CodeTorch Privacy Policy

Last Updated: February 12, 2026
Operator: CodeTorch LLC

Welcome to CodeTorch!

If you are a child user, please see our Privacy Information for Young Players.

1. Operator Information

The following operator collects or maintains personal information through this service:
CodeTorch LLC
2108 N ST STE N, Sacramento, CA 95816, USA
Email: [email protected]
Phone: +1 (916) 460-3500

2. Information Collection and Use

We process information to provide the service (Contractual Necessity) and to secure our community (Legitimate Interests):

Information You Provide:
- Identifiers: Username, display name, email address, and Country/Region (used to determine local Age of Digital Consent requirements).
- Parental Info: Parent’s email address (for users under 13).
- Age Verification: Birth month and year. This is used to determine initial account restrictions and eligibility for account graduation (transitioning to a non-restricted account upon reaching the age of digital consent). This identifiable data is shared with our verification partner but is not stored in an linkable format on CodeTorch's active servers.
- User Content: Projects, code, posts, and comments created by you.
- Push Notifications: If you explicitly grant browser permission, we collect a unique device token to deliver them.
Information Collected Automatically: We collect IP addresses (anonymized for unverified children), browser type, and browser fingerprints used solely for the protection of the website and prevention of spam and automated abuse.
Cookies: We use essential cookies to maintain your login session and functional cookies to remember your preferences (like 'Mature Content' filters) or to allow you to 'Like' or 'Love' projects without an account.
Third Parties: We receive ID tokens from Google or GitHub for Social Login. For project imports, we receive data via the Scratch API and may analyze public profile statistics (such as account age and activity) to determine initial account trust levels and permissions.

We do not share or sell this data or use it for behavioral advertising.

3. Verifiable Parental Consent (Required by Law)

For users under 13, as strictly required by law, we require Verifiable Parental Consent (VPC) before allowing them to create content, post comments, or make projects public. Until consent is provided, these users are placed in a restricted "Cabined Account" state.

Important Notice for Parents: This verification process is a legal requirement under international privacy laws (including COPPA in the US and GDPR-K in Europe) and is not a choice made by CodeTorch.

We have partnered with Kids Web Services (KWS), a subsidiary of Epic Games, to manage this process. KWS is as privacy-conscious as possible and is widely considered the industry leader in safe digital interactions for children.

Why we trust KWS:

Certified Privacy: KWS is a member of the ESRB Privacy Certified Program (an FTC-approved COPPA Safe Harbor) and the kidSAFE Seal Program.
Data Minimization: KWS uses a "privacy-first" technology called AgeGraph. This allows parents to verify their identity once and then use a "hashed" (scrambled) identifier for other apps, minimizing the amount of personal data shared across the internet.
No Sensitive Data Sharing: CodeTorch never sees, receives, or stores your credit card numbers, ID scans, or face prints. KWS handles the verification independently and only tells us "Yes, this is an adult."

You can review their full privacy practices at https://www.kidswebservices.com/privacy-policy

4. Third-Party Service Providers

We share data with the following categories of providers to operate our site:

Hosting & Security: Cloudflare (Global), Hetzner (EU).
Consent Management: Kids Web Services (USA).
Storage: Backblaze B2 (USA).
Analytics: Rybbit (Self-hosted, privacy-first).
AI Providers: Google or OpenRouter (only if the "Torchy" assistant is used).

5. User Rights (Global and Parental)

We provide all users with meaningful control over their data. Parents of children under 13, as well as users over the age of digital consent in their region, have the right to:

Review & Access: Access the personal information we hold and receive a portable copy.
Correction: Direct us to update or correct inaccuracies.
Deletion: Direct us to delete your information and close the account.
Restriction & Objection: Refuse to permit further collection or object to specific data processing.
Human Review: Request human review of any decision made by our automated "Watchdog" moderation systems, which analyze content patterns and behavior to prevent spam and coordinated raids.

To exercise these rights, contact us at [email protected].

6. Data Retention Policy

In accordance with § 312.10, CodeTorch maintains a written data retention policy:

Purpose: We retain data only as long as necessary to provide the service.
Unverified Accounts: If parental consent is not provided within 45 days of account creation, all associated data is deleted.
Deletion: Upon account deletion, all personal data is removed from active databases using secure measures. We do not retain children's data indefinitely.

7. Information Security Program

We maintain a written information security program with technical safeguards to protect your data.

Standard Contractual Clauses: We use SCCs to ensure your data remains protected when transferred between our US and EU-based hosting providers.
Automated Scanning: To ensure the safety of our community, uploaded images are scanned using automated tools to detect prohibited visual content and to ensure no personal information (PII) is shared within image text.

8. Artificial Intelligence (AI) and Machine Learning

CodeTorch LLC is committed to protecting the intellectual property and creative efforts of our users.

No Training: We do not use user-generated content (projects, code, or assets) to train generative AI or machine learning models.
No Scraping: We implement technical measures to discourage third-party AI scrapers from harvesting content from our platform.
Torchy (Assistant): If you use the optional "Torchy" assistant:
- Personal API Keys: If you provide your own API key, your interaction is a direct transaction between you and the AI provider. Their specific privacy terms apply.
- CodeTorch Keys: If you use the service via CodeTorch’s provided keys, your code is processed only to provide feedback and is not stored for training purposes.
- Temporary Context: When using certain models, a temporary text file containing your current code context may be uploaded to our AI partner (e.g. Google) to facilitate processing. These files are deleted automatically by the provider after the response is generated.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

View the Parent's Guide