myCodex
Get Started Free

Privacy Policy

Last updated: February 19, 2026

1. Introduction

myCodex (“we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the myCodex platform (“the Service”). By using the Service, you consent to the practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Profile image (if provided via OAuth)
  • Authentication provider information (Google, GitHub, or email)

2.2 Content You Upload

When you upload documents, videos, audio, or other materials to the Service, we store and process that Content to provide the Service. This includes:

  • Uploaded files (PDFs, documents, audio files)
  • YouTube video transcripts
  • Web page content you import
  • Text content you paste directly

2.3 Usage Data

We automatically collect certain information about your use of the Service:

  • Chat messages and queries you send within Projects
  • Features you access and actions you take
  • Daily request counts and usage metrics
  • Device type, browser, and general location (country level)
  • IP address (for security and rate limiting)

2.4 Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card numbers, bank account details, or other sensitive financial information on our servers. We receive from Stripe: your Stripe customer ID, subscription status, and transaction history.

2.5 Chrome Extension Data

If you use the myCodex Chrome Extension, the following additional data practices apply:

  • Page URLs and titles: The extension detects the URL and title of web pages and YouTube videos you visit while the extension is active. This information is stored locally in your browser and is used to display context in the extension sidebar.
  • Local browsing history: The extension maintains a short local history (up to 30 recent pages) in your browser's local storage to power the “Recent” section. This data is never sent to our servers.
  • Content you import: When you choose to import a web page or YouTube video, the page URL, title, and content are sent to our servers for processing. This is treated identically to other Content you upload (see Section 4).
  • Site exploration data: When you use the Site Explorer feature, discovered page URLs, titles, and text snippets are sent to our servers and stored in your project's site map. Server-side crawling may fetch additional pages from the same domain on your behalf.
  • Authentication: The extension authenticates with mycodex.io using your existing browser cookies. No additional credentials are collected or stored by the extension.
  • Import queue: The status of documents you import (pending, processing, completed) is stored in your browser's local storage to display progress indicators.

The extension does not collect data on pages you do not interact with through the extension. It does not inject ads, track your browsing for analytics purposes, or transmit any data to third parties beyond the myCodex servers described in this policy.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process your Content (chunking, embedding, indexing) to enable AI-powered search and chat
  • Process payments and manage subscriptions
  • Send transactional emails (account verification, document processing notifications)
  • Enforce rate limits and prevent abuse
  • Respond to your feedback and support requests
  • Monitor and analyze usage patterns to improve the Service
  • Comply with legal obligations

4. How We Process Your Content

This section is important for Creators who upload Content to the Service:

  • Your Content is processed (chunked and embedded) to enable AI-powered retrieval.
  • Your Content is stored on Cloudflare R2 (file storage) and Neon PostgreSQL (text chunks and embeddings).
  • Your Content is sent to OpenAI's API solely to generate embeddings and chat responses within your Project.
  • We do not use your Content to train any AI models.
  • We do not share your Content with other users except through the chat interface of the specific Project it belongs to, and only to users who have access (owner, subscribers).
  • You may delete your Content at any time. Deleted Content is removed from our active systems promptly, though backups may be retained for a limited period.

5. Third-Party Services

We use the following third-party services to operate the platform:

OpenAI

Used for generating text embeddings and AI chat responses. Your Content chunks and chat messages are sent to OpenAI's API. OpenAI's data usage policies apply.

Stripe

Used for payment processing and subscription management. Stripe's privacy policy governs payment data handling.

Cloudflare R2

Used for file storage (uploaded documents, images, audio). Data is stored in Cloudflare's infrastructure.

Neon (PostgreSQL)

Used for database storage including user accounts, text chunks, embeddings, and metadata.

Vercel

Used for hosting and serving the web application. Vercel may collect standard web analytics.

Resend

Used for sending transactional emails (verification codes, notifications).

AssemblyAI

Used for audio transcription. Audio files are sent to AssemblyAI for speech-to-text processing.

6. Data Sharing

We do not sell your personal information. We share information only in the following circumstances:

  • With third-party service providers listed above, solely to operate the Service.
  • With Creators whose Projects you subscribe to: Creators may see that you are a subscriber (email and name). They do not see your chat messages.
  • For legal compliance: If required by law, subpoena, or court order.
  • To protect rights: If necessary to enforce our Terms, protect our rights, or ensure user safety.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. If you delete your account:

  • Account data is deleted within 30 days.
  • Uploaded Content and associated chunks/embeddings are deleted within 30 days.
  • Chat history is deleted within 30 days.
  • Anonymized usage data and aggregated analytics may be retained indefinitely.
  • Payment records may be retained as required by law or for accounting purposes.

8. Data Security

We implement reasonable security measures to protect your information, including:

  • Encryption in transit (HTTPS/TLS) for all communications
  • Encryption at rest for stored data
  • Access controls and authentication for administrative access
  • Regular security reviews

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

9. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising cookies or tracking pixels. We may use basic analytics to understand how the Service is used.

10. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data and account.
  • Portability: Request your data in a portable format.
  • Objection: Object to certain processing of your personal data.

To exercise any of these rights, contact us at privacy@mycodex.io. We will respond within 30 days.

11. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly. Users between 13 and 18 should have parental consent before using the Service.

12. International Users

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Service, you consent to these transfers.

13. California Residents (CCPA)

If you are a California resident, you have the right to: (a) know what personal information we collect and how it is used, (b) request deletion of your personal information, (c) opt out of the sale of personal information (we do not sell personal information), and (d) not be discriminated against for exercising your rights. To exercise these rights, contact us at privacy@mycodex.io.

14. European Users (GDPR)

If you are located in the European Economic Area, our legal bases for processing your information include: (a) your consent, (b) performance of a contract (providing the Service), (c) compliance with legal obligations, and (d) our legitimate interests (improving the Service, preventing fraud). You have additional rights under the GDPR including the right to lodge a complaint with your local data protection authority.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

16. Contact Us

For questions or concerns about this Privacy Policy or our data practices, contact us at:

privacy@mycodex.io