Last updated: June 1, 2026
When you sign up, we ask for your name, email, and that's about it. We don't ask for your address or phone number (though you can add them if you want to).
When you use CodeSync, we log: which projects you access, how long your sessions last, and basic stuff like your IP and browser type. We use this for debugging and to understand what features people actually use (spoiler: everyone uses the editor, almost nobody uses the dark mode toggle).
We use your email to send you things you need (password resets, billing notices). We might also send you product updates, but there's an unsubscribe link and we actually respect it.
We don't sell your data. That's not a revenue stream for us — if we're going to monetize, it'll be by building a better product, not by selling your info to ad networks.
Aggregated, anonymized data (like "60% of sessions use the terminal feature") might show up in blog posts or investor updates. That kind of data can't be traced back to you.
Data at rest: AES-256 encryption. Data in transit: TLS 1.3. We do annual penetration tests and we're SOC 2 Type II certified (which means an external auditor verified our security controls, not just that we have a policy document).
If you're on the Enterprise plan with end-to-end encryption enabled, we literally can't see your code even if we wanted to. The encryption keys are derived from your password using Argon2id, and we never store the unencrypted version.
We don't share your code with anyone, period. The only times we share any data at all are: (a) you explicitly ask us to (like inviting a teammate to a project), (b) we're legally compelled to (subpoena, that kind of thing), or (c) we're using a service provider (like AWS for hosting) who has strict confidentiality agreements with us.
You can export all your data from your account settings. It comes as a ZIP with your projects, comments, and settings. If you want to delete your account, email privacy@codesync.dev and we'll actually do it (not just mark it as "deactivated" in our database).
If you're in the EU, you've got GDPR rights. We support all of them, not just for EU users but for everyone. Data portability, right to deletion, right to complain to a regulator — it's all there.
We use exactly one cookie: a session cookie to keep you logged in. That's it. No tracking cookies, no ad network cookies, no "we're just collecting data for analytics" cookies. If you block all cookies, the site won't work because we won't know you're logged in. Fair trade-off.
If we make big changes (like "we're starting to collect different data"), we'll email you. If it's a small change ("we fixed a typo"), we'll just update the date at the top of this page.
Email privacy@codesync.dev. We try to reply within 48 hours, though sometimes it's longer if we're heads-down on a release. If you have a legal emergency (is there such a thing?), try calling — but honestly, email is better because we have a paper trail.
Mail: CodeSync Inc., 100 N. King Street, Suite 200, Wilmington, DE 19801.