Privacy Policy

1. Introduction

Welcome to CodeFlowOps ("we," "our," or "us"). CodeFlowOps is operated by ClayDesk LLC, a company registered at 45 Burgundy Lane, Middletown, CT 06457, United States.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered documentation generation service. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the service.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide when using our service:

• Account Information: Name, email address, and password when you create an account
• Authentication Data: Information provided through AWS Cognito for authentication
• Payment Information: Billing details processed through Stripe (we do not store credit card information)
• Profile Information: Subscription tier, usage statistics, and preferences

2.2 Usage Information

We automatically collect certain information when you use our service:

• Repository URLs: GitHub repository links you submit for documentation generation
• Generated Content: Documentation files created using our service
• Usage Data: Number of documentation generations, file counts, and service interactions
• Device Information: Browser type, operating system, IP address, and device identifiers
• Log Data: Access times, pages viewed, and other system activity

2.3 API Keys and Third-Party Services

If you provide API keys for third-party services (such as OpenAI), these keys are stored locally in your browser and are never transmitted to or stored on our servers. We do not have access to your API keys.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our AI documentation generation service
• Account Management: To create and manage your user account and subscription
• Payment Processing: To process payments and manage billing through Stripe
• Authentication: To verify your identity and secure your account using AWS Cognito
• Communication: To send service-related emails, updates, and support messages
• Analytics: To analyze usage patterns and improve our service performance
• Security: To detect, prevent, and address technical issues and fraudulent activity
• Legal Compliance: To comply with legal obligations and enforce our terms of service

4. Data Storage and Security

4.1 Data Storage

Your data is stored using the following secure infrastructure:

• AWS DynamoDB: User account data and subscription information
• AWS Cognito: Authentication credentials and user identity management
• AWS Amplify: Application hosting and deployment infrastructure
• Browser Storage: API keys and preferences stored locally on your device

4.2 Security Measures

We implement industry-standard security measures to protect your information:

• Encryption of data in transit using HTTPS/TLS
• Encryption of data at rest in AWS services
• Secure authentication through AWS Cognito
• Regular security audits and monitoring
• Access controls and authentication requirements
• Payment processing through PCI-compliant Stripe infrastructure

Note: While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

5. Third-Party Services

We use the following third-party services to provide and improve our service:

• Amazon Web Services (AWS): Cloud infrastructure, authentication, and database services
• Stripe: Payment processing and subscription management
• OpenAI: AI model access for documentation generation (when using our API keys)
• GitHub: Repository access for fetching code and file structures

These third-party services have their own privacy policies. We encourage you to review their policies:

• AWS Privacy Policy
• Stripe Privacy Policy
• OpenAI Privacy Policy
• GitHub Privacy Policy

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

• Service Providers: With third-party vendors who perform services on our behalf (AWS, Stripe)
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Protection of Rights: To protect our rights, property, or safety, or that of our users
• With Consent: With your explicit consent for any other purpose

7. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes and enforce our agreements
• Maintain business records

When you delete your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal or regulatory purposes.

8. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a portable format
• Objection: Object to processing of your personal information
• Restriction: Request restriction of processing your information
• Withdrawal: Withdraw consent for data processing

To exercise these rights, please contact us at privacy@claydesk.com

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Maintain your session and authentication status
• Remember your preferences and settings
• Analyze usage patterns and improve our service
• Provide personalized content and features

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of our service.

10. International Data Transfers

Your information may be transferred to and processed in the United States or other countries where our service providers operate. These countries may have different data protection laws than your country. By using our service, you consent to the transfer of your information to these countries. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

11. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@claydesk.com and we will delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically. Your continued use of the service after changes are posted constitutes your acceptance of the updated Privacy Policy.

14. GDPR and CCPA Compliance

14.1 For EU Users (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to be informed about data collection and usage
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

14.2 For California Users (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information
• Right to access your personal information
• Right to equal service and price
• Right to delete personal information

Note: We do not sell your personal information to third parties.