Privacy Policy

1.1 Information You Provide

• Account information: email address, display name, password (hashed), avatar.
• Project content: product ideas, descriptions, specifications, and any text you enter during the pipeline process.
• Payment information: processed by our payment provider (Razorpay). We do not store credit card numbers.
• Communications: any messages you send to our support channels.

1.2 Information Collected Automatically

• Usage data: pages viewed, features used, timestamps, pipeline stage progression.
• Device information: browser type, operating system, screen resolution, IP address.
• Cookies: authentication tokens (HTTP-only, secure), session management. We do not use third-party tracking cookies.
• Log data: server logs for security monitoring and debugging.

1.3 AI Processing Data

• Your project content is sent to AI providers (Anthropic Claude) for processing as part of the Service.
• AI conversations and generated content are stored in your project's knowledge graph.
• We do not use your project content to train AI models.

• Provide the Service: process your project through the pipeline, generate code, and manage deployments.
• Authentication: verify your identity and secure your account.
• Billing: process payments, track token usage, and send billing notifications.
• Communication: send verification emails, password resets, billing alerts, and service updates.
• Security: detect fraud, prevent abuse, enforce rate limits, and monitor for suspicious activity.
• Improvement: if you opt in to analytics, aggregate usage patterns to improve the Service (never individual content).

• Your data is stored on secured servers with encryption at rest and in transit (TLS 1.2+).
• Passwords are hashed using bcrypt with appropriate cost factors.
• Authentication uses RS256 JWT tokens with short-lived access tokens (15 minutes) and longer refresh tokens (30 days).
• Two-factor authentication (TOTP) is available for additional account security.
• Rate limiting is enforced on all authentication endpoints to prevent brute-force attacks.
• All API access requires authentication. Project data is isolated per user.

We do not sell your personal information. We share data only in these limited cases:

• AI providers: project content is sent to Anthropic (Claude API) for AI processing. Anthropic's data handling is governed by their privacy policy and our data processing agreement.
• Payment processors: payment information is processed by Razorpay under their terms.
• GitHub: if you connect GitHub, project code is pushed to your GitHub repository under your control.
• Legal requirements: we may disclose information if required by law, court order, or to protect our rights and safety.

You have the following rights regarding your personal data:

• Access: request a copy of all data we hold about you (via Account Settings → Data Export).
• Rectification: update your profile information at any time.
• Erasure: delete your account and all associated data (30-day recovery window, then permanent deletion).
• Portability: export your data in machine-readable JSON format.
• Restriction: limit how we process your data by adjusting privacy settings.
• Objection: opt out of analytics and marketing communications at any time.
• Withdraw consent: revoke any previously given consent through your Account Settings.

To exercise these rights, visit your Account Settings or contact us at admin@codilla.ai.

• Essential cookies: HTTP-only, secure authentication cookies. These are required for the Service to function and cannot be disabled.
• Analytics: if you opt in, we collect anonymous usage metrics. You can opt out at any time in Account Settings → Data & Privacy.
• No third-party trackers: we do not use Google Analytics, Facebook Pixel, or any third-party tracking services.
• Global Privacy Control (GPC): we respect the GPC browser signal. If detected, analytics and marketing tracking are automatically disabled.

• Active accounts: data is retained as long as your account is active.
• Deleted accounts: 30-day recovery window, then permanent deletion of all personal data and project content.
• Billing records: retained for 7 years as required by tax and financial regulations.
• Audit logs: security audit logs are retained for 90 days.
• Backups: encrypted backups are purged on a rolling 30-day schedule.

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

Your data may be processed in jurisdictions outside your country of residence. We ensure appropriate safeguards are in place for any international data transfers, including standard contractual clauses where applicable.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. The "Last updated" date at the top reflects the most recent revision.

• Company: Ganakys Codilla Apps (OPC) Private Limited
• Registered Address: Tc.6/1608-6, Flat No A2, Rose Apartment, Neerazhi Lane, Ulloor, Thiruvananthapuram, Kerala, 695011, India
• Email: admin@codilla.ai
• Phone / WhatsApp: +91 7907191184

For privacy-related questions or to exercise your data rights, contact us at: admin@codilla.ai or call/WhatsApp +91 7907191184.