Privacy Policy for CodePlan

Last Updated: November 24, 2025

Thank you for using CodePlan ("we," "us," or "our"). This Privacy Policy outlines how we collect, use, and protect your personal and non-personal information when you use our website located at https://codeplan.top (the "Website") and our AI-powered technical documentation generation services (the "Services").

By accessing or using the Website and Services, you agree to the terms of this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our platform.

1. About CodePlan

CodePlan is an AI-powered technical documentation generator that helps developers and teams create comprehensive project documentation including PRDs, tech stack recommendations, file structures, schema designs, user flows, and styling guides. We leverage artificial intelligence to streamline the documentation process for software projects.

2. Information We Collect

2.1 Personal Data

We collect the following personal information from you:

Name: We collect your name to personalize your experience and address you in communications.

Email Address: We collect your email address for account authentication, service notifications, billing communications, credit balance alerts, and customer support.

Payment Information: We collect payment details through Stripe, our payment processor. We do not store your complete credit card information on our servers. Stripe securely processes and stores your payment data in compliance with PCI-DSS standards.

Authentication Data: When you sign in using Google or GitHub OAuth, we receive your name, email address, and profile information from these providers.

Project Data: We store the project descriptions, questionnaire responses, and generated documentation that you create using our Services.

2.2 Non-Personal Data

We use web cookies and similar technologies to collect non-personal information including:
- IP address and geographic location
- Browser type and version
- Device information and operating system
- Usage patterns and feature interactions
- Session duration and navigation paths

This information helps us improve our Services, analyze usage trends, prevent fraud, and enhance user experience.

2.3 Third-Party Service Data

We integrate with the following third-party services that may collect and process data:

OpenAI: Your project descriptions and questionnaire responses are sent to OpenAI's API to generate documentation. OpenAI processes this data according to their own privacy policy and data usage policies.

MongoDB Atlas: We use MongoDB Atlas to store your account information, project data, and generated documents. Data is encrypted at rest and in transit.

Pusher: We use Pusher for real-time collaboration features including comment notifications and live updates.

Stripe: Payment processing, subscription management, and billing information are handled by Stripe.

3. Purpose of Data Collection and Use

We collect and use your data for the following purposes:

Account Management: Creating and maintaining your account, authenticating your identity, and managing your subscription.

Service Delivery: Processing your documentation generation requests, managing your credit balance, storing your projects, and delivering generated documents.

AI Document Generation: Sending your project information to OpenAI's API to generate technical documentation based on your inputs.

Payment Processing: Processing subscription payments, managing credits, handling refunds, and maintaining billing records through Stripe.

Communication: Sending service notifications, credit balance alerts (when balance drops below 10%), billing updates, and responding to support inquiries.

Collaboration: Enabling sharing, commenting, and version history features for team collaboration.

Service Improvement: Analyzing usage patterns to improve our Services, develop new features, and optimize performance.

Legal Compliance: Maintaining audit trails, complying with legal obligations, and protecting against fraud or abuse.

4. Data Sharing and Disclosure

We share your data only in the following circumstances:

Service Providers: We share data with trusted third-party service providers who help us operate our Services:
- OpenAI (AI document generation)
- Stripe (payment processing)
- MongoDB Atlas (data storage)
- Pusher (real-time features)
- Resend (transactional emails)

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

Legal Requirements: We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner.

We do not sell, trade, or rent your personal information to third parties for marketing purposes.

5. Data Storage and Security

Data Residency: We offer region-select data storage to comply with GDPR and other data protection regulations. You can choose to store your data in the US, EU, or Asia regions.

Encryption: All data is encrypted in transit using TLS/SSL and at rest using MongoDB Atlas encryption.

Access Controls: We implement role-based access controls and authentication measures to protect your data from unauthorized access.

SOC 2 Readiness: We maintain security practices aligned with SOC 2 Type II requirements, including regular security audits, access logging, and incident response procedures.

Token Security: Your authentication tokens and API keys are securely stored and never exposed in client-side code or logs.

6. Your Data Rights

You have the following rights regarding your personal data:

Access: You can access your personal data through your account settings or by contacting us.

Export: You can export all your data in a machine-readable format through the Settings page.

Correction: You can update your account information at any time through your profile settings.

Deletion: You can request deletion of your account and all associated data. We will delete your data within 30 days of your request, except where we are required to retain it for legal or accounting purposes.

Data Portability: You can download your projects in Markdown, PDF, or ZIP format at any time.

Opt-out: You can opt out of non-essential email communications by clicking "unsubscribe" in any email we send.

7. International Data Transfers

If you are located outside your selected data storage region, your information may be transferred to and processed in that region. We ensure appropriate safeguards are in place for such transfers, including:
- Standard Contractual Clauses for EU data transfers
- Adequate data protection measures as required by GDPR and CCPA
- Secure data transmission protocols

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with Services. Specifically:

Account Data: Retained for the lifetime of your account plus 30 days after deletion request.

Project Data: Retained for the lifetime of your account or until you delete individual projects.

Billing Records: Retained for 7 years for accounting and tax purposes.

Usage Analytics: Retained for 24 months in aggregated, anonymized form.

Version History: Limited to 10 versions per project; older versions are automatically deleted.

9. Children's Privacy

CodePlan is not intended for children under the age of 13. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at support@codeplan.top, and we will take steps to delete such information.

10. Cookies and Tracking Technologies

We use the following types of cookies:

Essential Cookies: Required for authentication, security, and basic functionality.

Analytics Cookies: Help us understand how users interact with our Services.

Preference Cookies: Remember your settings and preferences.

You can control cookies through your browser settings, but disabling essential cookies may affect your ability to use our Services.

11. GDPR and CCPA Compliance

For users in the European Union, we comply with the General Data Protection Regulation (GDPR):
- Lawful basis for processing: Contract performance, legitimate interests, and consent
- Data Protection Officer contact: support@codeplan.top
- Right to lodge a complaint with your supervisory authority

For users in California, we comply with the California Consumer Privacy Act (CCPA):
- We do not sell your personal information
- You have the right to know what information we collect and how we use it
- You have the right to request deletion of your information

12. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, Services, or legal requirements. We will notify you of significant changes by:
- Posting the updated policy on this page with a new "Last Updated" date
- Sending an email notification to your registered email address
- Displaying a prominent notice on our Website

Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Information

If you have any questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us at:

Email: support@codeplan.top
Technical Issues: bartzalewskidev@gmail.com

For data protection inquiries or to exercise your rights under GDPR or CCPA, please email support@codeplan.top with "Privacy Request" in the subject line.

We will respond to your inquiry within 30 days.

By using CodePlan, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and sharing of your information as described herein.