Privacy Policy
Last updated: May 17, 2026 Effective date: May 17, 2026
Implementation note: This document is product/legal operating copy for Codeeka. It is not legal advice and should be reviewed by counsel before production publication.
1. Introduction
Codeeka Technologies Private Limited ("Codeeka", "Company", "we", "us", or "our"), a company incorporated under the laws of the Republic of India with its registered office in Andhra Pradesh, India, operates the Codeeka mobile application, website, APIs, relay, bridge, sandbox provisioning features, billing features, and related services (collectively, the "Service").
This Privacy Policy explains how we collect, use, store, share, retain, and protect personal data when you use the Service.
2. Scope
This Policy applies to the Codeeka app, website, account system, billing flows, support communications, APIs, relay services, notifications, device pairing, cloud sandbox features, and integrations we provide.
Third-party services connected through Codeeka, such as Google, GitHub, Firebase, Razorpay, cloud providers, and AI providers, process data under their own privacy policies. Review those policies before connecting accounts or granting permissions.
3. Information We Collect
We collect information in the following categories.
3.1 Account and Profile Information
- Name, display name, email address, profile photo, authentication provider identifiers, and Firebase user ID.
- Account settings, language, notification preferences, plan, credits, billing status, and workspace metadata.
- Support messages, feedback, requests, and other communications you send us.
3.2 Authentication and Integration Information
- Login provider information from Google, GitHub, email/password, or other providers you choose.
- OAuth tokens, provider scopes, GitHub installation metadata, repository metadata, branch names, pull request metadata, and organization or account identifiers required to provide connected features.
- Firebase ID tokens and related authentication claims used to secure API access.
3.3 Device, Bridge, Relay, and Sandbox Information
- Device type, operating system, app version, device identifiers generated by the app, paired device names, public keys, pairing state, push tokens, and notification routing metadata.
- Bridge connection state, relay message metadata, session identifiers, pair IDs, timestamps, health status, and diagnostic events.
- Sandbox provisioning metadata, region, resource tier, session duration, bootstrap status, and usage records.
Private cryptographic keys are intended to remain on your device or local machine and are not transmitted to Codeeka.
3.4 Usage, Logs, and Diagnostics
- Feature usage, page or screen interactions, API requests, timestamps, IP address, approximate region derived from network data, browser or device metadata, crash logs, performance metrics, and error reports.
- Billing events, credit consumption, plan changes, invoice metadata, refund eligibility, and payment status.
3.5 Payment Information
Payments are processed by third-party payment processors such as Razorpay. We may receive payment status, customer ID, subscription ID, invoice links, transaction identifiers, billing contact details, tax information, and refund status.
We do not intentionally store full card numbers or CVV codes on our servers.
3.6 User Content
Depending on your configuration, the Service may process repository names, branch names, pull request metadata, prompts, commands, session messages, logs, diffs, file paths, snippets, and other content needed to show and control coding-agent workflows.
Codeeka is designed so local bridge workflows keep source code and agent execution on your machine where possible. Cloud sandbox workflows may process code and commands in the provisioned environment you request.
4. Information We Do Not Intend to Collect
We do not intentionally collect:
- Biometric data.
- Precise GPS location.
- Full payment card numbers or CVV codes.
- Private cryptographic keys generated for local pairing.
- Source code from local bridge workflows except where you explicitly transmit, request, upload, or route it through a Codeeka-controlled service.
5. How We Use Information
We use information to:
- Provide, operate, secure, and maintain the Service.
- Authenticate users and prevent unauthorized access.
- Pair devices, route relay messages, deliver notifications, and maintain session state.
- Provision, monitor, bill, and terminate cloud sandboxes.
- Connect GitHub and other integrations you authorize.
- Process subscriptions, credits, invoices, coupons, upgrades, downgrades, cancellations, and refunds.
- Provide support, respond to requests, troubleshoot issues, and communicate service updates.
- Detect abuse, fraud, security incidents, policy violations, and service misuse.
- Improve reliability, usability, performance, and product features.
- Comply with legal obligations, enforce our Terms, and protect rights, safety, and property.
6. Legal Bases for Processing
Where GDPR or similar laws apply, we process personal data under one or more legal bases:
- Performance of a contract, to provide the Service you requested.
- Consent, where required for optional features, communications, or integrations.
- Legitimate interests, such as security, fraud prevention, product improvement, and support.
- Legal obligations, such as tax, accounting, compliance, or lawful requests.
Where the Digital Personal Data Protection Act, 2023 applies, we process personal data for lawful purposes described in this Policy and through notices or consent flows presented in the Service.
7. How We Share Information
We do not sell personal data. We may share information with:
- Service providers that host, secure, analyze, support, or operate the Service.
