1. Overview
Coasted Code Academy (“we”, “us”, “our”) is committed to protecting the privacy of children and families who use our platform. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data.
We operate in accordance with the Data Protection Act, 2012 (Act 843) of Ghana and, where applicable, the principles of the EU General Data Protection Regulation (GDPR).
By accessing our website or enrolling in our programmes, you confirm that you have read and understood this Privacy Policy. If you are enrolling a child, you are doing so as their parent or legal guardian and you consent to the processing of their data as described here.
We do not sell, rent, or trade personal data to any third party for marketing purposes — ever.
2. Data We Collect
We collect the following categories of personal information:
2.1 Account & Enrolment Data
- Parent / guardian full name, email address, and phone number
- Student's first name and date of birth (to assign the correct age track)
- School name (optional, for school-partnership accounts)
- Billing address and payment reference (we do not store card details)
2.2 Platform Usage Data
- Pages visited, time spent, and features used on our website and student portal
- Assignment submissions, quiz scores, and project files uploaded by students
- Session attendance records and screen-time data
- Device type, operating system, browser version, and IP address
2.3 Communications Data
If you contact us by email, WhatsApp, or through our contact form, we retain a record of that correspondence to help us respond effectively and maintain service history.
2.4 Data We Do Not Collect
Payment card details
Processed entirely by Paystack. We never see or store card numbers.
Student photos / videos
We do not collect images of students unless shared voluntarily by a guardian.
Sensitive personal data
We do not collect data relating to health, ethnicity, religion, or political views.
Location tracking
We do not track users' real-time location.
3. How We Use Your Data
We process personal data for the following lawful purposes:
Service Delivery
To create and manage accounts, grant access to the student portal, schedule and deliver classes, track learning progress, and issue certificates.
Communications
To send enrolment confirmations, class reminders, progress reports, and important updates about your account or our programmes. You can manage communication preferences in your account settings.
Payment Processing
To process fees via Paystack and maintain billing records for legal and accounting purposes.
Safety & Safeguarding
To monitor platform activity, enforce our Code of Conduct, and ensure the safety of all students. Session recordings (where applicable) are retained for a limited period and accessible only to enrolled students and their guardians.
Platform Improvement
To analyse aggregated, anonymised usage data to understand how our platform is used and to improve content, features, and the user experience.
Legal Compliance
To comply with applicable Ghanaian law, respond to lawful requests from authorities, and enforce our Terms & Conditions.
4. Children's Privacy
Protecting the privacy of children is our highest priority. All student accounts are created and managed by a parent or legal guardian. Students (under 18) cannot create accounts independently.
4.1 Minimum Age
Our programmes are for children aged 6 to 17. If we discover that data has been provided by a child without verifiable parental consent, we will delete it promptly.
4.2 What Students Can See
Students access the portal using credentials created by their parent/guardian. The student portal displays only the student's own assignments, progress, and class materials. Students cannot view other students' personal information.
4.3 What Instructors Can See
Instructors can view a student's first name, age group, assignment submissions, attendance, and quiz scores for the class they are teaching. They cannot access billing information or the parent/guardian's personal contact details.
4.4 Class Sessions
Where live classes are recorded (for student replay), recordings are stored securely and accessible only to the enrolled student and their parent/guardian for a maximum of 30 days after the session. Recordings are not shared with third parties.
We strongly recommend that parents supervise their child's online class sessions and review the Guardian Portal regularly to monitor activity and screen-time limits.
7. Data Storage & Security
7.1 Where Data is Stored
Personal data is stored on Supabase infrastructure (hosted on AWS in the EU / US depending on configuration) and served via Vercel (global CDN). Both providers maintain SOC 2-compliant security practices.
7.2 Security Measures
Encryption in Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
Encryption at Rest
Database contents are encrypted at rest using AES-256 by our infrastructure provider.
Access Controls
Staff access to personal data is role-based and restricted to the minimum necessary for job functions.
Authentication
Account access is protected by Supabase Auth. We support strong password requirements and session expiry.
7.3 Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will notify you by email within 72 hours of becoming aware of the breach, as required under applicable data protection law.
8. Data Retention
We retain personal data only for as long as necessary for the purposes set out in this policy.
| Data Type | Retention Period |
|---|---|
| Active account data | Duration of active enrolment + 12 months |
| Payment & billing records | 7 years (Ghanaian tax compliance) |
| Session recordings | 30 days after the session |
| Support / contact messages | 3 years from last contact |
| Analytics data (aggregated) | 26 months (Google Analytics default) |
| Deleted account data | Purged within 30 days of deletion request |
9. Your Rights
Under the Ghana Data Protection Act and applicable privacy law, you have the following rights regarding the personal data we hold about you and your child:
Right of Access
Request a copy of the personal data we hold about you or your child. We will provide this within 14 days.
Right to Correction
Ask us to correct inaccurate or incomplete data. Updates are usually made within 5 business days.
Right to Deletion
Request deletion of your data ("right to be forgotten"), subject to our legal retention obligations.
Right to Portability
Request a machine-readable export of your data (CSV / JSON) to transfer to another service.
Right to Object
Object to processing of your data for analytics or marketing purposes at any time.
Right to Restrict
Ask us to temporarily restrict processing while a correction request or objection is resolved.
9.1 How to Exercise Your Rights
Email info@coastedcode.com with the subject line “Data Request” and specify what you are requesting. We will acknowledge your request within 5 business days and fulfil it within 14 days (or notify you if additional time is required under applicable law).
We may need to verify your identity before acting on a request. This is to protect you and your child.
10. Third-Party Services
We use the following third-party services to operate our platform. Each is subject to its own privacy policy and data processing agreement with us:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication, storage | Account & usage data |
| Vercel | Web hosting & CDN | IP address, request logs |
| Paystack | Payment processing | Name, email, payment amount |
| Google Analytics | Website analytics | Anonymised usage data |
| PostHog | Product analytics | Anonymised usage data |
| Microsoft Clarity | Session replay (anonymised) | Anonymised interaction data |
| Google Meet / Zoom | Live class delivery (optional) | None stored by us |
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Send an email notification to all registered parents and guardians at least 14 days before changes take effect
- Display a prominent notice on our website
Continued use of our services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with any changes, you may close your account by contacting us.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the personal data we hold, please contact us:
We aim to respond to all privacy-related enquiries within 5 business days. For data deletion or access requests, please include “Data Request” in your subject line.
You also have the right to lodge a complaint with the Data Protection Commission of Ghana if you believe we have not handled your data in accordance with applicable law.
Your privacy is important to us
We are committed to being transparent about how we handle your family's data. If anything in this policy is unclear, please reach out — we're happy to explain.