Last updated · May 8, 2026
Privacy Policy
How CodeFlow handles your data. We've kept this short because there isn't much to say — we don't run accounts, we don't sell data, and almost everything happens in your browser.
1 · Who we are
Anoint Tech (“we”, “us”, “our”) operates CodeFlow at https://codeflow.study (also reachable at https://polite-rock-0da920410.7.azurestaticapps.net). We are the data controller for any personal data this site processes.
Questions, rights requests, or complaints: anointtech@gmail.com
2 · What we collect
We collect as little as possible. There are no accounts, no forms, no first-party server logs beyond what our hosting provider needs to deliver pages.
The site stores six named keys in your browser's localStorage:
codeflow:progress:v1— which lessons you've marked complete and the last act you scrolled to. Drives the “you left off here” cue.codeflow:focus-mode— whether you toggled focus mode on. Boolean.codeflow:playground:v1— the source code you typed into the Playground (per language tab), so reloading doesn't lose your work.codeflow:library:disclosure-ack— whether you dismissed the affiliate disclosure on /library.codeflow:library:clicks:v1— a rolling tally of the last 200 outbound book-link clicks (book slug, store, timestamp) so we can see which recommendations are useful. Stored locally; not transmitted.codeflow:data-notice-ack— the version of this Privacy/Terms notice you last acknowledged via the “Got it” button on the site-wide banner. A small integer string. When the policy is updated materially, you'll see the banner again, marked “Updated”.
Each entry is created the first time the relevant feature is used. You can clear all of it at any time via your browser's site-data settings (“Clear browsing data”) or DevTools → Application → Local Storage.
Outbound link clicks on /library dispatch a custom event (codeflow:book:click) consumed by the local tally above. We do not transmit those events to a server in this version of the site.
3 · Why we collect it
- UX continuity — so your progress, source code, and focus-mode preference survive a page reload.
- Recommendation quality — the local click tally lets us see which book recommendations are actually useful, so we can curate CodeFlow's /library better over time.
That's the whole list. There is no advertising, no marketing email, no profile-building.
5 · Third-party services
Some pages load resources from third-party services. Each one has its own privacy policy:
- Vercel — hosting
- Serves every page. Sees your IP address and User-Agent (standard for any web request). Subject to the Vercel Privacy Policy.
- CodeSandbox / Sandpack — Playground
- Loads only when you open
/playand pick a JavaScript / HTML+CSS / React tab. Runs inside an iframe; CodeSandbox privacy policy. - Pyodide via jsDelivr — Python in browser
- Loaded only when you open the Python tab in
/play. jsDelivr is a CDN; subject to its privacy policy. - Open Library Covers — Library page
- Book-cover images on
/librarycome fromcovers.openlibrary.org. Subject to the Internet Archive privacy policy.
We do not use Google Analytics, Facebook Pixel, or any other behavioural-tracking script.
6 · International transfers
Our hosting provider Vercel runs in the United States. If you visit CodeFlow from the European Economic Area, the United Kingdom, or South Africa, your request is served from a US-based or geographically-nearest edge node. This is a cross-border transfer of personal data (your IP and User-Agent) under GDPR and POPIA.
We rely on the Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by Vercel's own technical and organisational measures, as the lawful transfer mechanism. POPIA s.72 is satisfied by the SCCs in combination with Vercel's binding contractual undertakings.
7 · How long we keep it
The five localStorage entries live in your browser, not on our servers, and persist until you clear them. We have no way to fetch them, change them, or delete them remotely — only you do.
Vercel retains transient request logs (IP, route, timing) for a short window for operational purposes. We do not access those logs for analytics.
8 · Your rights
The rights you have depend on where you are. Pick your jurisdiction:
If you are a resident of California or another US state with a comprehensive privacy law (Virginia, Colorado, Utah, Connecticut, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware), the CCPA/CPRA and the state laws modelled on it give you the following rights:
- Right to know what personal information we collect, why, and who we share it with — answered in §2 and §5 above.
- Right to delete — clear browser storage to delete what we hold about you, since that's where it lives.
- Right to correct — for the same reason, you edit the data directly in your browser.
- Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioural advertising. Nothing to opt out of.
- Right to limit use of sensitive PI — we do not collect sensitive PI as the laws define it.
- Right to non-discrimination — we do not discriminate against users who exercise any of these rights.
We honour the Global Privacy Control (GPC) browser signal automatically — though there's nothing for it to opt you out of, since we don't sell.
California also recognises a “Shine the Light” request (Cal. Civ. Code §1798.83). We do not share personal information with third parties for their direct marketing — request not applicable.
Email anointtech@gmail.com to exercise any of these rights. We aim to respond within 45 days; complex requests within 90 days, with notice.
If you are in the European Economic Area, the United Kingdom, or Switzerland, the GDPR (and equivalent UK and Swiss laws) gives you these rights:
- Right of access (Art. 15) — the data we hold is enumerated in §2.
- Right to rectification (Art. 16) — edit the data directly in your browser, or contact us.
- Right to erasure (Art. 17) — clear browser storage to delete what we hold.
- Right to restrict processing (Art. 18).
- Right to data portability (Art. 20) — your data is already in standard JSON form in
localStorage; copy it directly. - Right to object (Art. 21) to processing based on legitimate interest.
- Right not to be subject to automated decision-making (Art. 22) — we don't do any.
- Right to withdraw consent (Art. 7(3)) at any time, where we rely on consent.
Our lawful basis for processing the items in §2 is legitimate interest (Art. 6(1)(f)) — running an educational site that remembers your progress between visits. We don't process special-category data.
You have the right to lodge a complaint with your local supervisory authority. The list is at edpb.europa.eu/about-edpb/members. UK residents can complain to the ICO.
Email anointtech@gmail.com to exercise any of these rights. We'll respond within one month (extendable by two months for complex requests, with notice).
If you are a data subject in South Africa, the Protection of Personal Information Act (POPIA) gives you these rights:
- Right of access to the personal information we hold about you (s.23) — see §2.
- Right to correction or deletion (s.24) — clear or edit the data in your browser, or contact us.
- Right to object to processing on reasonable grounds (s.11(3)).
- Right not to have decisions based solely on automated processing (s.71) — we don't do any.
- Right to complain to the Information Regulator if your rights have been infringed.
Information Regulator of South Africa:
9 · Children
CodeFlow is not directed at children under 13. We don't knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us with information, contact anointtech@gmail.com and we will help.
10 · Security
Pages are served over HTTPS via Vercel's edge network. We don't store personal data on our servers, which simplifies security: there's nothing to breach. Browser localStorage is sandboxed to the CodeFlow origin; only the CodeFlow site can read its own keys.
11 · Changes to this policy
When we make material changes, we update the date at the top of this page. For non-material changes (typos, restructuring) we update quietly. Significant changes — new third-party services, new processing purposes, new categories of data — will be flagged in the DataNoticeBanner for at least 30 days.
12 · Contact
Questions or rights requests: anointtech@gmail.com
See also our Terms of Service.