Privacy Policy

Your privacy matters to us. Learn how we collect, use, and protect
your personal information in our rule management platform.

Last updated: November 12, 2025

1 Introduction

This Privacy Policy explains how Codesona ("we", "us", or "our") collects, uses, processes, and protects your personal information when you use our rule management platform and related services (collectively, the "Service").

We are committed to protecting your privacy and ensuring transparency in our data practices. This policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

πŸ”’ Data Minimization
We only collect data necessary to provide our Service

🚫 No Data Selling
Your data is never sold to third parties

πŸ‘₯ Team Control
You maintain control over your rules and content

πŸ›‘οΈ Industry Standards
We use industry-standard security measures

2 Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, company/team information
  • Profile Data: Profile picture, job title, preferences, settings
  • Rule Content: Coding rules, standards, guidelines, and configurations you create
  • Payment Information: Billing address, payment method (processed securely by third-party providers)
  • Communication Data: Support requests, feedback, survey responses

2.2 Information We Collect Automatically

  • Usage Data: How you interact with our Service, features used, time spent, rule creation/modification activities
  • Device Information: IP address, browser type, device type, operating system, IDE type
  • Log Data: Access logs, error logs, performance metrics, sync activities
  • Analytics Data: Aggregated usage patterns and statistics

2.3 Information from Third Parties

  • IDE Integration Data: Information from Cursor, Windsurf, or other MCP-compatible IDEs (with your consent)
  • Social Login: Basic profile information if you use social authentication
  • Payment Providers: Transaction status and billing information

3 How We Use Information

We use your information for the following purposes:

3.1 Service Provision

  • Provide and maintain the Service
  • Sync coding rules across your team's IDEs via MCP
  • Enable team collaboration and rule approval workflows
  • Manage user accounts and authentication

3.2 Service Improvement

  • Analyze usage patterns and trends
  • Improve rule synchronization performance
  • Develop new features and integrations
  • Fix bugs and technical issues

3.3 Communication

  • Send service-related notifications (rule approvals, sync status)
  • Provide customer support
  • Share product updates (with consent)
  • Respond to inquiries and feedback

3.4 Security & Compliance

  • Detect and prevent fraud and unauthorized access
  • Ensure platform security and integrity
  • Comply with legal obligations
  • Enforce our terms of service

4 Information Sharing

We do not sell your personal information. We may share your information only in the following limited circumstances:

4.1 Service Providers

We work with trusted third-party service providers who assist us in operating our Service, such as cloud hosting, payment processing, and analytics. These providers have access to your information only to perform their functions and are contractually obligated to protect your data.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of our assets, your information may be transferred to the new entity, subject to the same privacy protections.

4.4 Team Sharing

When you're part of a team, your rules and related activities are shared with team members according to your team's settings and permissions. Team administrators can view team member activities and manage access controls.

5 Rule Data Processing

5.1 Private Rules

By default, all rules you create are private to your team. We process your private rules solely to provide the Service, including synchronization to your team's IDEs via MCP. Your private rules are not used for any other purpose.

Important: Your private coding rules and team-specific configurations remain confidential and are protected by encryption in transit and at rest.

5.2 Public Rules

You may choose to make your rules public to share with the Codesona community. When you make rules public:

  • The rules and their descriptions become visible to all Codesona users
  • Author information (name, profile) is displayed
  • Other users can view, use, and adapt your public rules
  • Public rules may be featured in our marketplace

5.3 Rule Analytics

We collect aggregated, anonymized analytics on rule usage (e.g., how many teams use certain rule patterns) to improve our Service. This data cannot be traced back to individual users or teams.

5.4 MCP Integration Data

When rules are synchronized to your IDE via MCP (Model Context Protocol), we process sync status and timing data to ensure reliable delivery. This technical data is retained for troubleshooting and performance optimization.

6 Team Collaboration Features

6.1 Team Membership

When you join or create a team, your profile information, rule contributions, and activities within that team are visible to other team members. You control what rules you create and share within the team.

