Privacy Policy

Coderblock, Inc. ("Coderblock," "we," "us," or "our") — a Delaware corporation with offices at 201 Spear Street, San Francisco, CA 94105 — operates an AI-powered development platform designed to help developers, entrepreneurs, and teams build web applications through intelligent code generation and automated deployment services. EU customers contract with our European subsidiary, Coderblock Srl (Italy).

This Privacy Policy describes how we collect, use, protect, and share information when you use our platform at coderblock.ai and related services ("Services"). We are committed to protecting your privacy while delivering innovative development tools.

Key Principles:

• We collect only the data necessary to provide and improve our Services
• Your code and projects remain your intellectual property
• We implement industry-standard security measures to protect your data
• We are transparent about our data practices and your privacy rights
• We comply with applicable privacy laws including GDPR, CCPA, and other regional regulations

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of our platform.

Account and Profile Information

When you create an account or use our Services, we collect:

• Full name and email address
• Company or organization name (if applicable)
• Account preferences and settings
• Subscription plan and payment information (processed securely through third-party providers)
• Profile picture or avatar (if uploaded)

Development and Project Data

To provide our AI-powered development services, we process:

• Code prompts and descriptions you submit to our AI system
• Generated code, templates, and project configurations
• File uploads and project assets (images, documents, data files)
• Project metadata including names, descriptions, and settings
• Build logs and deployment information
• Collaboration data when working with team members

Technical and Usage Information

We automatically collect technical data to maintain and improve our platform:

• IP address and approximate geographic location (city/region level)
• Browser type, version, and operating system
• Device information and screen resolution
• Pages visited, features used, and time spent on our platform
• API requests and system performance metrics
• Error logs and diagnostic information

Communication Data

When you contact us or interact with our support team:

• Support tickets and correspondence
• Feedback, suggestions, and survey responses
• Community forum posts and comments (if applicable)
• Communication preferences and marketing consent

Age Restriction: Our Services are intended for users aged 18 and older. We do not knowingly collect personal information from minors under 18. If we discover such collection, we will promptly delete the information.

Service Operations

• Providing AI-powered code generation and development assistance
• Processing your prompts and generating relevant code outputs
• Managing project builds, deployments, and hosting services
• Facilitating team collaboration and project sharing
• Processing payments and managing subscription services
• Providing customer support and technical assistance

Platform Enhancement

• Improving our AI models and code generation algorithms
• Analyzing usage patterns to enhance user experience
• Developing new features and capabilities
• Optimizing platform performance and reliability
• Conducting research and development activities

Security and Compliance

• Monitoring for fraudulent or abusive activity
• Protecting against security threats and vulnerabilities
• Complying with legal obligations and regulations
• Enforcing our Terms of Service and acceptable use policies
• Responding to legal requests and court orders

Communication and Marketing

• Sending service-related announcements and updates
• Providing product notifications and feature releases
• Delivering marketing communications (with your consent)
• Conducting user research and feedback collection

Legal Basis for Processing

We process your information based on:

• Contract Performance: To provide services you've requested
• Legitimate Interests: To improve our platform and ensure security
• Legal Compliance: To meet regulatory and legal requirements
• Consent: For marketing communications and optional features

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following limited circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating our platform:

• Cloud hosting and infrastructure providers (AWS, Fly.io)
• Managed backend services — database, authentication, storage, serverless functions, and realtime (Supabase)
• Payment processing services (Stripe, PayPal)
• Email delivery and communication platforms
• Analytics and monitoring services
• Customer support and helpdesk tools
• Security and fraud prevention services

These providers are contractually bound to protect your information and use it solely for the services they provide to us.

Team and Collaboration

When you collaborate on projects or join team workspaces, certain information may be shared with team members, including:

• Project content and code you contribute
• Your name and profile information within the team context
• Activity logs related to shared projects
• Comments and communication within team channels

Legal Requirements

We may disclose your information when required by law or to protect our rights:

• In response to valid legal process (subpoenas, court orders)
• To comply with government regulations and investigations
• To protect against fraud, abuse, or illegal activity
• To defend our legal rights and interests
• In emergency situations to protect personal safety

Business Transfers

In the event of a merger, acquisition, or sale of business assets, your information may be transferred to the new entity, subject to the same privacy protections outlined in this policy.

Aggregated and Anonymous Data

We may share aggregated, de-identified, or anonymous information that cannot be used to identify you, such as usage statistics, industry trends, or research insights.

