← Back|⚑LabSpin

Privacy Policy

Last updated: March 2026

LabSpin is a platform that allows instructors to provision temporary cloud lab environments for students. This Privacy Policy explains what information we collect, how we use it, and what rights you have regarding your data.

1. Information We Collect

When you use LabSpin, we may collect the following information:

β€’ Student registration: name, email address, and student ID (RA) provided when joining a lab session.
β€’ Usage data: IP address, timestamp of access, and session identifiers.
β€’ Beta sign-up: name, email address, and optional use-case description provided through our waitlist form.
β€’ Instructor accounts: username and hashed password stored for authentication purposes.

2. How We Use Your Information

We use the information we collect to:

β€’ Provision and manage temporary virtual machine (VM) lab environments on your behalf.
β€’ Create and deliver SSH credentials needed to access your lab session.
β€’ Apply rate limiting and abuse prevention using IP addresses.
β€’ Communicate service updates with beta sign-up participants.
β€’ Improve the reliability and performance of our platform.

3. Data Retention

Lab session data (student credentials, VM access details) is automatically deleted 4 hours after session creation as part of the platform's lifecycle. Instructor-initiated session deletions also remove all associated student records immediately.

Beta sign-up information is retained until you request removal. Audit logs are retained for security and compliance purposes.

4. Third-Party Services

LabSpin relies on the following third-party services to operate:

β€’ Microsoft Azure β€” used to provision and deprovision virtual machines for lab sessions. Data processed includes VM configuration and network settings.
β€’ Upstash / Redis β€” used to store session data and rate-limit counters in production environments.
β€’ Vercel β€” used to host and serve the LabSpin application. Your requests pass through Vercel's edge network.

Each provider has its own privacy policy and data processing terms.

5. Security

We take security seriously. Measures in place include:

β€’ Sensitive profile secrets (SSH keys, client credentials) are encrypted at rest using AES-256-GCM.
β€’ All data in transit is protected by HTTPS/TLS.
β€’ Session tokens are HMAC-SHA256 signed and expire after 8 hours.
β€’ Student accounts on VMs are automatically deleted after 4 hours.
β€’ Rate limiting is applied to prevent abuse.

6. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete personal data we hold about you. To exercise any of these rights, please contact us at the address below. We will respond to your request within a reasonable time.

7. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

8. Contact

If you have any questions or concerns about this Privacy Policy, please contact us:

TBX Tech
contato@tbxtech.com
https://tbxtech.com.br/