Privacy Policy
Last updated: April 2025
1. Introduction
CodeAlive ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and protect your personal data when you use our services ("Service").
2. Data We Collect
We collect several types of information:
- User Information: Name, email address, password (when creating an account directly with us), and identifiers from linked accounts like GitHub or GitLab (when choosing to authenticate via those services).
- Company Data: Information about code repositories (including source code, commit history, and related metadata) that you choose to connect to the Service for analysis.
- Usage Data: Information about how you interact with our Service, including access logs, IP addresses, device information (operating system, browser type), feature usage patterns, and diagnostic data.
- Data Processed by LLMs: When using features powered by Large Language Models (LLMs), relevant code snippets or natural language queries may be processed by third-party LLM providers to generate responses.
3. Cookies and Tracking Technologies
Our Service uses cookies and similar tracking technologies that fall into the following categories:
- Essential Cookies: We use necessary cookies to ensure the Service functions properly. These cookies are required for core functionality and cannot be turned off. This includes authentication tokens and session data.
- Preference Cookies (Optional): These cookies allow the Service to remember choices you make and provide enhanced, more personal features. These cookies can be disabled, but doing so may affect your experience.
- Statistics/Analytics Cookies (Optional): We use privacy-focused analytics to understand how users interact with our Service. This data is anonymized and used only to improve our Service. You can opt out of these cookies.
- Marketing Cookies (Optional): These cookies may be used for advertising purposes. You can opt out of these cookies entirely.
- Support Cookies (Optional): If you're a logged-in user and consent to support cookies, we use Intercom for customer support chat functionality. Intercom uses cookies to maintain your chat session and provide a personalized support experience.
Intercom Cookies
When you consent to support cookies, Intercom may set the following cookies:
| Cookie name | Purpose | Duration | Description |
|---|---|---|---|
| intercom-id-[app_id] | User identification | 9 months | Anonymous visitor identifier cookie |
| intercom-session-[app_id] | Session tracking | 1 week | Identifier for browser session |
| intercom-device-id-[app_id] | Device tracking | 9 months | Device identifier used by Intercom |
Intercom cookies are only activated when you opt in through our cookie settings. For more details on Intercom’s privacy practices, visit https://www.intercom.com/legal/privacy.
4. How We Use Your Data
We use the collected information to:
- Provide, maintain, and improve the Service.
- Authenticate users and provide secure access.
- Offer AI-powered code analysis, deep research, and other features.
- Deliver customer support (including via chat, if consented).
- Send communications such as updates, promotions, and security alerts.
- Conduct analytics to improve the Service's performance and usability.
- Comply with legal obligations and enforce our terms.
5. Data Storage and Security
We store user data in secure cloud infrastructure, primarily hosted within the European Union (EU). Access to data is restricted to authorized personnel and protected by industry-standard encryption, both at rest and in transit. Repository data is only stored for users and organizations who explicitly connect their repositories to the Service.
While we take reasonable measures to protect your data, no method of transmission or storage is completely secure. Therefore, we cannot guarantee absolute security, but we continuously monitor for potential vulnerabilities.
6. AI Processing and Data Privacy
CodeAlive uses AI models to analyze code, generate insights, and provide intelligent responses. We partner with trusted AI providers and comply with applicable data privacy regulations. For on-premises deployments, your data remains fully within your infrastructure.
We do not use your private data to train our AI models unless you explicitly opt in. When using third-party AI providers, we ensure agreements and security measures are in place to protect your data.
7. Data Retention
We retain personal data for as long as necessary to provide the Service or as required by law. You may request deletion of your data by contacting us at security@codealive.ai. Some anonymized or aggregated data may be retained for analytical purposes.
8. Sharing Your Information
We may share your information with:
- Trusted service providers who assist us in delivering the Service (e.g., cloud hosting, analytics, customer support).
- Third-party AI providers when using features that require AI processing.
- Regulatory authorities where required by law.
We do not sell personal data. When sharing data with third-party providers, we ensure appropriate contractual and technical safeguards are in place.
9. International Data Transfers
If we transfer your data outside your jurisdiction (e.g., from the EU to non-EU countries), we ensure appropriate safeguards (such as Standard Contractual Clauses, adequacy decisions, or other valid transfer mechanisms under GDPR) are in place to protect your data.
10. User Rights
Depending on your jurisdiction (e.g., if you are in the EU/EEA), you may have rights regarding your personal data, including the right to:
- Request access to the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your personal data.
- Object to certain processing activities (e.g., for direct marketing).
- Request restriction of processing.
- Request data portability.
To exercise these rights, please submit your request to security@codealive.ai. We will respond in accordance with applicable data protection laws.
For security purposes, we may need to verify your identity before processing your request. We may ask for specific information to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).
If you are located in the EU, you also have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws. A list of EU data protection authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
11. California Resident Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information:
- Right to Know: You have the right to request information about the personal information we collect, use, disclose, and sell.
- Right to Delete: You have the right to request deletion of your personal information.
- Right to Correct: You have the right to request correction of inaccurate personal information.
- Right to Opt-Out: You have the right to opt out of the sale or sharing of your personal information. However, we do not sell or share your personal information as defined under California law.
- Right to Limit Use of Sensitive Personal Information: You have the right to limit the use of your sensitive personal information. We collect minimal sensitive personal information and use it only for the purposes of providing our services.
- Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
To exercise your rights under California law, please contact us at security@codealive.ai. We will verify your request using the information associated with your account, including email address. California residents may also designate an authorized agent to make a request on their behalf.
12. Legal Basis for Processing (GDPR)
For users in the European Union or European Economic Area, we process your personal data according to the following legal bases:
- Performance of Contract: Processing necessary for the performance of our contract with you (our Terms of Service) when you use our Service.
- Legitimate Interests: Processing necessary for our legitimate interests, such as to improve our Service, provide security, prevent fraud, and for business administration. We balance our interests against your privacy rights and only process data based on legitimate interests where the impact on your privacy is proportionate to the benefits gained.
- Legal Obligation: Processing necessary for compliance with a legal obligation to which we are subject.
- Consent: Where applicable, we process data based on your explicit consent, which you can withdraw at any time.
Each type of processing activity relies on specific legal bases. For example, processing repository data to provide our Service relies on contract performance, while certain security measures are based on legitimate interests.
13. Children's Privacy
Our Service is not intended for individuals under the age of 16 (or the relevant age of majority in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.
14. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. We will notify you of significant changes by posting the new policy on our website or through the Service, and we will update the "Last updated" date. Your continued use of the Service after such changes constitutes your acceptance of the revised policy.
15. Contact Information
For any questions or concerns regarding this Privacy Policy or our data practices, please contact us at: security@codealive.ai.