Privacy Policy
Effective Date: January 31, 2025 | Last Updated: January 31, 2025
Table of Contents
- 1. Introduction
- 2. Information We Collect
- 3. How We Use Your Information
- 4. Data Sharing and Disclosure
- 5. Data Security
- 6. Data Retention
- 7. Your Rights and Choices
- 8. International Data Transfers
- 9. Children's Privacy
- 10. AI and Machine Learning
- 11. Third-Party Services
- 12. Cookies and Tracking
- 13. Changes to This Policy
- 14. Contact Information
1. Introduction
Repofly ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based integrated development environment (IDE) and related services (collectively, the "Service").
Important Notice
By using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Service.
2. Information We Collect
2.1 Information You Provide Directly
- Account Information: Name, email address, username, password (encrypted), profile picture
- Payment Information: Processed securely through third-party payment processors (we do not store credit card details)
- Code and Content: Source code, files, projects, and other content you create or upload
- Communications: Support tickets, feedback, and correspondence with us
- API Keys: Third-party API keys you choose to provide (stored encrypted)
2.2 Information Collected Automatically
- Usage Data: Features used, time spent, error logs, performance metrics
- Device Information: Browser type, operating system, screen resolution, language preferences
- Network Information: IP address (anonymized), approximate location (country/region level only)
- Cookies and Similar Technologies: Session cookies, preference cookies, analytics cookies
2.3 Information from Third Parties
- OAuth Providers: Basic profile information from Google, GitHub, or other OAuth providers
- Integration Partners: Limited information necessary for service integrations
Data Minimization Principle
We follow the principle of data minimization, collecting only the information necessary to provide and improve our Service. We do not collect sensitive personal information unless explicitly required and consented to by you.
3. How We Use Your Information
3.1 Primary Purposes
- Provide, maintain, and improve our Service
- Process transactions and send related information
- Send technical notices, updates, security alerts, and support messages
- Respond to your comments, questions, and customer service requests
- Monitor and analyze trends, usage, and activities
- Detect, prevent, and address technical issues and security threats
- Comply with legal obligations and enforce our terms
3.2 AI and Machine Learning
Important: We do NOT use your code or content to train our AI models or any third-party AI models. Your intellectual property remains yours. AI features in our Service:
- Process your requests locally without storing the content
- Use only commercially licensed or open-source models
- Do not retain or learn from your specific code
- Can be completely disabled at your discretion
4. Data Sharing and Disclosure
We Do Not Sell Your Personal Information
We do not sell, rent, or trade your personal information to third parties for their commercial purposes.
4.1 Limited Sharing Scenarios
We may share your information only in the following circumstances:
| Scenario | What We Share | Purpose |
|---|---|---|
| Service Providers | Limited necessary data | Cloud hosting, payment processing, analytics |
| Legal Requirements | As required by law | Comply with legal obligations, court orders |
| Business Transfers | User data as an asset | Merger, acquisition, or asset sale (with notice) |
| Your Consent | As you specify | With your explicit consent |
| Aggregated Data | Non-identifiable statistics | Industry reports, service improvements |
4.2 Third-Party Service Providers
We work with carefully selected third-party service providers who are contractually obligated to:
- Use your information only as necessary to provide services to us
- Maintain the confidentiality and security of your information
- Delete or return all personal information after their services are complete
- Comply with applicable privacy laws and regulations
5. Data Security
5.1 Security Measures
We implement industry-standard security measures including:
- Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
- Access Controls: Role-based access control, multi-factor authentication
- Infrastructure: Enterprise-grade secure data centers with industry certifications
- Monitoring: 24/7 security monitoring and intrusion detection
- Isolation: Hardware-level VM isolation for code execution
- Backups: Regular encrypted backups with geographic redundancy
- Audits: Regular third-party security audits and penetration testing
5.2 Incident Response
In the event of a data breach, we will notify affected users within 72 hours in accordance with applicable laws, and take immediate steps to mitigate harm.
Your Security Responsibilities
You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account. Please notify us immediately of any unauthorized use.
