such as Social Security numbers, financial account details (beyond what Stripe processes), or health information.

21.3 Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

By using Code350, you acknowledge that you have read, understood, and agree to this Privacy Policy.

End of Privacy Policy