CodeForge AI

Privacy Policy

Effective date: June 17, 2025

1. Information We Collect

We collect the following categories of data:

  • Account data — name, username, email address, hashed password (or OAuth token reference if you sign in with Google/GitHub).
  • Usage data — problems solved, submission history, streak data, XP, badges, skill analytics, spaced-repetition records.
  • Content you create — code submissions, forum posts, discussion comments, and notes.
  • Technical data — IP address, browser/device type, and error logs collected automatically for platform stability.

2. How We Use Your Information

  • Operate and personalise the platform (progress tracking, AI coaching, recommendations).
  • Send transactional emails such as password resets and welcome messages.
  • Detect abuse and maintain platform security.
  • Improve the product through aggregate, anonymised analytics.

We do not sell your personal data to third parties.

3. Data Storage and Security

Your data is stored on MongoDB Atlas (cloud database) hosted in secure data centres. Passwords are hashed with bcrypt (cost factor 12) and never stored in plain text. We use HTTPS for all data in transit.

4. Third-Party Services

  • Google / GitHub OAuth — used only to authenticate you; we receive a profile token and do not access your other data.
  • Hostinger SMTP — used to deliver transactional email.
  • Code execution sandbox — code you submit is sent to a secure sandboxed execution service and is not retained beyond the session.
  • AI providers — prompts and your code context may be sent to AI model APIs to generate hints and coaching. These providers have their own privacy policies.

5. Cookies and Sessions

We use a single, HTTP-only session cookie to keep you logged in. We do not use advertising or tracking cookies. No third-party trackers are embedded on the platform.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Export your submission history and notes.

To exercise any of these rights, email info@setups.works.

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, your personal data is removed within 30 days. Aggregated, anonymised analytics data may be retained indefinitely.

8. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect data from children under 13. If we discover such data has been collected, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you by email or via a banner on the platform when material changes are made.

10. Contact

Privacy questions or requests: info@setups.works