Privacy Policy

1. Who We Are

SoCode ("SoCode", "we", "our") is both a school and an online school-management platform, headquartered in Constantine, Algeria. We deliver our own training programmes to students directly, and we provide the platform that schools and trainers use to run their formations, sessions, and student communities.

Contact: hello@socode.tech

2. What Data We Collect

We collect the following information to operate the Service:

• Account information — your name and email address, provided when you create an account or connect a Google account via OAuth.
• Authentication tokens — when you connect your Google account, we store an encrypted OAuth refresh token. This token is encrypted at rest using ASP.NET Core Data Protection and is never stored or transmitted in plain text.
• Application data — formations, scheduled sessions, student enrolments, and other records you create while using the platform.
• Usage data — standard server logs (IP address, request timestamps) for security and debugging purposes only.

3. Google API Data

When you connect your Google account via Settings → Integrations, SoCode requests the following permissions:

• meetings.space.created — used to create Google Meet spaces for your scheduled online sessions.

We store only:

• The OAuth refresh token (encrypted at rest), used to generate Meet spaces on your behalf.
• The email address of the connected Google account.

We do not read, copy, modify, or share your Google Calendar events or any Google Meet data beyond creating spaces you explicitly request.

The SoCode use of Google user data adheres to the Google API Services User Data Policy, including the Limited Use requirements.

You can revoke this connection at any time from Settings → Integrations. Revoking disconnects SoCode from your Google account and permanently deletes the stored token.

4. How We Use Your Data

We use your data exclusively to:

• Operate the platform (manage sessions, students, and formations).
• Generate Google Meet links for scheduled online sessions.
• Send service communications (account notifications). We do not send marketing emails without your consent.

Your data is never used for advertising, profiling, or sold to third parties.

5. Data Sharing

We do not sell or share your personal data with third parties, except:

• Infrastructure providers — Microsoft Azure (hosting) and Google (APIs) process data as part of service delivery. Both operate under their own privacy policies and data processing agreements.
• Legal obligations — we may disclose data if required by applicable law or to protect our legal rights.

6. Data Retention

• Account and application data is retained while your account is active.
• You may request deletion of your account and associated data at any time by contacting hello@socode.tech.
• OAuth refresh tokens are stored until you disconnect the integration from Settings → Integrations.

7. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Delete your data (right to erasure / right to be forgotten).
• Data portability — receive your data in a structured, machine-readable format.
• Revoke your Google connection at any time via Settings → Integrations.

To exercise any of these rights, contact us at hello@socode.tech.

8. Security

We protect your data through:

• Encryption at rest — OAuth refresh tokens are encrypted using ASP.NET Core Data Protection before being stored in our database.
• Encryption in transit — all data is transmitted over TLS (HTTPS).
• Access control — data is accessible only to authorised personnel and internal services.

9. Contact

For questions about this policy or to exercise your rights: