Privacy Policy

Last updated: December 10, 2025

1. Introduction

IndigiCoder ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at indigicoder.com (the "Service").

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last updated" date of this Privacy Policy.

2. Definitions

For the purposes of this Privacy Policy:

Personal Data means any information that identifies, relates to, describes, or could reasonably be linked to you as an individual.
Service Data means operational and performance data about our Service that does not identify any individual user, including aggregated usage statistics.
Usage Data means data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (e.g., page visit duration).
Cookies are small files stored on your device (computer or mobile device) that allow us to recognize your browser and capture certain information.
Data Controller means the entity that determines the purposes and means of processing personal data.
Data Processor means a third party that processes personal data on behalf of the Data Controller.

3. Information We Collect

3.1 Information You Provide Directly

We collect information you provide directly to us, including:

Account Information: Name, email address, password, and profile information when you create an account.
Payment Information: Billing address and payment details processed securely through our payment processor, Stripe. We do not store your complete credit card information.
Communications: Information you provide when you contact us for support, send us feedback, or otherwise communicate with us.
User Content: Code, prompts, project files, and other content you create, upload, or generate using our Service.

3.2 Information Collected Automatically

When you access or use our Service, we automatically collect:

Device Information: IP address, browser type and version, operating system, device type, and unique device identifiers.
Usage Information: Pages visited, features used, time and date of access, time spent on pages, and other diagnostic data.
Log Data: Server logs that record information about how you use the Service.

3.3 Information from Third Parties

We may receive information about you from third parties, including authentication providers (such as Google or GitHub) if you choose to link your account, and from analytics providers.

4. Legal Bases for Processing

We process your personal data under the following legal bases:

Contract Performance: Processing necessary to provide our Service and fulfill our contractual obligations to you.
Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Service, preventing fraud, and ensuring security.
Consent: Where you have given explicit consent to the processing for specific purposes.
Legal Obligations: Processing necessary to comply with applicable laws and regulations.
Vital Interests: Processing necessary to protect the vital interests of any individual.

These legal bases apply across various jurisdictions, including under the GDPR (European Economic Area), CCPA/CPRA (California), PIPEDA (Canada), and other applicable privacy frameworks.

5. Purposes of Processing

We use the information we collect for the following purposes:

Service Delivery: To provide, maintain, and improve our Service, including processing your requests and transactions.
Account Management: To create and manage your account, authenticate your access, and provide customer support.
Communication: To send you technical notices, updates, security alerts, and administrative messages.
Analytics: To understand how users interact with our Service and to improve functionality and user experience.
Security: To detect, prevent, and address technical issues, fraud, and abuse.
Legal Compliance: To comply with applicable laws, regulations, legal processes, or government requests.
AI Model Improvement: To improve our AI-powered features and services (with appropriate safeguards).
Marketing: To send promotional communications (with your consent where required).
Research: To conduct research and development to improve our products and services.

6. Sub-Processors

We share your personal data with the following categories of third-party service providers (sub-processors) who assist us in operating our Service:

Provider	Purpose	Location
Supabase	Database hosting, authentication	United States
Stripe	Payment processing	United States
Anthropic	AI code generation	United States
OpenAI	AI code generation	United States
Google (Gemini)	AI code generation	United States
Vercel	Hosting, deployment	United States
Resend	Email delivery	United States

All sub-processors are bound by contractual obligations to protect your personal data and process it only for the purposes specified in our agreements with them.

7. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that are different from the laws of your country.

When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we use appropriate safeguards including:

EU-US Data Privacy Framework (where applicable)
Standard Contractual Clauses approved by the European Commission
UK International Data Transfer Agreement addenda
Swiss-US Privacy Shield framework (where applicable)

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account Data: Retained for the duration of your account and for 30 days following account deletion to allow for account recovery.
Log Data: Retained for up to 90 days for security and debugging purposes.
Payment Records: Retained as required by applicable tax and financial regulations (typically 7 years).
User Content: Deleted within 30 days of account termination, unless you request earlier deletion.
Analytics Data: Aggregated and anonymized data may be retained indefinitely.

9. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of our Service.

Types of Cookies We Use

Essential Cookies: Required for the operation of our Service, including authentication and security.
Functional Cookies: Enable personalized features and remember your preferences.
Analytics Cookies: Help us understand how visitors interact with our Service.

Managing Cookies

You can control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our Service.

10. Security Measures

We implement appropriate technical and organizational security measures to protect your personal data, including:

Encryption of data in transit using TLS/SSL
Encryption of sensitive data at rest
Regular security assessments and penetration testing
Access controls and authentication requirements
Employee training on data protection and security
Incident response procedures

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Right to Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of your personal data (subject to legal requirements).
Right to Restriction: Request restriction of processing of your personal data.
Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
Right to Object: Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
Right to Lodge a Complaint: File a complaint with a supervisory authority.

To exercise any of these rights, please contact us at indigicoder@gmail.com.

12. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

If we become aware that we have collected personal data from a child under 18 without verification of parental consent, we will take steps to delete that information promptly.

13. Third-Party Links

Our Service may contain links to third-party websites or services that are not owned or controlled by IndigiCoder. We are not responsible for the privacy practices of these third parties.

We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies only to our Service.

14. Communications

We may send you the following types of communications:

Transactional Emails: Order confirmations, receipts, and account notifications (cannot be opted out).
Service Updates: Important information about changes to our Service or terms.
Security Alerts: Notifications about security issues affecting your account.
Marketing Communications: Promotional content and newsletters (can be opted out).

You can manage your communication preferences in your account settings or by contacting us.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

For material changes, we will provide additional notice, such as:

Email notification to registered users
Prominent notice on our Service
In-app notification

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

16. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions. Any disputes arising under this Privacy Policy shall be subject to the exclusive jurisdiction of the state and federal courts located in Delaware.

17. Dispute Resolution

If you have any concerns or disputes regarding this Privacy Policy or our data practices, please contact us first at indigicoder@gmail.com. We will attempt to resolve your concerns promptly and in good faith.

If we are unable to resolve your concerns, you may pursue your claims through binding arbitration or in the courts of Delaware, as applicable under our Terms of Service.

18. Data Breach Notification

In the event of a data breach that affects your personal data, we are committed to:

Notifying affected users within 72 hours of becoming aware of the breach
Notifying relevant supervisory authorities as required by applicable law
Providing information about the nature of the breach and the data affected
Describing the measures taken to address the breach and mitigate potential harm
Providing recommendations for steps you can take to protect yourself

19. Automated Decision-Making

We do not engage in automated decision-making that produces legal effects or similarly significantly affects you, as defined under GDPR Article 22.

While we use AI to generate code and provide suggestions, these are tools that assist you in your work and do not make decisions about you based solely on automated processing.

20. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

IndigiCoder

Email: indigicoder@gmail.com

Website: indigicoder.com

We will respond to your inquiry within 30 days.