6. Data Retention
6.1 Retention Periods
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Duration of account + 30 days | Service provision, recovery period |
| Code and Projects | Until deletion by user + 30 days backup | User control, recovery option |
| Usage Analytics | 24 months | Service improvement, trends analysis |
| Security Logs | 12 months | Security monitoring, compliance |
| Payment Records | 7 years | Legal and tax requirements |
6.2 Deletion Rights
You can request deletion of your personal data at any time. We will comply with such requests unless we are required to retain certain information by law or for legitimate business purposes.
7. Your Rights and Choices
7.1 Your Privacy Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your personal data
- Portability: Receive your data in a portable format
- Restriction: Limit how we process your data
- Objection: Object to certain processing activities
- Automated Decision-Making: Opt-out of automated decision-making
- Consent Withdrawal: Withdraw consent at any time
7.2 Exercising Your Rights
To exercise any of these rights, please contact us at privacy@repofly.com. We will respond to your request within 30 days.
7.3 Communication Preferences
You can opt-out of non-essential communications at any time through your account settings or by clicking the unsubscribe link in our emails.
8. International Data Transfers
8.1 Global Service
Our Service is global, and your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.
8.2 Safeguards
We ensure appropriate safeguards are in place for international transfers:
- Standard Contractual Clauses approved by the European Commission
- Privacy Shield certification (where applicable)
- Adequacy decisions by relevant authorities
- Your explicit consent for specific transfers
9. Children's Privacy
Age Restrictions
Our Service is not intended for children under 13 years of age (or 16 in the European Union). We do not knowingly collect personal information from children under these ages. If we become aware of such collection, we will promptly delete the information.
9.1 Educational Use
For educational institutions using our Service with students, we require:
- Parental consent for users under the applicable age
- Compliance with COPPA, FERPA, and similar regulations
- Limited data collection for educational purposes only
- No behavioral advertising or profiling of student users
10. AI and Machine Learning
10.1 AI Privacy Commitments
- No Training on User Code: We never use your code to train AI models
- Local Processing: AI processing happens in isolated environments
- No Retention: AI interactions are not stored unless you explicitly save them
- Model Selection: You control which AI models are used
- API Key Option: Use your own API keys for complete control
10.2 AI Transparency
When AI features are used, we clearly indicate:
- Which AI model is being used
- Whether the request is processed locally or remotely
- What data is being sent to the AI model
- How to disable AI features entirely
11. Third-Party Services
11.1 Integrated Services
Our Service integrates with various third-party services. When you use these integrations:
- Their privacy policies apply to data processed by them
- We only share minimum necessary information
- You can disconnect integrations at any time
- We are not responsible for third-party privacy practices
11.2 Key Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Cloudflare | CDN, DDoS protection | IP addresses, request data |
| Stripe | Payment processing | Payment information |
| Google OAuth | Authentication | Basic profile information |
| OpenAI/Anthropic | AI features (optional) | Code context (with consent) |
12. Cookies and Tracking
12.1 Types of Cookies We Use
- Essential Cookies: Required for Service functionality
- Preference Cookies: Remember your settings and preferences
- Analytics Cookies: Help us understand Service usage (anonymized)
- Security Cookies: Detect and prevent security threats
12.2 Cookie Control
You can control cookies through your browser settings. Note that disabling certain cookies may limit Service functionality.
12.3 Do Not Track
We respect Do Not Track signals and do not track users who have enabled this browser setting.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending an email notification for significant changes
- Obtaining consent where required by law
Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.
14. Contact Information
Privacy Contact
Email: privacy@repofly.com
Data Protection Officer: dpo@repofly.com
Mailing Address:
Repofly Inc.
Privacy Department
[Address will be updated upon incorporation]
Supervisory Authorities
EU residents may also contact their local data protection authority. UK residents may contact the Information Commissioner's Office (ICO).
California Privacy Rights
California residents have additional rights under the California Consumer Privacy Act (CCPA). For more information, please see our California Privacy Notice.
GDPR Rights
European Union residents have additional rights under the General Data Protection Regulation (GDPR). We are fully GDPR compliant and respect all rights granted under this regulation.