Privacy Policy

Code Review Academy is a trading name of Code Cognito Ltd, a company registered in England and Wales (registered address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ). In this policy "we", "us", or "our" refers to Code Cognito Ltd, operating the service at codereview.academy and app.codereview.academy. This policy explains what data we collect, how we use it, and your rights.

1. Information we collect

Account data

When you sign up with email and password, we store your name, email address, and a bcrypt-hashed password. When you sign up via GitHub or Google OAuth, we receive your name, email address, and profile avatar from that provider — we never see your OAuth provider password.

Usage data

We record which pull requests you review, the comments you submit, your track enrolments, and completion progress. This data is used solely to power your learning experience (recommendations, progress tracking, streaks).

Technical logs

Our servers log standard HTTP request metadata (IP address, browser user-agent, timestamp, response status). Logs are retained for 30 days and used only for debugging and security monitoring.

Cookies

We use a single session cookie to keep you signed in. We do not use advertising or third-party tracking cookies.

2. How we use your data

• To authenticate you and keep your account secure.
• To personalise your learning plan and track your progress.
• To send transactional emails (e.g. password reset). We do not send marketing emails unless you opt in.
• To improve the product — aggregated, anonymised usage patterns only.

3. Data sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. We use the following sub-processors to operate the service:

• Amazon Web Services (AWS) — cloud infrastructure and database hosting (us-east-1 region).
• Anthropic — AI-powered feedback on your reviews. Only the PR diff and your submitted comments are sent; no account identifiers are included.
• GitHub / Google — OAuth authentication only, if you choose that sign-in method.

4. Data retention

Your account data is retained for as long as your account is active. You may request deletion at any time (see section 6). Anonymised aggregate statistics may be retained indefinitely.

5. Security

Passwords are hashed with bcrypt. All data is transmitted over TLS. Access to the production database is restricted to our application servers via VPC security groups — there is no public database endpoint.

6. Your rights

You have the right to access, correct, export, or delete your personal data. To exercise any of these rights, email us at contact@codereviewacademy.com. We will respond within 30 days.

7. Children

Code Review Academy is not directed at children under 16. We do not knowingly collect data from anyone under 16.

8. Changes to this policy

We may update this policy from time to time. Material changes will be announced via email or an in-app notice. The "Last updated" date at the top of this page always reflects the current version.

9. Contact

Questions about this policy? Email contact@codereviewacademy.com or write to:

Code Cognito Ltd
71-75 Shelton Street
Covent Garden
London, WC2H 9JQ
United Kingdom