Privacy Policy
Last updated: April 18, 2026
This Privacy Policy describes how CodeTeach.ai, operated by Martlet Solutions, LLC, a Texas limited liability company (“CodeTeach,” “we,” “us,” or “our”), collects, uses, and shares your information when you use our service at codeteach.ai (the “Service”).
1. Information we collect
1.1 Account information
When you sign up, we collect (via Clerk, our authentication provider):
- Your email address
- Your name (if you provide it)
- A profile picture (if you provide one or sign in via Google/GitHub)
- The authentication method you used (email, Google, GitHub)
- Your sign-in history (timestamps and IP addresses, retained by Clerk)
1.2 Content you create
When you generate assignments, we store the inputs you provide (topic, learning objectives, description, language, difficulty) and the AI- generated outputs (starter code, solution code, tests, instructions, workflow YAML). This content is associated with your account and is never shared with other users.
1.3 Bring Your Own Key (BYOK) API keys
CodeTeach uses your own API key from one of the supported AI providers (Anthropic, OpenAI, Google, Mistral, Groq, or DeepSeek) to perform assignment generation. This is the primary way the service operates — we forward prompts to the provider you specified using your key, and you are billed for the AI usage by that provider directly. CodeTeach does not mark up or share in your AI provider charges.
We encrypt your API key with AES-256-GCM the moment we receive it. We never log it, never display it back to you in full after entry, and never transmit it to any party other than the AI provider you specified.
1.4 Payment information
Payments are processed by Stripe. We do NOT see or store your credit card number or banking information. We receive only:
- A Stripe customer identifier
- The amount, currency, and date of each transaction
- Confirmation that a charge succeeded or failed
Stripe’s privacy policy: stripe.com/privacy.
1.5 GitHub data
When you install our GitHub App, we receive (via the GitHub API):
- Your GitHub username
- The names of organizations and repositories the App has access to
- Permission to create and modify repositories on your behalf
We use this only to deploy assignment template repositories you explicitly request. We do not read your existing private repository contents.
1.6 Usage analytics
We use PostHog to collect anonymized product analytics (page views, feature usage, funnel completion rates) so we can improve the Service. Analytics events are tied to your CodeTeach user identifier (not your email or name directly). Session replay is disabled by default to protect any sensitive content (such as code or API keys) you might type into the Service.
1.7 Error reports
We use Sentry to capture technical errors. Error reports include the error message, stack trace, request URL, and your CodeTeach user identifier. We deliberately exclude form contents, cookies, and request bodies that may contain sensitive material.
1.8 Cookies and similar technologies
We use cookies for the following purposes. We do not use third-party advertising cookies, and we do not embed third-party tracking pixels.
- Authentication (Clerk) — required for session management. Without these the Service cannot function.
- Referral attribution(“ct.ref”) — set when you click a referral link. First-party, 30-day expiry. Used only to credit a future signup to the referrer; cleared after attribution completes.
- Product analytics (PostHog) — anonymous device identifier plus your CodeTeach user identifier once signed in.
- Cookie consent preference— records your acceptance or rejection of non-essential cookies so we don’t prompt you again on every visit.
If you are in the EU/EEA or UK, we request your consent before setting non-essential cookies via a banner.
1.9 Referral program
If you participate in our referral program, we generate a unique referral code tied to your account and store the relationship between referrers and referred users so we can grant credits to both parties (currently 2 credits to the new user on signup and 5 credits to the referrer when the new user makes their first purchase). Referrers can view aggregated statistics about their referrals (counts of signups and first-purchase conversions) but cannot see referred users’ identities, email addresses, or activity.
2. How we use your information
- To provide the assignment generation, validation, and deployment functionality
- To process payments for credit purchases
- To send transactional emails (sign-in links, payment receipts, deployment notifications)
- To respond to support requests you initiate
- To investigate and prevent abuse, fraud, or violations of our Terms
- To improve the Service through aggregate analysis of usage patterns
We do not sell your personal information to third parties. We do not use your assignment content, prompts, or solutions to train any AI model.
3. Third parties who receive your information
We rely on the following sub-processors. Each receives only the information needed for the function they perform.
| Provider | Purpose | Data shared |
|---|---|---|
| Clerk | Authentication | Email, name, sign-in metadata |
| Render | Hosting (web + database) | All data we store |
| Stripe | Payment processing | Email, amount paid |
| GitHub | Repository creation | The assignment content you choose to deploy |
| E2B | Code execution sandboxes | The starter code, solution code, and tests during validation only (transient — sandboxes are destroyed after each run) |
| AI providers (Anthropic, OpenAI, Google, Mistral, Groq, DeepSeek) | AI inference for generation | The prompts derived from your inputs (topic, objectives, etc.) |
| Inngest | Background job orchestration | Job metadata (no user-content beyond identifiers) |
| Sentry | Error tracking | Technical error metadata, anonymized user identifier |
| PostHog | Product analytics | Anonymized usage events |
| BetterStack | Uptime monitoring | None (only pings our public health endpoint) |
| Featurebase | User feedback | Email, name, feedback content you submit |
| Cloudflare | DNS and CDN | Standard request metadata (IP address, user agent) |
| Infisical | Secrets management (internal — does not receive your data) | None |
4. How long we keep your information
- Account information: until you delete your account
- Assignment content: until you delete it or your account
- BYOK API keys: until you delete them or your account
- Payment records: 7 years (required for tax/accounting)
- Analytics events: 2 years from the event date
- Error reports: 90 days
- Sign-in metadata: 1 year (per Clerk’s defaults)
5. Your rights
Depending on your jurisdiction, you may have the following rights with respect to your personal information:
- Access: request a copy of the information we hold about you
- Correction: ask us to correct inaccurate information
- Deletion: ask us to delete your information (we will retain only what we are legally required to keep, such as transaction records)
- Portability: receive a copy of your assignment content in a machine-readable format (the in-app Download ZIP feature provides this)
- Objection: object to processing for analytics or marketing purposes
- Withdraw consent: where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact us at privacy@codeteach.ai. We will respond within 30 days.
6. Children’s privacy
CodeTeach.ai is intended for instructors aged 13 and over. We do not knowingly collect personal information directly from anyone under 13.
FERPA: when you (an instructor) deploy assignments via CodeTeach for use with students, the student work itself stays on GitHub Classroom — we do not receive student personal information, student submissions, or grades. If your institution requires a Data Processing Agreement, contact us at privacy@codeteach.ai.
7. Security
We use industry-standard security practices:
- HTTPS for all traffic
- AES-256-GCM encryption for BYOK API keys at rest
- Database encryption at rest (provided by Render Postgres)
- Strict access controls on production secrets (managed via Infisical)
- Regular dependency security scanning
No system is perfectly secure. If we become aware of a security incident affecting your information, we will notify you within the timelines required by applicable law.
8. International data transfers
Our services and most of our sub-processors are located in the United States. If you access CodeTeach from outside the US, your information will be transferred to and processed in the US. We rely on Standard Contractual Clauses for transfers from the EU/UK where applicable.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date and, for material changes, notify registered users via email or an in-app notice.
10. Contact
Questions about this policy or about your information: