Privacy Policy
Effective date: June 20, 2026
At Codey, privacy is not a feature — it is the architecture. Codey is built local-first, meaning your code, your projects, and your AI interactions stay on your machine by default. This policy explains what we collect, what we don't, and why.
1. What We Collect
We collect the minimum data required to operate Codey's services:
- Account Information: Email address and name when you create a Codey account for Pro subscription management.
- Payment Data: Processed securely through our payment provider. We do not store full card numbers on our servers.
- Subscription Status: Your plan tier and billing state, synced between the CLI and Desktop application.
- Website Analytics: Anonymous page views and interactions on codeyai.space to improve the site experience.
2. What We Do NOT Collect
This is what matters. Codey's local-first architecture means:
- We never see your code. Your projects, files, and git history remain on your machine. Codey does not upload, transmit, or store your source code on any Codey server.
- We never see your prompts or AI outputs. Conversations with your AI providers happen directly between your machine and the provider you chose. Codey does not intercept, log, or store them.
- We never train on your data. Your code, prompts, outputs, and project context are never used to train AI models — ours or anyone else's.
- We never access your API keys. When you use BYOK (Bring Your Own Key), your provider credentials are stored locally on your device. Codey's servers have zero access to them.
3. How We Use What We Collect
- To create and manage your Codey account and Pro subscription.
- To process billing and send transactional emails.
- To sync subscription status between CLI and Desktop sessions.
- To improve the Codey website experience.
- To provide support when you contact us.
- To comply with legal obligations.
4. Third-Party AI Providers
Codey supports 70+ AI providers. When you connect a provider (Anthropic, OpenAI, Gemini, OpenRouter, etc.), your interactions are governed by that provider's own privacy policy and terms. Codey acts as a client — we do not proxy, log, or store your provider traffic. We encourage you to review each provider's data policies before connecting.
5. Cookies
The Codey website uses essential cookies for authentication and basic site functionality. We do not use tracking cookies, advertising pixels, or third-party behavioral analytics on our website. The Codey application (CLI, Desktop, TUI) does not use cookies.
6. Data Retention
We retain your account data only as long as your account is active. When you delete your account, we remove your personal data within 30 days, except where retention is required by law (e.g., tax or billing records).
7. Your Rights
Regardless of where you live, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your data.
- Export your data in a portable format.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at the address below. We will respond within 30 days.
8. Service Providers
We work with a minimal set of third-party services strictly to operate the Codey website, account authentication, and subscription billing. These providers may process data in the United States or other jurisdictions. Each maintains its own compliance certifications and data protection standards. We only share the minimum data each service requires to function.
9. Children's Privacy
Codey is not directed at children under 18. We do not knowingly collect personal data from minors. If we learn we have collected data from a minor, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy. When we do, we will post the updated version with a new effective date. Your continued use of Codey after changes are posted constitutes acceptance.
If you have questions, contact us at team@codeyai.space.