Privacy Policy

1. Introduction

Recoder.xyz ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Username
• Password (hashed and salted)
• OAuth provider data (if using GitHub or Google sign-in)

2.2 API Keys (BYOK Model)

When you add an API key, we store:

• Encrypted API key: Your full API key is encrypted and can only be decrypted when making API calls on your behalf
• Key prefix: First 8-10 characters for display purposes (e.g., "sk-or-v1-***")
• Provider name: Which service the key is for (OpenRouter, Anthropic, etc.)
• Optional name: User-friendly name you assign to the key
• Usage metadata: Last used timestamp, creation date

2.3 Project Data

We store your projects and code, including:

• Project files and code
• Project metadata (title, description, file count)
• Chat history with AI (prompts and responses)
• Last modified timestamps

2.4 Usage Information

We automatically collect:

• IP address and browser information
• Usage patterns and feature interactions
• Error logs and diagnostic information
• Session duration and frequency of use

3. How We Use Your Information

We use the collected information to:

• Provide the Service: Process AI requests using your API keys, store your projects, and enable web↔CLI synchronization
• Improve the Service: Analyze usage patterns to enhance features and user experience
• Communicate: Send service updates, security alerts, and feature announcements
• Security: Detect and prevent fraud, abuse, or security incidents
• Support: Respond to your questions and provide customer support

4. API Key Security and Usage

4.1 Encryption

Your API keys are protected with:

• AES-256-GCM encryption: Industry-standard encryption algorithm
• Unique encryption keys: Master encryption key stored separately from database
• Encrypted at rest: Keys are never stored in plain text
• Encrypted in transit: All communication uses HTTPS/TLS

4.2 Access Control

API keys are only accessed when:

• You initiate an AI request through the web IDE or CLI
• The system needs to make API calls to third-party providers on your behalf
• You explicitly request to view or delete your keys

4.3 We DO NOT

5. How We Share Your Information

5.1 Third-Party AI Providers

When you use AI features, your prompts and requests are sent to the AI provider whose API key you configured (OpenRouter, Anthropic, OpenAI, etc.). These providers have their own privacy policies:

• OpenRouter Privacy Policy
• Anthropic Privacy Policy
• OpenAI Privacy Policy

5.2 Service Providers

We may share information with trusted service providers who help us operate the Service:

• Database hosting: Neon (PostgreSQL database)
• Authentication: OAuth providers (GitHub, Google)
• Analytics: Usage analytics for improving the Service

These providers are contractually obligated to protect your data and only use it to provide services to us.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

6. Data Retention

We retain your information for as long as:

• Your account is active
• Needed to provide the Service
• Required by law or for legitimate business purposes

When you delete your account, we will delete your personal information within 30 days, except where retention is required by law.

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Export: Download your projects and data
• Opt-out: Unsubscribe from marketing communications

To exercise these rights, contact us at recoderxyz@gmail.com

8. Security Measures

We implement security measures to protect your information:

• Encryption: AES-256-GCM for API keys, TLS/HTTPS for all communications
• Authentication: Secure password hashing (bcrypt), OAuth 2.0
• Access control: Role-based permissions and authentication
• Monitoring: Regular security audits and monitoring for threats
• Infrastructure: Hosted on secure, enterprise-grade cloud platforms

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyze usage patterns
• Improve Service performance

You can control cookies through your browser settings, but disabling cookies may limit Service functionality.

10. Children's Privacy

Recoder.xyz is not intended for users under 13 years of age. We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. International Users

Your information may be transferred to and processed in countries other than your own. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your jurisdiction.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Email: recoderxyz@gmail.com
• Twitter: @recoderxyz