codecloud
DocsBlog
Back to home

Privacy Policy

Last updated: January 18, 2025

1. Introduction

codecloud ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our cloud-based AI coding agent service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Authentication data managed by our identity provider (Clerk)

2.2 GitHub Integration Data

When you install our GitHub App, we collect:

  • GitHub username or organization name
  • GitHub App installation ID
  • Temporary access tokens (encrypted, short-lived) to interact with your repositories

We only access repositories you explicitly authorize. Repository contents are accessed only during agent execution and are not permanently stored beyond what is needed for the agent run.

2.3 API Keys

You may provide API keys for third-party LLM providers (such as Anthropic, OpenAI, or Google). These keys are:

  • Encrypted at rest using AES-256-GCM encryption
  • Only decrypted when executing agent runs
  • Never logged or exposed in plaintext
  • Deletable at any time from your dashboard

2.4 Agent Run Data

When you execute agent runs, we store:

  • The prompts you submit
  • Agent execution results and generated plans
  • Repository and branch information
  • Run status and timing information
  • Pull request URLs if auto-PR is enabled

2.5 Analytics Data

We use PostHog for product analytics. PostHog collects:

  • Page views and navigation patterns
  • Feature usage and interaction events
  • Device and browser information
  • IP address (which may be used to derive approximate location)

PostHog uses cookies and similar technologies to track your activity across sessions. We use this data to improve the Service and understand how users interact with our product. You can opt out of tracking by using browser extensions that block analytics scripts.

2.6 Payment Information

Payment processing is handled by Clerk Commerce and Stripe. We do not directly store your credit card information. Please refer to Clerk's Privacy Policy and Stripe's Privacy Policy for details on how payment data is handled.

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Authenticate your identity and manage your account
  • Execute AI agent runs on your authorized repositories
  • Process payments and manage subscriptions
  • Send webhook notifications you have configured
  • Improve and optimize the Service
  • Respond to support requests
  • Detect, prevent, and address technical issues or abuse

4. Third-Party Services

We use the following third-party services to operate codecloud:

Clerk

Authentication, user management, and billing. Clerk processes your account data and payment information.

Convex

Database and backend infrastructure. Your account data and agent run history are stored in Convex.

GitHub

Repository access via GitHub App integration. We access repositories you authorize to execute agent runs and create pull requests.

E2B

Secure sandbox environment for executing AI agents. Your repository code is temporarily cloned into isolated sandboxes during agent execution.

PostHog

Product analytics. We track page views and feature usage to improve the Service. PostHog may set cookies on your device.

LLM Providers (via your API keys)

Your prompts and repository context are sent to the LLM provider you configure (e.g., Anthropic, OpenAI, Google). This data is subject to the privacy policy of your chosen provider.

5. Data Security

We implement industry-standard security measures to protect your data:

  • All data is transmitted over HTTPS
  • API keys are encrypted at rest using AES-256-GCM
  • GitHub access tokens are short-lived and encrypted
  • Agent execution occurs in isolated sandbox environments
  • Webhook payloads can be verified using HMAC-SHA256 signatures

6. Data Retention

We retain your data as follows:

  • Account data: Retained until you delete your account
  • Agent run history: Retained until you delete your account or request deletion
  • API keys: Retained until you delete them or delete your account
  • Analytics data: Retained according to PostHog's data retention policies

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Opt out of certain data processing activities

To exercise these rights, please contact us through our support portal.

8. Cookies

We use cookies and similar technologies for:

  • Authentication: Clerk uses cookies to manage your login session
  • Analytics: PostHog uses cookies to track usage across sessions

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

9. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us.

10. International Data Transfers

Your data may be processed in countries other than your own, including the United States. Our third-party service providers may store and process data in various locations. By using the Service, you consent to the transfer of your data to these locations.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us through our support portal.