Privacy Policy
Effective: [INSERT DATE]
Last updated: [INSERT DATE]
Plain-language summary. We collect what's needed to run the service: your account info, your code, runtime logs, and payment data. We don't sell anything to anyone. AI provider partners (Anthropic, OpenAI, etc.) see only the prompts you send for AI features. You can delete your account at any time.
1. Who we are
OffCoder ("we", "us", "our") is operated by [LEGAL ENTITY NAME], a company registered in [JURISDICTION], at [REGISTERED ADDRESS]. Our primary contact for privacy matters is privacy@offcoder.com.
This policy explains what personal data we collect, how we use it, with whom we share it, and your rights regarding it.
2. What we collect
Account data
When you sign up, we collect:
- Email address
- Password (stored as a salted bcrypt hash — we never see plaintext)
- Profile name + optional avatar
- If you sign in via OAuth (Google, GitHub, GitLab, Bitbucket, LinkedIn): provider's user ID, email, profile name, profile picture URL
- Linked Git provider OAuth tokens (encrypted at rest with AES-256-GCM, never returned to your client)
Project + content data
- Projects you create (name, description, language)
- Files inside projects (path + content, stored as text)
- Notebook-style chat histories with our AI features
- Agent session goals, plans, and per-step diffs
- Encrypted secrets you store per-project (decrypted only at runtime-job creation)
Usage + technical data
- Runtime job metadata (language, runtime image, exit code, duration)
- Runtime job logs (stdout/stderr captured during the job)
- AI usage logs (provider, model, token counts, request type — not the prompts themselves except as needed for billing audit)
- Device + session metadata: app version, OS version, device model, IP address, login timestamps
- Crash reports + performance traces (via Sentry; PII-stripped)
- Product analytics events (via PostHog; we use them for funnel analysis, not advertising)
Payment data
- Stripe handles all card details — we never see them. Stripe gives us a customer ID, last-4 digits, brand, and country
- Transaction amounts, dates, plan changes, refund history
- For India: GST number if you provide one for invoicing
3. Why we collect it (legal basis)
| Purpose | Data used | Legal basis |
|---|---|---|
| Authenticate you | Email, password hash, JWT sessions | Contract |
| Run code in cloud sandboxes | Project files, runtime metadata | Contract |
| Bill subscriptions + wallet top-ups | Stripe customer, transactions | Contract |
| Detect abuse / fraud | Usage patterns, IP, device meta | Legitimate interest |
| Improve the product | Aggregated analytics, feature usage | Legitimate interest |
| Send transactional emails (verify, reset, receipts) | Contract | |
| Send marketing emails | Consent (opt-in only) | |
| Comply with law | As required | Legal obligation |
4. AI features — what providers see
When you use AI features (chat, diff, agent, on-device, BYOK):
- Managed AI track (Base / Pro / Max plans): your prompt — including injected project context — is sent to the appropriate provider (currently Anthropic, OpenAI, DeepSeek). We use these providers under their respective data-processing terms. We do not permit them to train on your data; we send
prompt_caching+ zero-retention API options where available. - BYOK track: your prompts go to the provider whose API key you pasted. We don't see provider responses except as we relay them. Your provider's privacy policy governs that relationship — we are a transparent proxy.
- On-device AI (Free tier): your prompts are processed entirely on your phone via fllama. Nothing leaves your device.
5. How long we keep data
| Data | Retention |
|---|---|
| Account record (after deletion) | Erased within 30 days; some legal records retained 7 years |
| Project files + chat histories | Until you delete them or close your account |
| Runtime logs | 30 days, then aggregated + originals deleted |
| AI usage logs | 13 months (billing audit window) |
| Stripe transactions | 7 years (Indian tax law) |
| Crash reports / Sentry events | 90 days |
| Analytics events | 13 months, then aggregated |
6. Who we share data with
We share data only with the processors needed to run the service:
- Amazon Web Services (compute + storage, ap-south-1 / Mumbai region)
- Stripe Inc. (payments)
- Anthropic, OpenAI, DeepSeek, Google AI (managed-AI provider APIs only — when you use those features)
- Google Workspace (transactional + support email)
- Sentry (crash reporting; PII-stripped before send)
- PostHog (product analytics)
- Cloudflare (edge CDN + DDoS protection)
We do not sell personal data. We do not share data with advertising networks. We disclose data to law enforcement only when required by lawful process and only to the minimum extent legally required.
7. International data transfers
Your primary data stays in ap-south-1 (Mumbai). Some processors (Stripe, Anthropic, Sentry, PostHog) operate from the US or EU. Where transfers occur, we rely on Standard Contractual Clauses (SCCs) where required.
8. Your rights
Subject to applicable law (India DPDPA, EU/UK GDPR, California CCPA), you have the right to:
- Access the data we hold about you (Settings → Account → Export data, or email privacy@offcoder.com)
- Correct inaccurate data
- Delete your account + associated data (Settings → Danger Zone → Delete account)
- Restrict certain processing
- Port your data to another service (zip export of all your projects)
- Object to processing based on legitimate interest
- Withdraw consent for marketing emails
To exercise any right, email privacy@offcoder.com. We respond within 30 days.
9. Children
OffCoder is not directed to children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has signed up, email privacy@offcoder.com and we'll delete the account.
10. Security
We encrypt data in transit (TLS 1.2+) and at rest. AI provider keys, OAuth tokens, and project secrets are encrypted with AES-256-GCM. Production access is gated on multi-factor auth, IP allowlists, and audit logging. See Security for the full posture.
11. Changes to this policy
If we make material changes, we'll email registered users at least 14 days before they take effect. Minor edits (typos, clarifications) update the "Last updated" date without a notification.
12. Contact
Privacy questions or rights requests: privacy@offcoder.com
Legal address: [REGISTERED ADDRESS]
For Indian data principals: under DPDPA 2023, our Grievance Officer is [NAME] at grievance@offcoder.com.
For EU/UK data subjects: you may also lodge a complaint with your local supervisory authority.
This policy is provided for transparency. It is not legal advice. We've drafted it to industry standard but you should expect a final review by qualified counsel before launch.