Privacy Policy

1. Who Controls Your Data

CodeLab Studio is provided by teddles.me. For direct accounts, demos, teacher-created classes and platform administration, teddles.me may act as the data controller. Where a school, trust or teacher provides CodeLab Studio to students, that school or organisation may also be a controller for student data, and teddles.me may process some data on its behalf.

Contact: contact@teddles.me.

2. Data We Collect

We may collect and process:

• Account details such as name, email address, Google account identifier, role and profile image if supplied by Google.
• Classroom details such as class names, invite codes, seat counts, membership, teacher email, student email and class status.
• Learning data such as tasks viewed, code submissions, program output, test results, marks, coins, hints used, AI feedback, completion status and progress records.
• Teacher content such as categories, tasks, rubrics, model answers, hints, definitions, past paper links and notes.
• Billing data such as Stripe customer ID, checkout session ID, subscription ID, class size, subscription status and payment status. We do not store full card numbers.
• Technical data such as session cookies, security logs, IP-derived request data, browser information, error information and server diagnostics.

3. Data We Ask You Not To Enter

Do not enter unnecessary personal data, safeguarding information, medical information, special category data, passwords, private family details or confidential school records into code, prompts, tasks, model answers, hints, comments or AI feedback fields.

4. Why We Use Data

We use personal data to:

• Provide accounts, sign-in, classes, invite codes and access controls.
• Run the programming IDE, tests, marking features, coins, hints and feedback.
• Help teachers create content and monitor student progress.
• Process subscriptions, billing status, renewals and cancellations through Stripe.
• Protect the service, prevent abuse, investigate errors and keep records.
• Improve the product and understand which features need support.
• Comply with legal, tax, accounting, security and data protection obligations.

5. Lawful Bases

Depending on the context, we rely on one or more lawful bases under UK data protection law: contract, legitimate interests, legal obligation, consent where required, and tasks carried out by a school or educational body where applicable. Schools are responsible for identifying and communicating their lawful basis for student use where they introduce CodeLab Studio to a class.

6. Children And Students

CodeLab Studio may be used by students under 18 through a school or teacher. Students should only use the service when authorised by their school, teacher, parent or guardian where required. We aim to minimise student data, avoid advertising profiling and keep classroom data tied to learning purposes.

If a school uses CodeLab Studio with children, the school should make appropriate privacy information available to students and parents or carers, and should consider whether any data protection impact assessment or age-appropriate design review is required.

7. AI Feedback

If AI feedback is enabled, task instructions, model answers, rubrics, code submissions and relevant context may be sent to an AI provider, currently Mistral AI, to generate feedback. AI feedback is not final assessment and should be reviewed by a teacher before being relied on.

Mistral AI may receive the minimum learning context needed to produce feedback, such as the task, rubric, model answer and submitted code. Users should not submit unnecessary personal data or sensitive information in code or feedback prompts.

8. Who We Share Data With

We may share or process data with service providers needed to operate CodeLab Studio, including:

• Vercel for hosting and serverless infrastructure.
• MongoDB Atlas for database storage.
• Google for sign-in.
• Stripe for checkout, subscriptions and billing.
• Mistral AI for optional AI feedback.
• CDN providers used to load browser libraries such as the editor or Python runtime.

These providers may process data under their own security, privacy and data processing terms. Where a provider is optional, such as Mistral AI feedback, data is only sent when that feature is configured and used.

We may also disclose data if required by law, to protect rights and security, to investigate misuse, or as part of a business transfer involving CodeLab Studio.

9. International Transfers

Some providers may process data outside the United Kingdom or European Economic Area. Where required, we rely on appropriate safeguards such as standard contractual clauses, adequacy regulations or provider data processing terms.

10. Cookies And Local Storage

CodeLab Studio uses a secure session cookie to keep users signed in. The app may also use browser storage for interface preferences such as login role. Google and Stripe may set their own cookies or process technical data when their services are used.

11. How Long We Keep Data

We keep data only for as long as reasonably needed for the purposes above. Class, task and progress data is usually kept while the class or account is active. Billing and accounting records may be kept for longer where required by law. Security logs and diagnostic data are kept for a limited period unless needed to investigate an issue.

12. Security

We use technical and organisational measures intended to protect personal data, including signed HTTP-only sessions, role-based access controls, same-origin request checks and server-side ownership checks. No online service can be guaranteed completely secure.

13. Your Rights

Depending on the situation and lawful basis, you may have rights to access, correct, delete, restrict, object to processing, request portability, withdraw consent and complain to a regulator. For student accounts managed by a school, requests may need to go through the school first.

Teachers can export JSON data for their own account or students in their classes from the Data export section in CodeLab Studio. This is intended to help with access and portability requests, but schools remain responsible for handling formal requests they receive.

You can contact us at contact@teddles.me. You can also contact the UK Information Commissioner's Office at ico.org.uk.

14. Changes To This Policy

We may update this Privacy Policy as CodeLab Studio develops, when providers change, or when legal requirements change. The latest version will be posted on this page with the updated date.