Privacy Policy

Welcome to HalbonCode. We respect your privacy and are committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered code review platform, VS Code extension, and related services.

We collect information you provide directly, including: • **Account Information:** Name, email address, password, and profile details when you create an account. • **Payment Information:** Payment card details and billing addresses processed securely through Stripe. • **Code Data:** Source code snippets submitted for AI review. We do not store your source code beyond the review session unless you explicitly enable cloud sync. • **Usage Data:** Pages visited, features used, review history, and interaction patterns. • **Device Information:** Browser type, operating system, IP address, and device identifiers. • **Extension Data:** VS Code extension telemetry (opt-in), extension version, and configuration settings.

We use the information we collect to: • Provide, maintain, and improve our services. • Process transactions and send related information. • Send transactional emails (review results, account notifications). • Personalise your experience and provide recommendations. • Monitor and analyse usage trends to improve our platform. • Detect, investigate, and prevent fraudulent or unauthorised activity. • Comply with legal obligations.

When you submit code for review, snippets of your code are sent to the AI provider you have configured (e.g., Anthropic, OpenAI, Google, OpenRouter). Each provider has its own data processing terms: • **Anthropic (Claude):** Data is not used for training. Processed under their commercial terms. • **OpenAI (GPT-4o):** Data is not used for training when accessed via API. Subject to OpenAI's usage policies. • **Google (Gemini):** Processed under Google Cloud's data processing terms. • **OpenRouter:** Acts as a proxy; refer to the underlying model provider's terms. We use a BYOK (Bring Your Own Key) model. Your API keys are encrypted at rest and never shared with third parties.

Your data is stored on secure servers managed by our cloud infrastructure providers (Supabase, Vercel, Fly.io). We implement industry-standard security measures including: • AES-256 encryption for data at rest. • TLS 1.3 encryption for data in transit. • Regular security audits and penetration testing. • Role-based access controls (RBAC). • API key encryption using hardware security modules.

We retain your personal data for as long as your account is active or as needed to provide services. Specific retention periods: • **Account Data:** Retained until account deletion. • **Review Results:** Retained for 90 days unless cloud sync is enabled. • **Audit Logs:** Retained for 12 months. • **Payment Records:** Retained for 7 years for tax compliance. You may request deletion of your data at any time (see Section 7).

If you are in the UK or EU, you have the following rights under GDPR: • **Access:** Request a copy of your personal data. • **Rectification:** Request correction of inaccurate data. • **Erasure:** Request deletion of your data ("right to be forgotten"). • **Restriction:** Request limitation of processing. • **Portability:** Receive your data in a structured, commonly used format. • **Objection:** Object to processing based on legitimate interests. • **Withdraw Consent:** Where processing is based on consent. To exercise these rights, email privacy@halboncode.dev.

We use essential cookies for authentication and session management. Optional analytics cookies are used only with your consent. • **Essential Cookies:** Required for login and security. • **Analytics Cookies:** Help us understand usage patterns (Google Analytics, Plausible). • **Preference Cookies:** Remember your settings and theme preferences. You can manage cookie preferences through your browser settings or our cookie consent banner.

Your data may be transferred to and processed in countries outside the UK/EU. Where this occurs, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the UK ICO and European Commission.

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Our platform integrates with third-party services including: • **Stripe** for payment processing. • **Supabase** for authentication and database services. • **GitHub, GitLab, Bitbucket** for repository integration. • **AI Providers** (Anthropic, OpenAI, Google, OpenRouter) for code review. Each third-party service has its own privacy policy. We encourage you to review them.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, sending you an email notification. The "Last Updated" date at the top of this page indicates the most recent revision.

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: • **Email:** privacy@halboncode.dev • **Address:** HalbonCode Ltd, United Kingdom • **Data Protection Officer:** dpo@halboncode.dev