Code Lexica logo

DRAFT — This document is a draft and has not been reviewed by legal counsel. It is provided as a starting point and should be reviewed by a qualified attorney before use.

Privacy Policy

Last updated: February 2026

1. Information We Collect

We collect information you provide directly to us, including:

  • Account information: Name, email address, company name, and team size when you create an account or contact us
  • Repository access: OAuth tokens for connecting to GitHub, GitLab, Azure DevOps, or Bitbucket to analyze your repositories
  • Usage data: Interactions with the Service, including reports generated, chat queries, and feature usage
  • Payment information: Billing details processed through our third-party payment provider (we do not store full payment card numbers)

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process and analyze your repositories to generate reports and insights
  • Respond to your requests, comments, and questions
  • Send you technical notices, updates, and administrative messages
  • Monitor and analyze usage trends to improve the Service
  • Detect, prevent, and address technical issues and fraud

3. Source Code Processing

Your source code is stored securely with encryption at rest and strict tenant isolation. When you connect a repository, the Service:

  • Accesses your source code through secure API connections to your Git provider
  • Stores your source code in encrypted, isolated storage accessible only to your organization
  • Processes the code to build a knowledge graph capturing architecture, dependencies, patterns, and relationships
  • Generates derived intelligence (reports, analysis, contextual data) that is stored to provide the Service

All source code and derived data are encrypted at rest and in transit, with strict tenant isolation ensuring your code is never accessible to other customers.

4. Third-Party Services

We use the following categories of third-party services that may receive your data:

  • Authentication providers: For secure login and identity management
  • Cloud infrastructure: For hosting and data processing
  • Analytics services: To understand usage patterns and improve the Service
  • Payment processors: To handle billing and subscriptions
  • Git providers: To access repositories you authorize (GitHub, GitLab, Azure DevOps, Bitbucket)

We ensure our third-party providers maintain appropriate security and privacy standards. We do not sell your personal information to third parties.

5. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • OAuth-based repository access (we never store your Git credentials)
  • Role-based access controls within organizations and workspaces
  • Regular security audits and vulnerability assessments
  • SSO/SAML support for Enterprise customers requiring centralized authentication

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

6. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. When you disconnect a repository, the associated knowledge graph and derived data are deleted within 30 days. When you close your account, all account data is deleted within 30 days unless we are required by law to retain it.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data
  • Portability: Request a machine-readable copy of your personal data
  • Restriction: Request restriction of processing of your personal data
  • Objection: Object to the processing of your personal data

To exercise these rights, contact us at hello@codelexica.com. We will respond to your request within 30 days.

California residents (CCPA): You have the right to know what personal information is collected, request deletion, and opt out of the sale of personal information. We do not sell personal information.

EU/EEA residents (GDPR): We process personal data based on contractual necessity (providing the Service), legitimate interest (improving the Service), and consent (marketing communications). You may withdraw consent at any time.

8. Cookies

We use cookies and similar technologies to maintain your session, remember your preferences, and understand how you use the Service. We use:

  • Essential cookies: Required for authentication and core functionality
  • Analytics cookies: To understand usage patterns and improve the Service

We do not use advertising or tracking cookies. You can configure your browser to reject cookies, but this may affect your ability to use the Service.

9. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Information

For questions about this Privacy Policy or our data practices, please contact us at hello@codelexica.com.