LAST UPDATED — APRIL 2025
Your privacy matters. This policy explains clearly what data Codescribe collects, why, and how it is protected. We do not sell your data.
01
Codescribe is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights. We collect only what is necessary to operate the service.
02
Account data
When you register, we collect your email address and a hashed password (if using email auth), or your GitHub profile name and email (if using GitHub OAuth). This is managed by Supabase Auth.
Repository data
When you submit a GitHub URL, we temporarily access that repository's public file tree, README, and selected source files via the GitHub API in order to generate content. We do not store raw source code — only the generated outputs are saved.
Generated content
READMEs and LinkedIn posts generated for your repositories are stored in our database associated with your user ID and repository URL.
Usage data
We may collect standard server logs including IP addresses, request timestamps, and browser information for security and debugging purposes.
03
We use your data exclusively to: (a) authenticate and identify you; (b) generate content by sending repository analysis data to OpenAI's API; (c) save and display your previously generated content on your dashboard; (d) communicate with you about your account if necessary. We do not use your data for advertising or sell it to third parties.
04
Supabase
We use Supabase for user authentication and database storage. Your account data and generated content are stored in Supabase's infrastructure. Supabase is SOC 2 Type II compliant.
OpenAI
Repository analysis data (repo name, dependencies, selected file contents) is sent to OpenAI's API to generate content. We do not send personally identifiable information to OpenAI.
GitHub
If you use GitHub OAuth, your authentication is handled by GitHub. If you submit a repository URL, we access it using our own GitHub API token — your personal GitHub token is never stored or used.
Stripe
Payment processing is handled entirely by Stripe. We never receive, store, or have access to your card number or any payment credentials. When you purchase credits, Stripe notifies us via webhook with only the purchase result and your user ID — we then update your credit balance accordingly. All payment data is governed by Stripe's Privacy Policy.
05
Your account data and generated content are retained for as long as your account is active. You can delete individual projects from your dashboard at any time. If you delete your account, all associated data is removed within 30 days. Server logs are retained for up to 90 days.
06
We do not store any payment card information. Credit purchases are processed by Stripe, and the only payment-related data we retain is: the plan purchased (Core or Pro), the number of credits added, and a transaction record for your account history. This data is stored in our Supabase database and is used solely to manage your credit balance.
07
We implement industry-standard security practices including encrypted connections (HTTPS/TLS), hashed passwords via Supabase Auth, and row-level security policies on our database. No system is perfectly secure — please use a strong, unique password and keep your credentials private.
08
Depending on your jurisdiction, you may have the right to access, correct, or delete the personal data we hold about you. To exercise these rights, contact us at hello@codescribe.dev. EU/EEA users are covered by GDPR. California residents are covered by CCPA.
10
Codescribe is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us so we can delete it.
11
We may update this Privacy Policy periodically. We will notify users of material changes via email or a prominent notice in the app. Continued use after changes constitutes acceptance of the updated policy.
12
For privacy-related questions or requests, contact us at hello@codescribe.dev.