CodeOrchCodeOrch

Legal

Privacy Policy

Last updated: June 15, 2025

CodeOrch (“we”, “us”, “our”) operates the codeorch.app platform and related APIs. This Privacy Policy explains what data we collect, why, and how you can control it. Please read it carefully.

1. Information We Collect

Account information

When you create an account we collect your email address, display name, and password hash. If you sign up via a third-party OAuth provider (e.g. GitHub), we receive only the information that provider shares with us — typically your email and public profile.

Usage data

We log API requests, MCP tool calls, task events, and session identifiers for debugging, billing, and abuse prevention. Logs are retained for 90 days and are not sold or shared with third parties.

Repository and code content

When you connect a GitHub repository, CodeOrch clones and indexes its files to power briefings and search. This content is stored encrypted and associated only with your project. We do not read, share, or train models on your code.

Payment information

Billing is handled by Stripe. We store only your Stripe customer ID and subscription status. Full card numbers are never transmitted to or stored on our servers.

Cookies and analytics

We use strictly necessary cookies for session management. We do not use third-party advertising cookies. We may use privacy-preserving, server-side analytics to understand aggregate usage trends.

2. How We Use Your Information

  • Operate, maintain, and improve the CodeOrch platform.
  • Authenticate users and secure accounts.
  • Process payments and manage subscriptions.
  • Generate task briefings, search results, and orchestration context from your repository data.
  • Send transactional emails (password reset, billing receipts, security alerts). We do not send marketing email without explicit opt-in.
  • Investigate abuse, enforce our Terms of Service, and comply with legal obligations.

3. Data Sharing

We never sell your data

Your personal information and repository content are never sold to third parties.

Service providers

We share limited data with sub-processors who help us deliver the service: Stripe (payments), AWS / Hetzner (hosting), Voyage AI (embeddings). Each sub-processor is bound by a data processing agreement and is prohibited from using your data for their own purposes.

AI model providers

When you use orchestration features, task descriptions and briefing context may be sent to a large language model API (e.g. Anthropic Claude). Only the content explicitly submitted for processing is transmitted — we do not send raw repository files to these providers.

Legal disclosure

We may disclose information if required by law, court order, or to protect the rights, property, or safety of CodeOrch, our users, or the public.

4. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we permanently delete your personal data and repository indexes within 30 days, except where retention is required by law (e.g. billing records, which are kept for 7 years). Anonymised, aggregated usage statistics may be retained indefinitely.

5. Security

We use industry-standard encryption in transit (TLS 1.2+) and at rest (AES-256). Repository content is encrypted per-project. Access to production systems is restricted to authorised personnel using MFA. We conduct periodic security reviews. No system is completely immune to breaches; if we discover a material breach affecting your data, we will notify you within 72 hours.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (right to erasure).
  • Export your data in a machine-readable format (data portability).
  • Object to or restrict certain processing.
  • Lodge a complaint with a supervisory authority (EU/UK residents).

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

7. International Transfers

CodeOrch is operated from the European Union. If you access the service from outside the EU, your data may be transferred to and processed in the EU and other jurisdictions where our service providers operate. We rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms for cross-border transfers.

8. Children's Privacy

CodeOrch is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, contact us and we will delete it.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. Continued use after the effective date constitutes acceptance of the updated policy.

10. Contact

For privacy questions, data requests, or to report a concern, email [email protected]. We aim to respond within 5 business days.

← HomeTerms of Service[email protected]