Privacy Policy

1. Who We Are

CoderCoach is operated by Brookscroft Systems. This Privacy Policy describes how we collect, use, and protect your information when you use the CoderCoach platform ("the Service").

2. Information We Collect

• Account information: Your email address, collected when you sign in via magic link. We do not store passwords.
• Profile information: Your display name and selected coding standard region (e.g., Canada — ICD-10-CA / CCI).
• Activity data: Assessment attempts, scores, questions asked to the AI coding tutor, and coding assignment activity. This is used to track your learning progress.
• AI interaction logs: Questions you ask the CoderCoach AI, the AI answers generated, and the coding standard version in use at time of the query. These logs are used for quality assurance and audit purposes.

3. AI Processing

The AI coding tutor is powered by Anthropic Claude. Questions you submit to the AI are processed by Anthropic's API. Anthropic's data handling is governed by Anthropic's Privacy Policy. Semantic search uses OpenAI's embeddings API; see OpenAI's Privacy Policy.

Anthropic and OpenAI have committed that API inputs are not used to train their models by default. We do not actively share your data with these providers beyond what is required to generate responses.

Important: Do not include real patient names, health card numbers, or any personal health information in questions to the AI tutor. The platform is for educational use with fictional or de-identified cases only.

4. Licensed Standards Content

The platform retrieves content from licensed coding standard databases (ICD-10-CA, CCI, ICD-10-CM, ICD-10, ICD-11) to ground AI responses. Queries used for retrieval may be logged as part of audit trails. These queries do not leave the platform — they are matched against our own licensed content database, not forwarded to standards bodies (CIHI, WHO, etc.).

5. How We Use Your Information

• To authenticate you and provide access to the platform
• To personalise your coding standard environment (region, diagnosis/procedure standards)
• To track learning progress (assessment scores, assignment history)
• To generate AI coding guidance relevant to your selected coding standard
• To maintain audit logs of AI responses for quality assurance
• To improve the platform (aggregate, anonymised usage statistics only)

6. Data Sharing

We do not sell your personal information. We may share data with:

• Supabase — our database and authentication provider (PostgreSQL, hosted on AWS in the US). Data is encrypted at rest and in transit.
• Anthropic / OpenAI — as described in Section 3 above.
• Your organisation — if you access CoderCoach through an institutional account, your organisation's administrators may have access to your activity data (assessments, scores) for educational management purposes.
• Legal requirements — if required by law or to protect the rights of Brookscroft Systems or others.

7. Data Retention

Activity logs and assessment results are retained for the duration of your account. AI interaction logs are retained for up to 12 months for quality assurance. You may request deletion of your account and associated data by contacting us.

8. Security

All data in transit is encrypted using TLS 1.2+. All data at rest is encrypted. Authentication uses short-lived JWT tokens via Supabase Auth. We use row-level security in our database to ensure users can only access their own data.

9. Personal Health Information

CoderCoach is not designed or intended to process personal health information (PHI) as defined by PHIPA (Ontario) or equivalent provincial or federal legislation. Do not use this platform to process real patient records. If you believe PHI was inadvertently submitted, contact us immediately.

10. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal information. To exercise these rights, contact Brookscroft Systems at brookscroft.systems/contact.

11. Changes to This Policy

We may update this Privacy Policy. The effective date at the top of this page will be updated. Continued use of the platform after changes are posted constitutes acceptance of the revised Policy.