6.2 Team Administration

Team administrators have access to:

  • Team member profiles and activity logs
  • All team rules (pending, approved, rejected)
  • Rule approval and modification history
  • Team usage statistics and sync status

Administrators are responsible for managing their team's privacy settings and ensuring appropriate use of the platform.

6.3 Rule Approval Workflow

When you submit a rule for team approval, designated approvers can view the rule content, your submission comments, and related metadata. This process is necessary for team governance and quality control.

6.4 Leaving a Team

When you leave a team, rules you created remain with the team for continuity. However, your personal information is removed from the team's view, and you can request deletion of your contributed rules if legally permissible.

7 Data Security

We implement industry-standard security measures to protect your information:

πŸ”

Encryption

Data encrypted in transit (TLS 1.3) and at rest (AES-256)

πŸ”‘

Access Controls

Multi-factor authentication and role-based access

πŸ‘οΈ

Monitoring

24/7 security monitoring and threat detection

βœ…

Compliance

SOC 2 Type II certified infrastructure

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

8 Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active, plus 30 days after deletion
  • Rule Content: Retained according to your team settings, with options for immediate deletion. Public rules remain available unless you request removal
  • Usage Data: Active logs retained for 90 days; aggregated data retained for analytics (anonymized after 2 years)
  • Payment Records: Retained for 7 years to comply with accounting and tax regulations
  • Support Communications: Retained for 3 years for quality assurance and legal compliance

Note: Some data may be retained longer if required by law, to resolve disputes, enforce our agreements, or for backup and disaster recovery purposes.

9 Your Rights

Depending on your location, you may have the following rights regarding your personal information:

πŸ“‹ Access

Request access to your personal information and a copy of your data

✏️ Rectification

Correct inaccurate or incomplete information

πŸ—‘οΈ Deletion

Request deletion of your personal information (right to be forgotten)

πŸ“¦ Portability

Export your data in a machine-readable format

🚫 Objection

Object to processing of your personal information

⏸️ Restriction

Request restriction of processing in certain circumstances

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.

EU/UK Users: You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.

10 Cookies & Tracking

We use cookies and similar technologies to improve your experience and understand how you use our Service:

10.1 Types of Cookies We Use

  • Essential Cookies: Required for basic functionality (authentication, security). Cannot be disabled.
  • Functional Cookies: Remember your preferences, settings, and IDE configurations
  • Analytics Cookies: Help us understand usage patterns and improve the Service (can be disabled)
  • Marketing Cookies: Used for targeted advertising (with explicit consent, can be disabled)

You can manage cookie preferences in your browser settings or through our cookie consent banner. Note that disabling certain cookies may limit functionality of the Service.

11 International Data Transfers

Our Service is operated globally, and we may transfer your information to servers and service providers located outside your country. When we do, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses: Approved by the European Commission for transfers from EU/EEA
  • Adequacy Decisions: Transfers to countries with equivalent data protection recognized by the EU
  • Data Processing Agreements: Contracts ensuring appropriate security and privacy standards
  • Your Consent: Explicit consent for specific transfers where required by law

If you are located in the EU/EEA, your data may be transferred to and processed in the United States and other countries. We ensure such transfers comply with GDPR requirements.

12 Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and become aware that your child has provided us with personal information, please contact us immediately at [email protected].

If we learn that we have collected personal information from a child under 18, we will delete such information from our systems as quickly as possible.

13 Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated policy on our website with a new "Last Updated" date
  • Notify you via email or in-app notification
  • For significant changes that affect your rights, obtain your consent where required by law
  • Provide a summary of key changes in the notification

Your continued use of the Service after changes become effective constitutes acceptance of the revised policy. If you do not agree with the changes, you should discontinue use of the Service and contact us to close your account.

14 Contact Us

If you have any questions about this Privacy Policy or how we handle your data, you can contact us at:

πŸ“§ Email

[email protected]

πŸ“ Postal Address

Attn: Privacy Officer
284 Chase Road
A Block Unit 276
2nd Floor
London N14 6HF
United Kingdom

We aim to respond to all inquiries within 48 hours on business days.

For urgent privacy matters, please include "URGENT: Privacy Request" in your email subject.