Some features let you build, publish, and operate applications that include a managed backend — database, authentication, storage, serverless functions, and realtime — powered by our infrastructure partner Supabase (the "Managed Backend"). When you make such an application available to others, your application may collect, store, and process personal data belonging to the people or entities who use it (your "End Users").

Controller and Processor Roles

For personal data that your application collects from your End Users, you are the data controller and Coderblock acts as a processor, processing that data on your behalf and on your documented instructions solely to provide the Services. Supabase acts as a sub-processor. Coderblock does not independently control your End Users' personal data and does not use it for its own purposes. This is distinct from the personal data we process about you as our own customer (for account management, billing, and support), for which Coderblock is the controller as described elsewhere in this Policy.

Your Responsibilities as Controller

• Ensuring you have a valid legal basis and have obtained all consents and authorizations required before any End User personal data is processed
• Providing your End Users with a compliant privacy notice and a means to exercise their data subject rights
• Responding to your End Users' access, correction, deletion, and other data subject requests
• Configuring your application securely — access controls, Row Level Security, environment variables, retention and exposure settings — consistent with our and our providers' documentation and recommendations
• Determining what data is collected, how long it is retained, and when it is deleted, through your application's configuration

Data Processing Addendum (DPA)

Where you act as a controller and Coderblock (or Supabase) act as processors, the applicable Data Processing Addendum governs that processing. Where required by applicable law, you must execute the Coderblock DPA and, where applicable, the Supabase DPA (available through the Supabase dashboard) before processing your End Users' personal data. In the event of any conflict between this Privacy Policy and an executed DPA with respect to such processing, the DPA prevails.

Sub-Processors

To deliver the Managed Backend, we rely on Supabase (database, authentication, storage, serverless functions, and realtime) and on the underlying cloud infrastructure providers. A current list of sub-processors used for the Managed Backend is available on request and, where applicable, through the executed DPA.

Treated as Your Content

Personal data your End Users submit, upload, transmit, or generate through your application is treated as your content under our Terms of Service, and you remain responsible for it. Note that Managed Backend projects may be paused after a period of inactivity and may be subject to the platform controls and operational measures described in our Terms of Service.

We implement comprehensive security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:

Technical Safeguards

• End-to-end encryption for data transmission (TLS 1.3)
• AES-256 encryption for data at rest
• Secure key management and regular key rotation
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• Automated threat detection and monitoring systems

Operational Security

• Role-based access controls for our staff
• Background checks and security training for employees
• Confidentiality agreements with all personnel
• Regular security awareness and training programs
• Incident response procedures and 24/7 monitoring
• Secure development practices and code reviews

Infrastructure Security

• SOC 2 Type II and ISO 27001 certified data centers
• Physical security controls and biometric access
• Redundant systems and automated backups
• Network segmentation and firewall protection
• Regular vulnerability assessments and patching
• Environmental monitoring and disaster recovery plans

Your Security Responsibilities

To help protect your account, please:

• Use a strong, unique password for your account
• Enable two-factor authentication when available
• Keep your login credentials confidential
• Log out from shared or public computers
• Report any suspicious activity immediately
• Keep your contact information up to date

Incident Response

In the event of a security incident, we will:

• Investigate and contain the incident promptly
• Notify affected users within 72 hours when required by law
• Provide clear information about the nature and scope of the incident
• Take corrective measures to prevent future occurrences
• Cooperate with law enforcement and regulatory authorities

Depending on your location, you may have certain rights regarding your personal information. We honor these rights in accordance with applicable privacy laws:

Access and Portability

• Request access to the personal information we hold about you
• Receive a copy of your data in a structured, machine-readable format
• Export your projects, code, and account data
• Review how your information is being processed

Correction and Updates

• Correct inaccurate or incomplete personal information
• Update your account details and preferences
• Modify your communication settings
• Change your subscription and billing information

Deletion and Erasure

• Request deletion of your personal information
• Delete your account and associated data
• Remove specific projects or content
• Exercise your "right to be forgotten" where applicable

Processing Restrictions

• Object to certain types of data processing
• Restrict processing while disputes are resolved
• Opt out of automated decision-making
• Withdraw consent for optional features

Marketing and Communications

• Unsubscribe from marketing emails at any time
• Choose which types of communications you receive
• Opt out of promotional campaigns and newsletters
• Maintain essential service communications

Exercising Your Rights

To exercise any of these rights, please contact us at privacy@coderblock.com or through your account settings. We will:

• Verify your identity before processing requests
• Respond within 30 days (or as required by local law)
• Provide clear information about any limitations
• Assist you throughout the process

If you believe we have not adequately addressed your privacy concerns, you may file a complaint with your local data protection authority.