◱ Legal

Privacy Policy

Last updated: March 1, 2025

CodeNx ("we", "our", "us") is operated by Misiki Technologies LLP. This policy explains what data we collect, why we collect it, and how we protect it. We have tried to write this in plain English.

1. Data we collect

Account data

When you sign up, we collect your email address and name. If you sign up via OAuth (Google, GitHub), we receive only the email and name your provider shares with us.

Usage data

We collect anonymised usage events — which features you use, how often, and performance metrics. This data is never linked to individual identifiable users beyond your account ID.

Your data (collections & records)

The data you store in CodeNx collections is yours. We access it only to provide the service (running queries, generating embeddings, processing webhooks). We do not mine it, sell it, or share it with third parties.

Billing data

Payment processing is handled by Stripe. We store only the last four digits of your card, expiry, and Stripe customer ID. We never see or store full card numbers.

2. How we use your data

  • To provide and operate the CodeNx service
  • To send transactional emails (account verification, receipts, password resets)
  • To send product updates and changelogs (you can unsubscribe at any time)
  • To diagnose issues and improve service reliability
  • To comply with legal obligations

We do not sell your data to third parties. We do not use your data to train AI models.

3. Data storage & security

Your data is stored on servers in the EU (AWS Frankfurt). All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Database backups are encrypted and retained for 30 days.

Access to production systems is restricted to a small number of engineers via MFA-protected credentials with full audit logging.

4. Data retention

Account data is retained for the life of your account. If you delete your account, all data is permanently deleted within 30 days. Soft-deleted records are purged on the same schedule.

5. Your rights

Under GDPR and applicable law, you have the right to access, correct, export, or delete your personal data at any time. Email us at [email protected] and we will respond within 30 days.

6. Cookies

We use only necessary session cookies for authentication. We do not use third-party tracking cookies or advertising pixels. See our Cookie Policy for details.

7. Third-party services

We use a small number of processors: Stripe (payments), AWS (infrastructure), Resend (transactional email), and PostHog (anonymised product analytics). Each operates under their own privacy policy and our data processing agreements.

8. Contact

Questions about this policy? Email us at [email protected] or write to: Misiki Technologies LLP, India.