Start Free

Privacy Policy

Last Updated: February 13, 2026

Code Forge Academy (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at https://thecodeforgeacademy.org or use our services (collectively, the “Services”).

By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described here, please do not use our Services.

1. Data Controller

Code Forge Academy is the data controller responsible for your personal data collected through our Services. For any questions or concerns about how we handle your data, please contact us:

Email: support@codeforgeacademy.com
Website: https://thecodeforgeacademy.org

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when you use our Services, including:

  • Account Information: Name, email address, username, and password when you create an account
  • Purchase Information: Billing address, shipping address (if applicable), and contact details when you make a purchase
  • Payment Information: Credit card type, last four digits, and expiration date (full payment card details are collected and processed directly by Stripe and are never stored on our servers)
  • Communication Data: Information you provide when you contact our support team, participate in community features, or respond to surveys
  • Course Activity Data: Code submissions, quiz responses, project files, and progress information generated through your use of our learning paths

2.2 Information Collected Automatically

When you access our Services, we and our third-party service providers automatically collect certain information, including:

  • Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution
  • Usage Data: Pages visited, links clicked, time spent on pages, referring URL, and browsing patterns
  • Location Data: Approximate geographic location derived from your IP address
  • Order Attribution Data: Session information, UTM parameters, referrer data, and user agent strings to understand how customers discover our Services

2.3 Information from Third Parties

We may receive information about you from third-party services, including:

  • Payment Processor (Stripe): Transaction confirmations, payment status, and fraud risk assessments
  • Analytics Providers: Aggregated website usage and performance data

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve our learning paths, courses, and platform features
  • Order Fulfillment: To process your purchases, grant access to course materials, and issue certificates of completion
  • Payment Processing: To facilitate secure payment transactions through our payment processor, Stripe
  • Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance
  • Personalization: To deliver AI-powered personalized hints, code reviews, and learning recommendations tailored to your progress
  • Communication: To send you transactional emails (order confirmations, access credentials, course updates) and, with your consent, promotional communications
  • Security and Fraud Prevention: To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities
  • Analytics: To analyze usage patterns, measure the effectiveness of our Services, and make data-driven improvements
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following grounds:

  • Contractual Necessity: Processing required to fulfill our agreement with you (e.g., providing course access after purchase, processing payments, issuing refunds)
  • Legal Obligation: Processing required to comply with applicable laws (e.g., tax record-keeping, anti-money laundering regulations, responding to lawful government requests)
  • Legitimate Interests: Processing necessary for our legitimate business interests, provided these interests do not override your fundamental rights (e.g., fraud prevention, platform security, service improvement, analytics)
  • Consent: Processing based on your explicit consent (e.g., marketing emails, non-essential cookies). You may withdraw your consent at any time by contacting us or using the unsubscribe mechanism in our emails

5. Payment Processing and Stripe

We use Stripe, Inc. as our payment processor. When you make a purchase, your payment information is transmitted directly to Stripe using industry-standard encryption. We do not store your full credit card number, CVV, or other sensitive payment details on our servers.

Important Stripe Disclosure: We use Stripe for payments, analytics, and other business services. Stripe may collect personal data including via cookies and similar technologies. The personal data Stripe collects may include transactional data and identifying information about devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection and prevention, authentication, analytics related to the performance of its services, and to enhance and customize the user experience. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy.

Stripe acts as a data processor on our behalf for payment transactions and as an independent data controller for its own fraud prevention, compliance, and service improvement purposes. For more information on how Stripe handles your data, please refer to the Stripe Privacy Center.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our Services. The types of cookies we use include:

  • Essential Cookies: Required for the basic operation of our website, including session management, shopping cart functionality, and security features. These cookies cannot be disabled.
  • Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and login information.
  • Analytics Cookies: Help us understand how visitors interact with our website by collecting information about pages visited, time on site, and navigation patterns. This data is used to improve our Services.
  • Payment Cookies: Set by Stripe to facilitate secure payment processing, fraud detection, and authentication.
  • Performance Cookies: Used by our caching system (LiteSpeed Cache) to improve website loading speed and performance.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our Services.

7. Third-Party Data Sharing

We do not sell your personal data. We may share your information with the following categories of third parties only as necessary to provide and improve our Services:

  • Payment Processors: Stripe, Inc. — to process payments, prevent fraud, and comply with financial regulations
  • Card Networks: Visa, Mastercard, and American Express — transaction data is shared as required by card network rules for payment processing and dispute resolution
  • Hosting and Infrastructure Providers: To host our website and store data securely
  • Analytics Providers: To help us understand website usage and improve our Services
  • Communication Providers: To send transactional and (with your consent) marketing emails
  • Legal and Regulatory Authorities: When required by law, regulation, legal process, or government request
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside your own, including the United States, where our payment processor Stripe and other service providers operate. These countries may have data protection laws that differ from the laws of your jurisdiction.

When we transfer personal data internationally, we implement appropriate safeguards to protect your data, including:

  • EU-US Data Privacy Framework: Stripe is certified under the EU-US Data Privacy Framework
  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses where required
  • Contractual Protections: We enter into data processing agreements with all third-party processors that require them to protect your data to standards at least as protective as those described in this Privacy Policy

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

  • Account Data: Retained for as long as your account is active and for a reasonable period after account closure to handle any follow-up inquiries
  • Transaction Records: Retained for a minimum of 7 years to comply with tax and financial reporting obligations
  • Course Progress Data: Retained for as long as your account is active to support your lifetime access
  • Communication Records: Support correspondence is retained for up to 3 years
  • Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely

Stripe independently retains personal data for five or more years from the end of the business relationship for its own compliance purposes. See Stripe’s Privacy Policy for details.

10. Your Rights

10.1 Rights Under GDPR (EEA and UK Residents)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the General Data Protection Regulation:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data (“right to be forgotten”), subject to legal retention requirements
  • Right to Restrict Processing: Request that we limit how we use your data in certain circumstances
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format
  • Right to Object: Object to processing based on legitimate interests, including direct marketing
  • Right Regarding Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects on you

You also have the right to lodge a complaint with your local data protection supervisory authority.

10.2 Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete: Request deletion of your personal information, subject to legal exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information. If this changes, we will provide a “Do Not Sell or Share My Personal Information” link
  • Right to Non-Discrimination: You will not be discriminated against for exercising any of your privacy rights

10.3 Exercising Your Rights

To exercise any of the above rights, please contact us at support@codeforgeacademy.com. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

For data collected and processed by Stripe, you may also exercise your rights directly with Stripe through the Stripe Privacy Center.

11. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards to protect your personal data, including:

  • Encryption: Our website uses HTTPS with TLS encryption to protect data in transit
  • PCI DSS Compliance: Payment processing complies with Payment Card Industry Data Security Standards. Stripe is PCI DSS Level 1 certified — the highest level of certification
  • Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis
  • Secure Infrastructure: Our hosting environment employs firewalls, intrusion detection, and regular security monitoring

While we take reasonable measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

12. Children’s Privacy

Our Services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@codeforgeacademy.com, and we will take steps to delete such information.

13. Third-Party Links

Our Services may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date at the top of this page and, where required by law, notify you by email or through a prominent notice on our website. Your continued use of our Services after any changes take effect constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@codeforgeacademy.com
Website: https://thecodeforgeacademy.org

For privacy inquiries related to payment data processed by Stripe, you may also visit the Stripe Privacy Center.

Last Updated: February 13, 2026