Coding Stars: Cookies Policy

At Coding Stars, we believe in transparent and ethical use of cookies to enhance your educational experience while prioritising privacy and safeguarding data, especially for our young learners. Below is our comprehensive and detailed approach to cookie usage and management, designed to give you clarity and control.

Essential Cookies (Strictly Necessary)

• Purpose: These cookies are fundamental and critical for the basic functionality, operational integrity, and inherent security of the Coding Stars platform. They are the backbone of your online experience, enabling core features that are indispensable for navigating and utilising our services.
• Examples & Functions:
• Authentication Cookies: These are vital for maintaining secure login sessions, diligently preventing unauthorised access to student accounts, and ensuring that once you’re logged in, your session remains secure and personalised.
• Load-Balancing Cookies: These strategically distribute server traffic evenly across our infrastructure to ensure consistent, smooth performance and responsiveness, even during peak usage times when many students are online simultaneously.
• Security Cookies: Actively detect and proactively prevent potential threats such as brute-force login attempts, unauthorised access, or other malicious activities, contributing significantly to the overall integrity and safety of the platform.
• Transaction Cookies: These are used to securely remember crucial steps in processes like course enrollment status, ensuring seamless transitions through payment verification steps, and confirming successful course registrations.
• Data Collected: Primarily consists of encrypted session IDs, which are temporary identifiers for your active session, and anonymised IP addresses used specifically for fraud prevention and geographical load balancing, not for individual tracking.
• User Control: These essential cookies cannot be disabled without fundamentally breaking core platform features and compromising your ability to use our services. However, we rigorously minimise data retention for these cookies, limiting their lifespan strictly to active session periods only, ensuring no unnecessary lingering data.

Performance & Analytics Cookies

• Purpose: The primary goal of these cookies is to meticulously collect aggregated, anonymous usage data to help us understand how users interact with our platform. This invaluable insight allows us to continuously improve platform quality, optimise learning pathways, and enhance the overall user experience.
• Implementation Details:
• Google Analytics 4 (GA4): Our GA4 implementation is carefully configured with stringent privacy safeguards, including IP anonymisation (where the last octet of the IP address is removed for added privacy), a strict policy of no cross-site tracking, and a firm 14-month automatic data deletion policy to minimise long-term data retention.
• Custom Learning Analytics: Beyond general site usage, we employ custom analytics to anonymously track key educational metrics such as the average time spent per coding exercise, lesson completion rates for various modules, and UI interaction heatmaps (which show aggregated areas of user engagement, not individual screen recordings). This helps us refine our pedagogical approach.
• Data Safeguards: All data collected through these cookies is rigorously pseudonymised before any analysis is conducted. It is never linked back to personal student profiles, and instructors or schools receive only class-level aggregates or anonymised trend reports, ensuring individual privacy is maintained.
• Opt-Out Options: Users have clear and accessible options to manage these cookies. You can easily toggle their activation in your account settings under “Privacy Preferences” or utilise global opt-out mechanisms via browser extensions like Ghostery or similar privacy tools.

Preference Cookies (Convenience Features)

• Purpose: These cookies are designed purely for user convenience, allowing the platform to remember your individual settings and preferences. This eliminates the need for repetitive configuration, providing a more personalised and seamless experience each time you visit.
• Common Use Cases: This includes remembering your display preferences (such as dark mode/light mode, preferred font size), automatically selecting your chosen language, recalling course bookmarks for quick access, and storing accessibility settings (like high-contrast mode or screen reader compatibility) to ensure an inclusive experience.
• Storage Duration: Data stored by preference cookies is typically retained for a period of 6 months of inactivity, after which it is subject to automatic deletion. This data is primarily stored in your local browser storage (client-side), rather than on our server-side databases, further enhancing privacy.

Third-Party Cookies (Limited & Monitored)

• Purpose: We sparingly use highly controlled third-party cookies solely to enable the integration of supplemental educational content and tools from trusted and vetted providers, enriching the learning environment without compromising privacy.
• Controlled Integrations:
• YouTube: When embedding educational videos, we rigorously enable “Privacy-Enhanced Mode” (also known as “https://www.google.com/search?q=youtube-nocookie.com”) to minimise data collection by YouTube itself, ensuring no suggested videos or targeted ads are displayed.
• GitHub: Code repository embeds are implemented using highly secure, sandboxed iframes, providing read-only access to code snippets without granting GitHub broader access to your browsing activity on our site.
• Scratch: When incorporating interactive Scratch projects, these are presented using isolated browser sessions, ensuring that activities within the embedded Scratch environment do not interfere with or track your main platform session.
• Parental Controls: Crucially, all third-party content is blocked by default for accounts registered for users under 13 years of age. Furthermore, teachers must explicitly activate these integrations on a per-classroom basis via a secure school admin portal, providing an additional layer of control for educators.

Child-Specific Protections Given that a significant portion of our user base comprises individuals under 18, we implement stringent, enhanced safeguards to protect children’s data. We:

• Rigorously avoid the deployment of any unnecessary cookies for children, adhering to a “data minimisation” principle.
• Strictly prohibit personalised advertising or behavioural profiling targeting children.
• Utilise cookies exclusively to support a safe, effective, and enriching learning experience, never for marketing or tracking.
• Obtain verifiable parental consent where legally required (e.g., under COPPA in the US and specific GDPR-K articles in the EU/UK) before deploying non-essential cookies. We actively encourage parents and legal guardians to monitor and guide their child’s use of online tools, including discussions about cookie preferences, to foster digital literacy.

Policy Governance

• Review Cycle: Our Cookies Policy undergoes thorough bi-annual audits to ensure continued relevance and compliance. Additionally, trigger-based updates are promptly implemented in response to significant events, such as the introduction of new data protection regulations or the integration of new technologies.
• Change Communication: For any material changes to this policy, we provide a minimum of 30-day advance notice. This is communicated through layered alerts, including prominent in-app notifications, direct email communications to registered users, and dedicated bulletins for educators and school partners.
• Compliance Framework: Our entire cookie management system is meticulously mapped to and adheres to the stringent guidelines of the UK ICO Children’s Code and the robust age verification protocols outlined in Article 8 of the EU GDPR, demonstrating our commitment to international best practices.

Contact & Accountability For any questions, concerns, or requests regarding our use of cookies or our broader data protection practices, please do not hesitate to contact our dedicated Data Protection Team. We are here to assist you:

• Email: info@codingstars.co.uk

Independent Oversight: To further demonstrate our commitment to transparency and accountability, we undergo annual independent audits by [Name of Privacy Certification Body – e.g., ePrivacyseal, TRUSTe, ISO 27001 Auditor] and regularly publish public transparency reports on a quarterly basis, detailing our data practices and compliance efforts.

By maintaining this rigorous, multi-layered approach to cookie management, Coding Stars delivers not only cutting-edge educational technology but also industry-leading privacy protections for all our users. We continuously welcome and value feedback from our community to help us continually refine and improve these practices.