1. Introduction
CodeGrex ("CodeGrex", "we", "us") provides an AI-native IDE, web portal, and related cloud services. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the choices you have.
By using our website, desktop application, or API, you agree to this policy. If you do not agree, please do not use our services.
2. Who we are
The data controller for the services described here is CodeGrex, operating from Tallinn, Estonia.
Privacy questions: support@codegrex.com · Contact form
3. Data we collect
Depending on how you use CodeGrex, we may process:
- Account data — email address, display name, authentication identifiers, and profile settings when you register or sign in (via Supabase Auth, including OAuth providers you choose).
- Billing data — subscription tier, credit balance, and transaction history. Payment card details are processed by Stripe; we do not store full card numbers on our servers.
- Usage data — model requests, token counts, timestamps, and credit consumption for metering, quotas, and support. We do not store your source code or chat prompt content on CodeGrex servers for routine cloud AI requests.
- Device and IDE session data — device login codes, IDE session tokens, app version, and platform information needed to authenticate the desktop client.
- Communications — messages you send through our contact form or support email.
- Website data — cookies and similar technologies as described in our Cookie Policy, and optional analytics if you consent.
4. How we use your data
We use personal data to:
- Provide, operate, and improve the IDE, web portal, and API.
- Authenticate users and prevent abuse.
- Process subscriptions, credit purchases, and usage billing.
- Respond to support requests and contact form submissions.
- Send service-related notices (e.g. billing, security, or product updates you opt into).
- Comply with legal obligations and enforce our Terms of Service.
We process data on the legal bases of contract performance, legitimate interests (security, product improvement, fraud prevention), consent (where required, e.g. non-essential cookies), and legal obligation.
5. AI features and your code
When you use managed cloud models, prompts and context are sent to the AI provider you select so the request can be completed. CodeGrex does not use your code to train our own models. Third-party providers apply their own privacy terms to that traffic.
When you use local models or offline privacy modes, your code can remain entirely on your device. See our Security page for more detail on data flows.
6. Sharing with third parties
We share data only as needed with service providers such as:
- Supabase — authentication and database hosting.
- Stripe — payment processing.
- Cloud AI providers — when you route requests to their models (e.g. OpenAI, Anthropic, Google).
- Infrastructure partners — hosting, caching, and logging required to run the API.
We do not sell your personal data. We may disclose information if required by law or to protect the rights, safety, and integrity of CodeGrex and our users.
7. Retention
We retain account and billing records for as long as your account is active and for a reasonable period afterward to meet legal, tax, and dispute-resolution requirements. Usage metering data is typically retained for about 90 days unless a longer period is required for billing or compliance.
You may request deletion of your account via dashboard settings or by contacting support. Some records may be retained where the law requires.
8. Your rights
If you are in the European Economic Area, United Kingdom, or another jurisdiction with similar laws, you may have the right to access, rectify, erase, restrict, or port your personal data, and to object to or withdraw consent for certain processing.
To exercise these rights, email support@codegrex.com. You may also lodge a complaint with your local data protection authority; in Estonia, this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).
9. International transfers
Our processors may store or process data outside your country, including in the United States. Where required, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms offered by our vendors.
10. Security
We use encryption in transit (TLS), access controls, and industry-standard practices to protect personal data. No method of transmission or storage is 100% secure; see our Security page for an overview.
11. Children
CodeGrex is not directed at children under 16. We do not knowingly collect personal data from children. Contact us if you believe a child has provided data and we will delete it.
12. Changes
We may update this policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be communicated by email or in-product notice where appropriate.
13. Contact
CodeGrex
Tallinn, Estonia
support@codegrex.com