- Authentication and infrastructure providers such as Firebase, Google Cloud, and similar vendors.
- Payment processors such as Razorpay for billing and payment handling.
- GitHub and other developer platforms when you connect integrations or request workflows.
- AI, cloud, and sandbox providers when you choose features that require them.
- Professional advisors, auditors, insurers, and legal representatives.
- Government, regulatory, law enforcement, or judicial authorities when required by law or to protect rights and safety.
- Successors in connection with a merger, acquisition, financing, reorganization, or sale of assets.
- Other parties with your direction or consent.
8. International Transfers
We may process and store information in India, Singapore, the United States, the European Economic Area, and other countries where we or our service providers operate.
When required, we use appropriate transfer mechanisms such as contractual safeguards, standard contractual clauses, adequacy decisions, consent, or other lawful mechanisms.
9. Data Security
We use technical and organizational safeguards designed to protect information, including:
- TLS for network communications.
- Firebase authentication and token verification for protected APIs.
- Encryption for databases, backups, and sensitive infrastructure where supported.
- Platform secure storage for mobile secrets and tokens.
- Pairing designs that keep private keys local.
- Access controls, logging, monitoring, and least-privilege practices.
No system is completely secure. You are responsible for securing your devices, repositories, secrets, local bridge, cloud accounts, and third-party integrations.
10. Data Retention
We retain information only as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law.
Typical retention periods include:
- Account data: while your account is active and for a reasonable period after deletion to complete deletion, prevent fraud, resolve disputes, and comply with law.
- Billing, invoice, tax, and accounting records: as required by applicable tax and accounting law.
- Security logs and diagnostic records: for a limited period needed for security, debugging, abuse prevention, and compliance.
- Relay and pairing metadata: for the duration needed to operate pairing, routing, notifications, and troubleshooting.
- Support communications: as long as needed to resolve requests and maintain business records.
When information is no longer needed, we delete, aggregate, or de-identify it where practical.
11. Your Choices and Rights
Depending on your location, you may have rights to:
- Access personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete personal data.
- Export or receive a copy of personal data.
- Object to or restrict certain processing.
- Withdraw consent where processing is based on consent.
- Appeal or complain to a regulator where applicable.
- Nominate another person to exercise rights where recognized by applicable law.
You can exercise many account controls in the app. For requests, contact privacy@codeeka.dev. We may need to verify your identity before fulfilling requests.
12. California Privacy Notice
If the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies to your use of the Service, this section supplements the rest of the Policy.
We may collect identifiers, commercial information, internet or network activity, geolocation inferred from IP address, professional or employment-related information if you provide it, and inferences derived from usage. We use and disclose these categories for the business purposes described in this Policy.
We do not sell personal information. We do not knowingly share personal information for cross-context behavioral advertising. We do not knowingly collect personal information from children under 16.
California residents may request access, deletion, correction, portability, and information about categories of data collected and disclosed. We will not discriminate against you for exercising privacy rights.
13. European Privacy Rights
If GDPR applies, you may have rights of access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority.
You may contact privacy@codeeka.dev for requests. You may also contact dpo@codeeka.dev for data protection matters.
14. Indian Privacy Rights and Grievance Redressal
If Indian data protection law applies, you may have rights to access information about processing, correction, completion, updating, erasure, grievance redressal, and nomination as provided by applicable law.
For grievances, contact:
Grievance Officer, Codeeka Technologies Private Limited Email: grievance@codeeka.dev Response target: acknowledgement within 48 hours and resolution within 30 days where practical and required by law.
15. Cookies and Similar Technologies
The Codeeka website may use cookies, local storage, or similar technologies for authentication, security, session continuity, preferences, and basic product functionality.
We do not intend to use advertising pixels or cross-site behavioral advertising trackers. If this changes, we will update this Policy and provide required choices.
The mobile app does not use browser cookies, but it may use secure storage, local databases, push tokens, and platform identifiers needed for app functionality.
16. Children's Privacy
The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, contact privacy@codeeka.dev and we will take appropriate steps to delete it.
17. Third-Party Links and Services
The Service may link to or integrate with third-party websites, tools, AI providers, cloud platforms, repositories, payment providers, and authentication providers. Their privacy practices are governed by their own policies.
We are not responsible for third-party privacy, security, or content practices.
18. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated through the Service, email, or website notice where practical. The updated Policy will state its effective date.
Your continued use of the Service after an updated Policy takes effect means you acknowledge the updated Policy.
19. Contact
For privacy questions, concerns, or requests, contact:
Codeeka Technologies Private Limited Email: privacy@codeeka.dev Website: https://codeeka.dev/privacy
For grievances, contact grievance@codeeka.dev. For GDPR data protection matters, contact dpo@codeeka.dev.