Privacy Policy

1. Personal Data We Collect

1.1 Account Registration

When you register, we collect your name and email address via GitHub OAuth. We do not store GitHub passwords or access tokens beyond what is necessary to authenticate your session.

1.2 Billing and Subscriptions

When you purchase credits or a subscription, our payment processor Stripe collects and processes your billing information (name, company, email address, billing address, and VAT number where applicable). Codeset does not store payment card details.

1.3 Repository Data

When you use Codeset, we temporarily access the contents of repositories you authorise via GitHub. We do not retain repository copies after a run completes. We store metadata and analysis derived from repositories solely to provide the service to you. See our Terms of Service for full details.

1.4 Usage Data and Analytics

We use Google Analytics to collect anonymised information about how users interact with our website and platform, including pages visited, session duration, and general location. Google Analytics uses cookies to collect this information. You can opt out of Google Analytics tracking by using the Google Analytics Opt-out Browser Add-on.

1.5 Marketing Communications

If you provide your email address to receive marketing communications, we store that address and use it to send you updates about Codeset products and services. You may unsubscribe at any time by following the unsubscribe link in any email or by contacting us directly.

2. How We Use Personal Data

We use the personal data we collect to:

• Create and manage your account
• Provide, maintain, and improve our services
• Process payments and manage subscriptions
• Send service-related administrative communications
• Send marketing communications where you have opted in
• Monitor and protect against fraud and security threats
• Analyse usage patterns to improve the platform
• Comply with legal obligations

3. Legal Bases for Processing

We process personal data under the following legal bases:

• Performance of a contract (Art. 6(1)(b) GDPR): processing necessary to provide the services you have requested
• Legitimate interests (Art. 6(1)(f) GDPR): usage analytics, security monitoring, and service improvement
• Consent (Art. 6(1)(a) GDPR): marketing communications, where you have explicitly opted in
• Legal obligation (Art. 6(1)(c) GDPR): compliance with applicable law

4. Data Sharing and Subprocessors

We do not sell, rent, or trade your personal data. We share data only with the following third parties where necessary to provide the services:

• GitHub (authentication and repository access)
• Stripe (payment processing)
• Google Analytics (usage analytics)
• Microsoft Azure (cloud infrastructure and data storage)

We may also disclose personal data to law enforcement or regulatory authorities when required by applicable law.

5. Data Storage and Transfers

All user data is stored on Microsoft Azure infrastructure located in Europe. Where data is transferred outside the European Economic Area (for example, through Google Analytics), such transfers are conducted in accordance with GDPR, using adequacy decisions or Standard Contractual Clauses as appropriate.

6. Data Retention

We retain personal data only for as long as necessary to provide the services and fulfil the purposes described in this policy. When determining retention periods, we consider the nature of the data, our contractual obligations, legitimate business interests, and applicable legal requirements.

When you delete your account, we will delete or anonymise your personal data within a reasonable period, except where retention is required by law.

To delete your account, please send us an email at nuno@codeset.ai or andre@codeset.ai. We will process your request within 30 days.

7. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

8. Children

Our services are not directed to children under the age of 13. We do not knowingly collect personal data from children under 13. If you become aware that a child under 13 has provided us with personal data, please contact us and we will take steps to delete such information. Users in the EU/EEA must meet the applicable age of digital consent for their jurisdiction, or provide verifiable parental authorisation.

9. Your Rights

Under GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete personal data
• Request erasure of your personal data
• Restrict or object to processing
• Receive your data in a portable format
• Withdraw consent at any time where processing is based on consent
• Lodge a complaint with the Portuguese data protection authority (CNPD, cnpd.pt)

To exercise any of these rights, contact us at nuno@codeset.ai or andre@codeset.ai. We will respond within 30 days, or within two months for requests of special complexity.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the platform or by email. Continued use of the services after changes take effect constitutes acceptance of the updated policy.

11. Contact

For any privacy-related questions or to exercise your rights:

Email:

• nuno@codeset.ai
• andre@codeset.ai

Address:

Av. Mouzinho de Albuquerque 48 5B
1170-265 Lisboa
Portugal