Privacy Policy

Last updated: April 2026

1. Who We Are

CodeStrain is operated by TOO HubLab ("HubLab.ai"), an Astana Hub resident entity registered in the Republic of Kazakhstan. This policy applies to the CodeStrain macOS application, CLI tool, and cloud services at codestrain.dev.

2. Data We Collect

2.1 Data Stored Locally (On Your Device Only)

The CodeStrain desktop app collects and stores the following data exclusively on your local machine:

• Session metadata: timestamps, durations, turn counts, token counts
• Phase classifications: planning, generation, debug, iteration, integration
• Cost estimates: derived from token counts and public model pricing
• DRS scores: strain, recovery, and readiness calculations
• Break events: when breaks were suggested, taken, or skipped

We never store your code, prompts, AI responses, or file contents. The app reads Claude Code JSONL logs to extract metadata only. Content is processed in memory and immediately discarded.

2.2 Data Synced to Server (PRO/TEAM Only)

If you subscribe to CodeStrain PRO or TEAM, the following encrypted feature vectors are synced to our server for ML predictions:

• Session durations and phase sequences
• Token counts (input/output aggregates)
• Debug loop counts and error frequency ratios
• Timing patterns (time-of-day, day-of-week)

These are numerical features only. No code, no prompts, no file paths, no project names. Feature vectors are encrypted in transit (TLS 1.3) and at rest (AES-256).

2.3 Account Data (PRO/TEAM Only)

• Email address (for authentication and communication)
• Payment information (processed by Stripe; we do not store card numbers)
• Subscription status and billing history

2.4 Data We Never Collect

• Source code or file contents
• AI prompts or responses
• File paths or project directory names
• Clipboard contents
• Screen recordings or screenshots
• Keystroke logs
• Data from other applications

3. How We Use Your Data

• Local analysis: computing DRS scores, phase detection, break scheduling
• ML predictions (PRO): training per-user models for ETA and strain forecasting
• Service improvement: aggregate, anonymized statistics to improve our models
• Communication: account-related emails, product updates (opt-in only)

4. Data Storage and Security

• Local data: stored in SQLite at ~/Library/Application Support/CodeStrain/
• Server data: PostgreSQL with TimescaleDB, hosted on dedicated hardware
• Encryption: TLS 1.3 in transit, AES-256 at rest
• Access: role-based access controls, minimal-privilege principle

5. Data Retention

• FREE tier: 7 days of local history (configurable)
• PRO tier: 90 days of synced history; local history unlimited
• After cancellation: server data deleted within 30 days
• Local data: persists until you delete it or uninstall the app

6. Your Rights (GDPR)

Under the General Data Protection Regulation and similar laws, you have the right to:

• Access (Article 15): Export all your data as JSON via Settings > Export Data
• Rectification (Article 16): Correct your account information at any time
• Erasure (Article 17): Delete all your data via Settings > Delete All Data
• Portability (Article 20): Download your data in a standard JSON format
• Objection (Article 21): Opt out of data processing for ML model training

The FREE tier is fully local with no server component, so GDPR data-subject requests apply only to PRO/TEAM subscribers.

7. Third-Party Services

• Stripe: payment processing (stripe.com/privacy)
• Formspree: waitlist form processing (landing page only)

We do not use analytics trackers, advertising networks, or data brokers.

8. Children

CodeStrain is not directed at children under 16. We do not knowingly collect data from children.

9. Changes to This Policy

We will notify users of material changes via email (PRO/TEAM) or in-app notice. The "Last updated" date at the top reflects the most recent revision.

10. Contact

For privacy inquiries, data requests, or concerns:
Email: privacy@codestrain.dev
Entity: TOO HubLab, Astana Hub, Astana, Kazakhstan