Effective Date: January 1, 2025 | Last Updated: January 1, 2025

1. Introduction

CodeCraft AI, Inc. ("CodeCraft," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered code generation platform and expert review services (the "Service"). Please read this policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide when registering or using our Service:

• Account Information: Name, email address, username, password, company name
• Payment Information: Credit card details, billing address (processed securely via Stripe/EcommPay)
• Project Information: Code requirements, project descriptions, technical specifications
• Communications: Support tickets, feedback, survey responses
• Professional Information: GitHub profile, LinkedIn, technical expertise (for expert reviewers)

2.2 Automatically Collected Information

When you access our Service, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent, click patterns
• Performance Data: API response times, error rates, code generation metrics
• Location Data: Country and city based on IP address (not precise location)

2.3 Code and Project Data

We process code and project information you submit for generation and review. This includes source code, documentation, technical requirements, and any materials you provide for project completion.

3. How We Use Your Information

3.1 Service Provision

• Generate AI-powered code based on your specifications
• Facilitate expert code review and quality assurance
• Process payments and manage credit balances
• Provide customer support and technical assistance
• Send project updates and delivery notifications

3.2 Service Improvement

• Analyze usage patterns to enhance user experience
• Improve AI model accuracy and code quality
• Develop new features based on user needs
• Conduct research and statistical analysis

3.3 Legal and Security

• Comply with legal obligations and regulations
• Detect and prevent fraud, abuse, or security threats
• Enforce our Terms of Service and agreements
• Protect rights and safety of users and the public

4. Code Privacy and Intellectual Property

4.1 Ownership

You retain full ownership of all code generated for your projects. Upon payment completion, all intellectual property rights to the generated code transfer to you exclusively.

4.2 Confidentiality

We treat all project code and requirements as strictly confidential. Your code is never:

• Shared with other clients or third parties
• Used to train AI models without explicit consent
• Reused for other projects or purposes
• Stored longer than necessary for service delivery

4.3 Expert Review Process

Expert reviewers sign comprehensive NDAs before accessing any project code. They are bound by strict confidentiality agreements and cannot retain, share, or reuse any client code.

5. Data Sharing and Disclosure

5.1 Service Providers

We share data with trusted third-party service providers:

• Payment Processing: Stripe, EcommPay (payment information only)
• Cloud Infrastructure: Amazon Web Services, Google Cloud Platform
• Analytics: Google Analytics, Mixpanel (anonymized data)
• Communication: SendGrid, Intercom (contact information)
• Expert Reviewers: Vetted professionals under NDA (project code)

5.2 Legal Requirements

We may disclose information if required by law or in response to:

• Court orders, subpoenas, or legal process
• Government or regulatory requests
• Protection of our legal rights or property
• Emergency situations involving potential harm

5.3 Business Transfers

In the event of merger, acquisition, or sale of assets, user information may be transferred. We will notify you via email and prominent notice on our Service before any such transfer.

6. Data Security

6.1 Security Measures

We implement comprehensive security measures including:

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Role-based permissions, multi-factor authentication
• Infrastructure: SOC 2 Type II certified data centers
• Monitoring: 24/7 security monitoring and intrusion detection
• Audits: Regular security assessments and penetration testing
• Compliance: GDPR, CCPA, and industry best practices

6.2 Data Breach Response

In the unlikely event of a data breach, we will notify affected users within 72 hours and provide information about the incident, potential impact, and mitigation steps.

7. Your Rights and Choices

7.1 Access and Control

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Portability: Export your data in a standard format
• Restriction: Limit how we process your data
• Objection: Opt-out of certain data uses

7.2 Communication Preferences

You can manage email preferences through:

• Account settings dashboard
• Unsubscribe links in emails
• Contacting support@codecraft.ai

7.3 Do Not Track

We honor Do Not Track browser signals and will not track users who have enabled this setting.

8. International Data Transfers

Your information may be processed in countries other than your own. We ensure appropriate safeguards through Standard Contractual Clauses and adequacy decisions for international transfers.

9. Data Retention

We retain data for different periods based on purpose:

• Account Data: Duration of account plus 30 days
• Project Code: 90 days after delivery (for support purposes)
• Payment Records: 7 years (legal requirement)
• Analytics Data: 2 years (anonymized)
• Marketing Data: Until opt-out or 3 years inactive

10. Children's Privacy

Our Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected
• Right to know if information is sold or disclosed
• Right to opt-out of sale of personal information
• Right to non-discrimination for exercising privacy rights

Note: We do not sell personal information to third parties.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under the General Data Protection Regulation:

• Legal basis for processing (legitimate interest, consent, or contract)
• Right to lodge complaints with supervisory authorities
• Right to withdraw consent at any time
• Automated decision-making disclosure and objection rights

13. Cookies and Tracking Technologies

13.1 Types of Cookies

• Essential: Required for Service functionality
• Analytics: Help us understand usage patterns
• Preferences: Remember your settings and choices
• Marketing: Used for targeted advertising (with consent)

13.2 Cookie Management

You can control cookies through browser settings. Disabling certain cookies may limit Service functionality.

14. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email and Service announcement at least 30 days before taking effect. Continued use after changes constitutes acceptance.

15. Contact Information

For privacy inquiries, requests, or concerns:

EU Representative:
CodeCraft EU Data Representative
Email: eu-privacy@codecraft.ai
Address: Dublin, Ireland

This privacy policy is provided in English for clarity and legal compliance. Translations may be available upon request.