Privacy Policy
Last updated: May 6, 2026
At CoderFile.io ("we", "us", "our") we take your privacy seriously. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have under laws such as the EU/UK GDPR and the California Consumer Privacy Act (CCPA/CPRA). If you have questions, email info@coderfile.io.
We do not sell your personal information. We are not a data broker.
Information We Collect
Information you provide
- Account info: email address, username, password hash, optional avatar/bio
- Billing info (Pro/Team): name, billing address, last 4 of card — processed by Stripe (we never see full card numbers)
- Code & content: snippets, files, comments, AI prompts and outputs you submit
- Communications: support emails, survey responses, newsletter subscriptions
Information collected automatically
- Log data: IP address, browser type, OS, referring URL, request timestamps
- Usage data: pages viewed, features used, snippet executions, AI requests
- Approximate location derived from IP (country/region only)
- Device identifiers, screen size, language preference
- Cookies and similar technologies — see our Cookie Policy
Information from third parties
If you sign in via Google OAuth, we receive your email, name, and avatar URL from Google. Stripe shares limited transaction metadata with us to manage your subscription.
How and Why We Use Information
- Provide, maintain, and secure the service (run code, sync collaborators, store snippets)
- Authenticate users, manage accounts, and process payments via Stripe
- Detect, prevent, and respond to fraud, abuse, and security incidents
- Improve our products and understand how features are used
- Display contextual advertising via Google AdSense to free users
- Communicate service updates and respond to support requests
- Comply with legal obligations and respond to lawful requests
Legal Bases for Processing (EU/UK GDPR)
If you are in the EEA, UK, or Switzerland, our legal bases are:
- Contract (Art. 6(1)(b)): to provide the service you signed up for and process payments.
- Legal obligation (Art. 6(1)(c)): to keep tax records, respond to lawful requests, and meet retention duties.
- Legitimate interests (Art. 6(1)(f)): to secure the platform, prevent abuse, improve features, and run contextual marketing — balanced against your rights.
- Consent (Art. 6(1)(a)): for non-essential cookies, personalized ads in the EEA/UK, and email marketing where required.
- Vital interests / public interest (Art. 6(1)(d)/(e)): rarely, if needed to protect someone's safety.
Data Security
- Encryption in transit: TLS 1.2+ on every endpoint
- Encryption at rest: AES-256 on managed database storage
- Authentication: passwords salted and hashed; OAuth via Google supported
- Access control: row-level security on every table; least-privilege service roles
- Monitoring: continuous logging, rate limiting, and abuse detection
No system is 100% secure. Report vulnerabilities to security@coderfile.io.
Third-Party Subprocessors
We use the following vendors to operate the service. Each is contractually bound to protect your data. A current list with last-updated dates is published at coderfile.io/subprocessors.
- Supabase (via Lovable Cloud): database, authentication, edge functions, file storage
- Stripe, Inc.: subscription billing and payment processing
- Judge0 (RapidAPI): sandboxed code execution
- Google LLC: AdSense advertising and Google Analytics
- Resend: transactional email delivery
- Lovable AI Gateway (Google Gemini models): AI assistant features
- Cloudflare: DNS, CDN, and DDoS protection
International Data Transfers
We are a global service. Your data may be processed in the United States and other countries outside your home jurisdiction. Where data leaves the EEA, UK, or Switzerland, we rely on:
- European Commission Standard Contractual Clauses (SCCs) with our subprocessors
- The UK International Data Transfer Addendum where applicable
- The EU-US Data Privacy Framework where the recipient is certified
You may request a copy of the safeguards we use by emailing info@coderfile.io.
Information Shared Publicly
Some features are intentionally public. The following information may be visible to anyone on the internet (and may be indexed by search engines):
- Snippets you mark as Public, including code, title, description, and tags
- Your username and avatar on your public profile page
- Snippets shared with a public link (anyone with the link can view)
- Content posted in public discussion areas
Private snippets are visible only to you and explicit collaborators.
When We Share Your Information
- Subprocessors (above) acting on our instructions
- Legal requests: in response to valid subpoenas, court orders, or government requests
- Safety: to protect rights, property, and safety of users or the public
- Business transfers: in a merger, acquisition, financing, or sale of assets — your data may be transferred subject to this Policy
- With your consent or at your direction
- Aggregated / de-identified data that cannot reasonably be used to identify you
Cookies and Tracking
We use cookies and similar technologies for authentication, preferences, analytics, and advertising.
Full details, vendor list, and opt-out options are in our Cookie Policy. EEA/UK visitors may also manage Google ad personalization at myadcenter.google.com.
Data Retention
We keep data only as long as we need it for the purposes listed above, then delete or anonymize it.
- Account data: until you delete your account
- Snippets: until you delete them; deleted snippets are purged from primary storage within 30 days
- Encrypted backups: retained up to 90 days, then overwritten
- Server / request logs: approximately 30 days
- Anonymous analytics: up to 26 months (Google Analytics default)
- Billing records: retained 7 years for tax/audit compliance
Your Rights (EU/UK GDPR)
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion ("right to be forgotten")
- Portability — export your data in a machine-readable format
- Object — object to processing based on legitimate interests
- Restriction — request we limit processing
- Withdraw consent at any time, where processing is based on consent
- Lodge a complaint with your national supervisory authority (e.g. ICO in the UK, CNIL in France)
To exercise any right, email info@coderfile.io. We may need to verify your identity before responding.
California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (as amended by the CPRA).
Categories of personal information collected in the last 12 months:
- Identifiers (name, email, IP address, device IDs)
- Commercial information (subscription tier, billing history)
- Internet/network activity (pages viewed, features used)
- Geolocation data (approximate, from IP)
- Professional information (optional bio, role)
- Inferences about preferences (e.g. likely-to-upgrade signals)
Your CCPA/CPRA rights:
- Right to know what we collect, use, and share
- Right to delete personal information we hold
- Right to correct inaccurate personal information
- Right to opt out of "sale" or "sharing" for cross-context behavioral advertising
- Right to limit use of sensitive personal information
- Right to non-discrimination for exercising your rights
Do Not Sell or Share: We do not sell personal information for money. We may "share" limited identifiers with Google AdSense for advertising, which may qualify as "sharing" under CPRA. To opt out, email info@coderfile.io with subject "Do Not Sell or Share".
Children's Privacy
CoderFile.io is not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will delete it.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced by email or prominent in-app notice at least 14 days before they take effect. The "Last updated" date at the top indicates the most recent revision.
Contact Us
- General / privacy requests: info@coderfile.io
- Security disclosure: security@coderfile.io
- Legal / DMCA: admin@coderfile.io