Privacy Policy — CodeDetect
Last updated: 16 April 2026
Data Controller: CeciArt Consulting Ltd
1. Introduction
CodeDetect ("we", "us", or "our") operates the AI code detection service at codedetect.dev ("Service"). This Privacy Policy explains how we handle your data.
2. Information We Collect
2.1 Code Submitted for Analysis
Code submitted for AI detection analysis is processed in real-time. On the free tier, code is not retained beyond processing. On paid tiers, scan results and metadata (not raw code) may be stored for your history. We never use submitted code to train AI models.
2.2 Account Information
Email and profile data. Lawful basis: Performance of contract (Article 6(1)(b) UK GDPR).
2.3 Payment Information
Processed by Stripe. We do not store card details. Lawful basis: Performance of contract.
2.4 Usage Data
Anonymised usage data. Lawful basis: Legitimate interests (Article 6(1)(f) UK GDPR).
3. Special Considerations
CodeDetect results may be used in contexts involving individuals (e.g., academic integrity). We process only code — we do not process personal data about the authors of submitted code. If you use CodeDetect results in connection with identifiable individuals, you are responsible for compliance with data protection law regarding those individuals.
4. Third-Party Processors
| Processor | Purpose | Data Shared |
|---|---|---|
| Anthropic/OpenAI | AI analysis | Submitted code (transient) |
| Vercel | Hosting | Usage data, IP addresses |
| Supabase | Database | Account data, scan metadata |
| Stripe | Payments | Billing information |
| Microsoft Clarity | Session replay, heatmaps, usage analytics | Anonymised session recordings, scroll and click behaviour |
5. Data Retention
- Submitted code: Not retained beyond processing
- Scan results (free): Not stored server-side
- Scan results (paid): Duration of subscription + 90 days
- Account data: Until deletion + 30 days
- Server logs: Up to 30 days
6. International Transfers
Data may be processed in the US/EU. Safeguards (SCCs/adequacy decisions) in place.
7. Your Rights (UK GDPR)
Access, rectification, erasure, restriction, portability, objection, withdrawal of consent. Contact privacy@ceciart.io. Response within one month. Complaints: ICO (ico.org.uk).
8. Your Rights (CCPA/CPRA)
California residents: right to know, delete, opt out. We do not sell personal information.
9. Children's Privacy
Not directed to under-16s.
10. Cookies
Essential cookies only. Analytics with consent where required.
11. Security
Industry-standard encryption (TLS), access controls, regular reviews.
12. Changes
30 days' notice for material changes.
13. Contact
privacy@ceciart.io — CeciArt Consulting Ltd