We use cookies to enhance your experience

We use essential cookies to make our site work. We'd also like to set optional analytics and functional cookies to help us improve our services and remember your preferences.

Learn more about our cookie policy

Codecamy Security Policy

Last updated: 10/5/2025

Our Commitment

At Codecamy, the security and integrity of your code, data, and intellectual property are our top priorities. We design and operate our systems to safeguard confidentiality, integrity, and availability across the entire platform lifecycle.

Data Protection & Encryption

  • Encryption in transit via TLS 1.2+ for all connections.
  • Encryption at rest for databases and object storage provided by our cloud vendor.
  • Secrets management with restricted access and rotation practices.

Access Control

  • Role-based access and least-privilege principles for internal staff.
  • Multi-factor authentication on administrative systems where applicable.
  • Audit logging for sensitive administrative actions.

Application Security

  • Secure development lifecycle practices and code reviews.
  • Dependency management with routine updates and vulnerability scanning.
  • Protection against common web exploits (e.g., XSS, CSRF) through frameworks and validation.

Infrastructure & Monitoring

  • Hosted on reputable cloud providers with strong physical and network security.
  • Automated monitoring, alerting, and rate limiting to deter abuse.
  • Backups and disaster recovery procedures to ensure service continuity.

Vulnerability Management

  • Regular patching and remediation based on severity.
  • Assessment and tracking of vulnerabilities with prompt fixes.

Incident Response

We maintain an incident response program to rapidly triage, contain, and remediate security events. If a breach impacting your data occurs, we will notify affected users in accordance with applicable laws.

Responsible Disclosure

We welcome reports of potential vulnerabilities. Please contact us at support@codecamy.dev with a description and steps to reproduce. We request that you avoid publicly disclosing issues until we have addressed them.

Data Retention & Deletion

We retain data for as long as necessary to provide the service and comply with legal obligations. Upon account closure or by request, we delete or anonymize personal data in accordance with our retention schedules, except where retention is required by law.

Third-Party Vendors

We carefully evaluate subprocessors for security practices. Where vendors are used (e.g., hosting, analytics, payments), we maintain appropriate data processing agreements and limit access to the minimum necessary.

Contact

Questions about this policy? Contact us at support@codecamy.dev.