Privacy Notice
Last Updated: 20 January 2026
1. Introduction
CodeAlive Ltd ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Notice explains how we collect, use, and share information about you when you use our AI-powered code analysis platform and associated services (the "Service").
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, CodeAlive Ltd is the Data Controller of the personal data we collect from you directly.
Company Details:
Legal Entity: CodeAlive Ltd (Company No. 16517721)
Registered Office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Contact Email: security@codealive.ai
2. The Data We Collect
We collect data to provide our Service and comply with our legal obligations. This data falls into the following categories:
A. Information You Provide to Us
- Identity Data: First name, last name, username.
- Contact Data: Email address.
- Account Credentials: Passwords (hashed) or authentication tokens from third-party providers (e.g., GitHub, GitLab).
- Support Data: Information you provide when contacting us for support (via Intercom or email).
B. Information Collected Automatically
- Technical Data: Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types, operating system, and platform.
- Usage Data: Information about how you use our Service, such as feature usage, access logs, and clickstream data (via PostHog).
- Transaction Data: Details about payments and subscriptions. Note: We do not store full payment card details. These are processed directly by Stripe.
C. Source Code and Repositories
When you connect a repository, we process the code and metadata (commits, timestamps, author names) to provide the analysis.
Privacy Note: While source code is primarily business data, commit history often contains personal identifiers (names/emails of developers). We process this data strictly to provide the Service. We do not use your private source code to train our foundational AI models for the general public.
3. How We Use Your Data and Our Lawful Bases
Under the UK GDPR, we must have a "lawful basis" for each way we use your data. We rely on the following:
| Purpose / Activity | Type of Data | Lawful Basis for Processing |
|---|---|---|
| To register you as a new user | Identity, Contact | Performance of a Contract (Terms of Service) |
| To provide the Service (Analysis, AI responses) | Identity, Usage, Repo Data | Performance of a Contract |
| To manage payments and billing | Contact, Transaction | Performance of a Contract |
| To detect fraud and secure the platform | Identity, Technical, Usage | Legitimate Interests (to ensure network security) |
| To improve our Service (Analytics, debugging) | Usage, Technical | Legitimate Interests (to keep our product functioning and competitive) or Consent (where Cookies are involved) |
| To comply with legal obligations (Tax, accounting) | Transaction, Contact | Legal Obligation |
4. Disclosure of Your Data (Processors)
We do not sell your data. We share data with third-party service providers ("Processors") who support our operations. We have Data Processing Agreements (DPAs) in place with these providers to ensure they protect your data.
- Cloud Infrastructure: AWS (EU Regions).
- AI Providers: Google Gemini, OpenAI, Google Vertex AI, Scaleway (processed via API for the sole purpose of generating responses).
- Analytics & Observability: PostHog (EU), Grafana Cloud (EU), Langfuse (EU), Sentry (US/Global).
- Payments: Stripe (Global).
- Communication: Intercom (US/EU).
5. International Transfers
Some of our external third parties (e.g., Stripe, Sentry, US-based AI model providers) are based outside the UK and the European Economic Area (EEA).
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring one of the following safeguards is implemented:
- Adequacy Regulations: Transferring to countries deemed to provide an adequate level of protection by the UK Secretary of State (e.g., the EEA).
- UK Extension to EU SCCs (IDTA): Where we use providers in the US or other non-adequate countries, we use specific contracts approved for use in the UK which give personal data the same protection it has in the UK (often referred to as the "UK Addendum" to the EU Standard Contractual Clauses).
6. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for.
- Account Data: Retained while your account is active. Deleted within 90 days of account closure.
- Financial Data: Retained for 6 years to satisfy UK tax and accounting requirements (HMRC).
- Analytics Data: Retained in accordance with our retention settings in PostHog (typically 12 months).
7. Your Legal Rights
Under the UK GDPR, you have rights including:
- Request access to your personal data (Subject Access Request).
- Request correction of your personal data.
- Request erasure of your personal data ("Right to be forgotten").
- Object to processing where we rely on a legitimate interest.
- Request restriction of processing.
- Request the transfer of your personal data (Portability).
To exercise any of these rights, please contact us at security@codealive.ai. We strive to respond to all legitimate requests within one month.
8. Cookies and Tracking
We use cookies to distinguish you from other users.
- Essential Cookies: Required for login and security (e.g., Auth tokens).
- Non-Essential Cookies: Analytics (PostHog) and Support (Intercom).
In compliance with the Privacy and Electronic Communications Regulations (PECR), we request your consent via our cookie banner before setting non-essential cookies. You can withdraw this consent at any time via the footer on our website.
9. Contact the Regulator
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.
Contact Us
If you have questions about this document, please write to:
CodeAlive Ltd
71-75 Shelton Street, Covent Garden
London, WC2H 9JQ, UK
Email: security@codealive.ai