Data Protection & Privacy Practices
TLS 1.3 + AES-256
We never sell your data
Export, delete anytime
GDPR, CCPA, SOC 2
ChaozCode Inc. ("ChaozCode," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your data when you access or use our AI-powered development platform and related services.
This Privacy Policy applies to:
ChaozCode Inc. is the data controller responsible for your personal data. For questions about this policy or your data rights, contact our Data Protection Officer at dpo@chaozcode.com.
Our Promise: We collect only what we need, protect what we collect, and give you control over your data. We never sell your personal information to third parties.
| Category | Data Elements | Purpose |
|---|---|---|
| Account Data | Name, email, password (hashed), username | Account creation, authentication |
| Payment Data | Card details (via Stripe), billing address | Process subscriptions, invoicing |
| Profile Data | Preferences, settings, avatar, timezone | Personalize your experience |
| Content Data | Code, prompts, projects, files you create | Provide platform services |
| Communication Data | Support tickets, feedback, survey responses | Customer support, product improvement |
| Category | Data Elements | Purpose |
|---|---|---|
| Device Data | Browser type, OS, device identifiers | Optimize experience, security |
| Usage Data | Features used, session duration, actions | Improve services, analytics |
| Log Data | IP address, timestamps, error logs | Security, troubleshooting |
| Location Data | Country, region (from IP) | Compliance, localization |
Important: We do NOT use your code or content to train our AI models without explicit opt-in consent. Your intellectual property remains yours. General usage patterns (not content) may be used to improve service performance.
We process your personal data under the following legal bases (as applicable under GDPR and similar laws):
| Legal Basis | Processing Activities |
|---|---|
| Contract Performance | Account management, service delivery, billing, support |
| Legitimate Interests | Security, fraud prevention, analytics, product improvement |
| Consent | Marketing communications, AI training opt-in, cookies |
| Legal Obligation | Tax compliance, law enforcement requests, regulatory requirements |
You may withdraw consent at any time without affecting prior processing. Contact us to exercise your rights.
You are responsible for maintaining the security of your account credentials, using strong passwords, and enabling two-factor authentication when available.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account Data | Duration of account + 30 days | Allow data recovery |
| Content/Code | Duration of account + 30 days | Service provision, export window |
| Billing Records | 7 years after transaction | Tax and legal compliance |
| Support Tickets | 3 years after resolution | Service quality, legal protection |
| Security Logs | 90 days | Security investigation |
| Analytics Data | 26 months (aggregated) | Trend analysis |
When you delete your account or request deletion, we permanently erase your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention).
Depending on your location, you may have the following rights regarding your personal data:
Request a copy of your personal data
Correct inaccurate or incomplete data
Request deletion of your data
Export data in machine-readable format
Limit how we process your data
Object to certain processing activities
| Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, security, basic functionality | Session / 1 year |
| Functional | Remember preferences, settings | 1 year |
| Analytics | Understand usage patterns (privacy-focused) | 26 months |
You can control cookies through your browser settings. Blocking essential cookies may affect platform functionality. We respect "Do Not Track" browser signals.
We use automated processing for:
These decisions may be appealed by contacting support. No solely automated decisions significantly affect your legal rights without human review.
Opt-Out: You can request that your content not be used for AI improvement. Contact privacy@chaozcode.com to opt out. This does not affect core service functionality.
ChaozCode services are not directed to individuals under 16 years of age (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children.
If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@chaozcode.com. We will promptly delete such information.
Educational institutions using ChaozCode for students under 16 must obtain appropriate parental/guardian consent and are responsible for compliance with COPPA, FERPA, and similar laws.
Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place:
Enterprise customers may request data residency in specific regions (EU, US). Contact sales@chaozcode.com for options.
Previous versions of this policy are available upon request. Contact privacy@chaozcode.com for historical versions.
If you disagree with changes, you may close your account before the new policy takes effect. Continued use after the effective date constitutes acceptance.
For questions about this policy or to exercise your privacy rights:
If you are in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.
We aim to respond to all privacy inquiries within 5 business days, and complete data requests within 30 days.