Privacy Policy

Data Controller: CodeGateway (WHITEDIT LTD) Registered Address: United Kingdom (WHITEDIT LTD, registered in England and Wales) Contact Email: support@codegateway.dev

If you have any questions about how we handle your data, please contact us at the email above.

We only collect the minimum information necessary to provide our services:

• Account Information: Your email address provided during registration. • Usage Data: API call logs (model ID, token usage, timestamps) for billing and service monitoring. • Technical Data: Browser type, IP address (used solely for security and abuse prevention).

We do NOT collect: Your real name, phone number, physical address, or payment card details (payments are processed by our third-party payment provider Creem; we never store card numbers).

Our core commitment: CodeGateway acts as an AI model API proxy. We only forward your requests to AI model providers (e.g., Anthropic) and NEVER store, log, or cache your conversation content (prompts) or model responses (completions).

Specifically: • We do not store your prompt or completion text • We do not use your conversation data to train any models • We do not share your conversation data with any third parties • API requests are purged from memory immediately after forwarding

We only log request metadata (model ID, token counts, timestamps) for billing purposes.

Under the General Data Protection Regulation (GDPR), our legal bases for processing your data are:

• Contract Performance (Art. 6(1)(b)): Processing your account information and API usage data to fulfill our service contract. • Legitimate Interest (Art. 6(1)(f)): IP address and browser data used for security and abuse prevention. • Consent (Art. 6(1)(a)): Non-essential cookies require your explicit consent.

Regarding special category data: We do not process any special categories of personal data as defined in GDPR Article 9.

Under GDPR and other applicable data protection laws, you have the following rights:

• Right of Access (Art. 15): You have the right to know what personal data we hold about you. • Right to Rectification (Art. 16): You have the right to request correction of inaccurate personal data. • Right to Erasure (Art. 17): You have the right to request deletion of your personal data ("right to be forgotten"). • Right to Restriction (Art. 18): In certain circumstances, you can request that we restrict processing of your data. • Right to Data Portability (Art. 20): You have the right to receive your data in a structured format. • Right to Object (Art. 21): You have the right to object to processing based on legitimate interests. • Right to Withdraw Consent: You may withdraw consent for non-essential cookies at any time.

To exercise your rights: Please email support@codegateway.dev. We will respond to your request within 30 days.

Our services may involve the following third-party data processors:

• Anthropic: AI model provider that receives API requests forwarded through us. Anthropic processes data according to its own privacy policy. • Creem: Payment processing provider that handles your payment transactions. Creem independently processes and protects your payment information. • Cloudflare: Infrastructure and CDN provider that handles network traffic and DDoS protection.

All data processors have signed Data Processing Agreements (DPAs) to ensure your data is appropriately protected.

• Account Data: Retained for the duration of your account and deleted within 30 days after account deletion. • API Usage Logs: Retained for 90 days for billing and reconciliation, then automatically deleted. • Conversation Content: NOT retained (see "We Never Store Your Conversation Content" section). • Cookie Data: Managed per our Cookie Policy; you can clear them at any time.

Our servers are deployed on Cloudflare's global network. Your data may be processed outside your country of residence. For data transferred from the EU/EEA, we ensure lawful transfer through Standard Contractual Clauses (SCCs).

Anthropic (a US company) receives data under the EU-US Data Privacy Framework.

We take reasonable technical and organizational measures to protect your data:

• All data in transit is encrypted using TLS (HTTPS) • API Keys are stored with encryption • Access controls limit data access permissions • Regular security audits and vulnerability assessments

While we strive to protect your data, no method of Internet transmission or storage is 100% secure.

Our services are not directed to children under 16. We do not knowingly collect personal information from children. If we discover we have collected data from a child, we will delete it immediately.

We may update this Privacy Policy from time to time. For significant changes, we will notify you via email or a notice on our website. Continued use of our services constitutes acceptance of the updated policy.

The most recent update date is shown at the top of this page.

If you have any questions or concerns about this Privacy Policy, please contact us:

• Email: support@codegateway.dev

If you believe we have mishandled your data, you have the right to lodge a complaint with the data protection authority in your jurisdiction.

Data Protection Officer (DPO): Pursuant to GDPR Article 37(1), CodeGateway as a small organization (fewer than 250 employees) is not required to designate a DPO. For data protection inquiries or to exercise your rights, please contact: support@codegateway.dev