Privacy Policy

Last updated: March 26, 2026

CodeTrotter ("we," "us," or "our") operates the CodeTrotter platform at codetrotter.dev and the CodeTrotter mobile application. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address — for account authentication and communications
• Name and profile information — from your GitHub profile via OAuth
• GitHub username and avatar — to identify your account

Repository Data

When you generate a walkthrough, we temporarily access:

• Repository metadata — name, description, language, structure
• Source code — file contents necessary to generate the walkthrough
• Dependency information — package files and dependency trees

Repository data is processed in-memory during walkthrough generation and is not permanently stored on our servers. Generated walkthroughs contain summaries and explanations, not raw source code.

Usage Data

We automatically collect:

• Pages visited and features used
• Device type, browser, and operating system
• IP address (anonymized for analytics)
• Walkthrough generation events and model selections

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers or bank account details. We receive only a transaction reference and subscription status from Stripe.

2. How We Use Your Information

We use collected information to:

• Provide and improve the CodeTrotter service
• Authenticate your account and manage access
• Generate code walkthroughs from repositories you authorize
• Process payments and manage subscriptions
• Send service-related communications (account, billing, security)
• Analyze usage patterns to improve features and performance
• Detect and prevent fraud, abuse, and security incidents

3. Third-Party Services

We use the following third-party services that may process your data:

• GitHub (OAuth authentication, repository access) — Privacy Policy
• Stripe (payment processing) — Privacy Policy
• PostHog (product analytics) — Privacy Policy
• OpenAI / Anthropic / Google (AI model providers for walkthrough generation) — your code is sent to the selected model provider's API for processing. Each provider has its own data handling policies. We use API configurations that do not allow providers to train on your data.
• Cloudflare (hosting, CDN, DDoS protection) — Privacy Policy

4. Data Retention

• Account data is retained as long as your account is active
• Generated walkthroughs are stored for sharing purposes until you delete them or your account is closed
• Repository source code is processed in-memory and not persisted after walkthrough generation
• Usage analytics are retained for up to 24 months in anonymized form
• Payment records are retained as required by tax and accounting regulations

5. Your Rights

Depending on your location, you may have the following rights:

All Users

• Access — request a copy of data we hold about you
• Deletion — request deletion of your account and associated data
• Correction — request correction of inaccurate data
• Export — receive your data in a portable format

EU/EEA Residents (GDPR)

• Right to restrict processing
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

Our legal basis for processing personal data is: (a) your consent, (b) performance of a contract (providing the service), and (c) our legitimate interests in operating and improving the service.

California Residents (CCPA)

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt out of the sale of personal information
• Right to non-discrimination for exercising your rights

We do not sell personal information to third parties.

6. Data Security

We implement industry-standard security measures including:

• Encryption in transit (TLS) and at rest
• OAuth-based authentication (no password storage)
• Regular security reviews and dependency auditing
• Access controls and least-privilege principles

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to security@codetrotter.dev.

7. Cookies

We use essential cookies for authentication and session management. Our analytics provider (PostHog) may use cookies or similar technologies to collect usage data. You can manage cookie preferences in your browser settings.

8. Children's Privacy

CodeTrotter is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we discover such data has been collected, we will delete it promptly.

9. International Data Transfers

Your data may be processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place for cross-border transfers in compliance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of CodeTrotter after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

• Email: privacy@codetrotter.dev
• GitHub: coflounder/codetrotter