DRAFT — Alpha placeholder. This is a preliminary privacy notice for the CodexIQ alpha. It has not been reviewed by legal counsel and is subject to change. It does not constitute legal advice. A finalised policy will replace this document before any commercial release.
Privacy Policy
Last updated: June 2026 · Alpha version — subject to change
CodexIQ ("we", "us", or "our") is committed to handling your data with care. This notice describes what we collect, how we use it, and the controls you have over it during the alpha period.
What we collect
Account information — email address and a hashed password. We never store your password in plaintext.
Workspace content — the Glyphs, Nodes, Codexes, Prisms, and Sources you create and upload. This content is yours and is stored only to provide the service.
Usage events — anonymous operational logs (page loads, feature interactions) used solely for debugging and improving the product. No behavioural profiles are built from this data.
Feedback — if you submit feedback via the in-app button, we store the text and rating you provide alongside your account identifier.
What we do not collect
We do not collect payment information (CodexIQ is currently free).
We do not collect your API keys in plaintext. If BYOK (Bring Your Own Key) is configured, keys are encrypted at rest.
When you upload files, the source binary is discarded after text extraction — we do not retain your original PDFs, documents, or recordings.
How we use your data
To provide and operate the CodexIQ workspace.
To generate AI summaries, Insights, and Prism suggestions on your behalf. Your content is sent to the configured AI provider (currently OpenAI) only when you trigger an AI action. Your content does not train our models or any third-party model.
To respond to feedback and diagnose issues.
We do not sell, share, or license your data to third parties for advertising or any commercial purpose.
AI providers
When you use Semantic AI features, your content is transmitted to OpenAI via their API. This is subject to OpenAI's privacy policy. We use the API in a way that does not permit OpenAI to use your data to train their models. Multi-provider BYOK support is on the roadmap; this section will be updated when it ships.
Data retention
Your account and workspace data is retained for as long as your account is active. You may request deletion of your account and all associated data by contacting us (see below). During the alpha, we may also purge data as part of database migrations with advance notice where possible.
Security
Passwords are stored using a strong scrypt hash (via Werkzeug). Connections to the application are served over HTTPS. We implement access controls so users can only access their own data. As an alpha product, we encourage responsible disclosure of any security issues.
Your rights
You have the right to access, correct, export, or delete the personal data we hold about you. To exercise any of these rights, please contact us at the address below. We will respond within a reasonable timeframe.
Cookies
CodexIQ uses a single session cookie to keep you logged in. We do not use advertising cookies or third-party tracking cookies.
Children
CodexIQ is not directed at children under 13. We do not knowingly collect personal data from children.
Changes to this policy
As CodexIQ moves from alpha to general availability, this policy will be revised and reviewed by legal counsel. We will notify active users of material changes.
