Skip to main content

Privacy Policy

Last updated: March 2026

1. What Data We Collect
  • Account information — name, email address, school
  • Profile data — bio, skills, programming languages, GitHub username
  • Learning activity — module completion, quiz responses, XP and levels
  • AI interactions — chat messages for the website builder, adaptive learning, and NAILD workshop features
  • Usage data — page views and login timestamps
2. How AI Features Use Your Data

We use OpenAI's API for chat features and skill analysis. Per OpenAI's API data usage policy, data sent via the API is not used to train their models.

All student messages are screened by OpenAI's Moderation API before processing. We configure zero-data-retention where available.

Student identifying information (names, contact details) is stripped from data before it is sent to AI services for skill analysis.

3. Data Sharing
  • We do not sell data to advertisers or data brokers.
  • Employer access to student profiles requires student opt-in (hireable toggle).
  • Third-party services receive only the minimum data needed to perform their function.
  • No data is shared for marketing purposes.
4. FERPA Alignment
  • Student consent is obtained at registration — creating an account requires agreement to this Privacy Policy.
  • Minor protections are maintained through school coordinator oversight.
  • Parental or guardian verification is available on request.
  • Audit logging tracks all data access.
  • Data minimization — we only collect what is needed for program participation.
  • Students have the right to access and export their personal data.
5. Data Security
  • TLS 1.2+ encryption in transit with HSTS enforced.
  • AES-256 encryption at rest through AWS infrastructure.
  • All servers are located in the United States.
  • Passwords are hashed with bcrypt.
  • CSRF protection is applied to all forms.
  • Secure cookies with HttpOnly, SameSite=Lax, and Secure flags.
6. Data Retention
  • Active participation data is retained for the program duration plus two years.
  • AI chat messages are retained for 90 days.
  • Audit logs are retained indefinitely for compliance purposes.
  • Students may request early deletion of their data.
7. Your Rights
  • Access your personal data at any time through your profile.
  • Request correction of inaccurate information.
  • Request deletion of your account and associated data.
  • Withdraw consent for optional data processing.
8. Third-Party Services
Service Purpose Data Shared
OpenAI AI chat features, skill analysis Chat messages, skills evidence (anonymized)
AWS S3 File storage (resumes, uploads) Uploaded files
Heroku Application hosting Application data
Microsoft Graph Email notifications Email addresses
9. Contact

For privacy questions, please contact us at zachary@code2college.org.