CodeTeach.ai is shifting to private GitHub template repos. New generation, validation, deployment, and purchases are temporarily paused while we finish the post-GitHub Classroom workflow with GitHub Actions autograding. Read GitHub's announcement.

CodeTeach.aiCodeTeach.ai

Security

How we protect your account, your AI provider keys, your GitHub access, and your assignment content.

Encryption in transit

All traffic between your browser and CodeTeach.ai is encrypted with TLS 1.2+. SSL certificates are managed by Render and issued by Google Trust Services. HTTPS is enforced via HSTS with includeSubDomains and a preload-eligible policy.

Encryption at rest

Your stored AI provider API keys and GitHub OAuth tokens are encrypted with AES-256-GCM before being written to the database. The encryption key lives only in our secrets manager (Infisical), never in source code or logs. Database storage on Render is also encrypted at rest at the disk level.

Authentication

Sign-in is handled by Clerk with support for Google, GitHub, magic-link, and password flows. We don't see or store passwords. JWT session tokens are validated on every request and rotated automatically by Clerk.

Logging and monitoring

Application errors are captured by Sentry (with form contents and request bodies redacted to avoid leaking secrets). Uptime is monitored by BetterStack. We deliberately exclude API keys, AI prompts, and generated assignment content from logs.

Incident response

Per our Breach Notification Policy, confirmed security incidents are disclosed to affected users within 72 hours. Post-mortems are shared through direct incident communications and, when appropriate, a public incident notice within 30 days.

Compliance and certifications

SOC 2 / ISO 27001

We are not currently SOC 2 or ISO 27001 certified. We are happy to share our internal security controls with prospective enterprise customers under NDA — contact admin@codeteach.ai.

GDPR / UK GDPR

Our Privacy Policy describes the lawful bases on which we process personal data and the rights available to EU/UK data subjects. We rely on Standard Contractual Clauses for international transfers from the EU/UK to the United States.

FERPA

CodeTeach.ai is a tool for instructors and does not collect or store student data. See our FERPA Statement for the full explanation.

CCPA / CPRA

California residents may exercise rights to access, delete, or opt out of the sale of personal information by emailing admin@codeteach.ai. We do not sell personal information.

Reporting a vulnerability

If you’ve discovered a security issue affecting CodeTeach.ai, please email admin@codeteach.ai with the details. We acknowledge within 1 business day and provide a remediation timeline within 5 business days. We don’t currently run a bug bounty program, but with your permission we will publicly credit responsible disclosures here.