Student privacy, taken seriously.

PyForm operates in full compliance with the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486). This page explains, in plain language, what student data we collect, why we collect it, where it lives, and how your school can control it.

We are data processor; your school is the data user. Students' personal data remains the property of the school and its custodian parents. PyForm never sells, rents, or licenses student data. We do not train third-party AI models on student submissions.

1 · Data we collect

Account

Email, display name, avatar (optional). Collected at signup or via school invite. Used to authenticate.

Coursework

Python source code, stdout/stderr, task submissions, teacher feedback, scores. Used to deliver the IDE and grading workflow.

Learning analytics

Run counts, XP, streaks, badge unlocks. Used to motivate the student and inform their teacher.

AI interaction logs

Slash command, prompt length, model tier, allow/block status. Used for policy audits and teacher review. Content of prompts is not retained after the response is returned.

What we do NOT collect

Sensitive data: HKID, home address, phone numbers (never required to use PyForm).
Biometric data, location data, browser fingerprints.
Social-media identifiers beyond optional Google OAuth sign-in.

2 · Where data lives

All personal data is stored in Supabase-hosted PostgreSQL clusters. Schools on the Enterprise plan may elect for a dedicated instance in an APAC region. Database access is restricted by Row-Level Security policies that enforce the school → class → student hierarchy at the query layer.

AI processing

When a student invokes an allowed AI command, the prompt is sent through our proxy endpoint to either Zhipu AI (default) or Moonshot Kimi (fallback) over TLS. Contractual DPAs forbid model-provider retention or training on our payloads.

3 · How long we keep it

Active student data — retained for the duration of enrolment.
Deleted submissions / projects — soft-deleted for 30 days, then purged.
AI usage logs — 180 days rolling, then anonymised for cost analytics.
Graduated / de-enrolled students — archived for 12 months then fully purged, unless the school requests earlier deletion.

4 · Student & parent rights

Under the PDPO, every student (or their parent / guardian, for minors) has the right to:

Know whether we hold any personal data about them.
Access a copy of that data (Data Access Request).
Ask us to correct inaccuracies.
Ask us to delete the data outright.

Requests can be made through the school administrator (fastest) or directly via privacy@pyform.dev. We respond within 40 days as required by the Ordinance.

5 · Security

TLS 1.3 for all network traffic.
AES-256 at rest (Supabase default).
Row-Level Security enforced database-side; no mass-read endpoints exposed.
AI proxy is a signed, JWT-authenticated edge function; no unauthenticated AI calls are possible.
Quarterly internal review; annual third-party audit from 2027 onward.

6 · Data export & portability

School administrators can export a CSV of all grades and submission metadata at any time from the School Admin console. Full JSON export of a single student's data is available on request (turnaround ≤ 14 days).

7 · Sub-processors

Supabase

Database + Auth. EU / US data centres. GDPR-compliant. DPA signed.

Vercel

Hosting + CDN. Processes routing metadata; no student payload storage.

Zhipu AI / Moonshot

AI inference. Contract forbids retention or training on our payloads.

Stripe

Payments (schools only). PCI-DSS Level 1.

8 · Contact

Data Protection Officer: Luca Yau — privacy@pyform.dev. For urgent matters, please cc schools@pyform.dev.