Privacy Policy

This Privacy Policy describes how Lakeside Labs LLC ("Company", "we", "us", or "our") collects, uses, and shares information when you use CourseCode Cloud ("Service") at coursecodecloud.com. By using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account via OAuth (GitHub, Microsoft, or Google), we receive and store:

• Your name and email address
• Your profile picture (avatar URL)
• Your OAuth provider identifier

We do not store your OAuth provider password.

1.2 Course Content

You upload course files (CourseCode builds, SCORM packages, PowerPoint files) to the Service. These are stored on our hosting infrastructure and served to your designated Clients and Learners. We do not access, review, or analyze the substance of your course content.

1.3 Operational Data

The Service automatically collects the following data to provide its core functionality:

• Launch records: When a Learner accesses a course — adapter type, timestamp, anonymized user identifier, IP address, and user agent.
• Learning data events: Scores, completion status, objectives, and interactions reported by courses via the data reporting utility.
• Runtime errors: Error messages, stack traces, browser info, and page URLs reported by courses for debugging purposes.
• License check pings: IP address and user agent from soft-locked course verification requests.

1.4 Analytics

We use Vercel Analytics and Vercel Speed Insights on the dashboard and marketing pages. These collect anonymized, aggregated performance metrics (page load times, web vitals). They do not use cookies and do not track individual users across sites. For details, see Vercel's Analytics Privacy Policy.

1.5 Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card number or full payment details. We receive and store only your Stripe customer ID and subscription status to manage your account tier.

2. How We Use Your Information

• To provide, operate, and maintain the Service
• To process your subscription and manage billing
• To display launch history, learning data, and error reports in your dashboard
• To enforce licensing rules (expiry, seat limits, access control)
• To send transactional emails (license alerts, error notifications, deploy confirmations)
• To respond to your support requests
• To detect and prevent abuse, fraud, and security incidents
• To improve the Service based on aggregated, anonymized usage patterns

We do not sell your personal information. We do not use your data for advertising or marketing profiling.

3. Data Sharing and Subprocessors

We share data only as necessary to operate the Service, with the following categories of recipients:

We may also disclose information if required by law, legal process, or to protect the rights, property, or safety of Lakeside Labs LLC, our users, or others.

4. Cookies

The Service uses minimal cookies, strictly necessary for operation:

• Authentication session cookies: Set by Supabase Auth to maintain your login session. These are essential and cannot be disabled.
• Preview unlock cookies: HttpOnly cookies set when a password-protected preview is unlocked. These expire after 1 hour.

We do not use advertising cookies, tracking cookies, or third-party marketing cookies. Vercel Analytics and Speed Insights operate without cookies.

5. Data Retention

• Account data: Retained while your account is active, deleted within 30 days of account closure.
• Course content: Retained while your account is active. Preview builds expire after 7 days. Upon account closure, content is available for download for 30 days, then permanently deleted.
• Launch records and learning data: Retained for the duration of your account. Deleted within 30 days of account closure.
• Error reports: Retained for 90 days, then automatically purged.
• Payment records: Retained as required by tax and accounting regulations (typically 7 years).

6. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption in transit (TLS/HTTPS for all connections)
• Encryption at rest for database storage
• Row Level Security (RLS) policies ensuring users can only access their own data
• OAuth-based authentication (no passwords stored by our system)
• Scoped API tokens with revocation capability
• Webhook signature verification for all inbound integrations

While we take reasonable measures to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. International Data Transfers

Your information may be processed and stored in the United States and other countries where our subprocessors operate. By using the Service, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection standards. We ensure appropriate safeguards are in place with our subprocessors through standard contractual clauses and equivalent mechanisms.

8. Children's Privacy

Developer accounts on the Service are intended for individuals who are at least 18 years old. We do not knowingly collect personal information directly from children under 13.

However, courses hosted on the Service may be accessed by Learners of all ages, including children. Developers are solely responsible for ensuring that their courses comply with applicable children's privacy laws, including the Children's Online Privacy Protection Act (COPPA) in the United States and similar laws in other jurisdictions. CourseCode Cloud provides hosting infrastructure; the Developer is the data controller for learner-facing content and interactions.

If we become aware that we have inadvertently collected personal information from a child under 13 without appropriate consent, we will take steps to delete that information promptly. Please contact us at admin@coursecodecloud.com if you believe this has occurred.

9. Your Rights

9.1 General Rights

Regardless of your location, you have the right to:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information (subject to legal retention requirements).
• Data portability: Request your data in a structured, machine-readable format.

9.2 European Economic Area (GDPR)

If you are located in the EEA, you also have the right to object to or restrict processing of your personal information, and the right to lodge a complaint with your local data protection authority. Our lawful basis for processing is contract performance (providing the Service you signed up for) and legitimate interest (security, fraud prevention, service improvement).

9.3 California (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including the right to know what personal information we collect, the right to delete your personal information, and the right to opt-out of the "sale" or "sharing" of your personal information.

We do not sell or share your personal information as defined under the CCPA/CPRA.

9.4 Exercising Your Rights

To exercise any of these rights, contact us at admin@coursecodecloud.com. We will respond to verified requests within 30 days (or 45 days for CCPA requests, as permitted by law). We will not discriminate against you for exercising your rights.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Effective Date" above. For material changes affecting how we handle your personal information, we will also send notice via the email associated with your account at least 15 days before the changes take effect.

11. Contact

For privacy-related questions or to exercise your data rights, contact us at:

admin@coursecodecloud.com

Lakeside Labs LLC — Maine, USA