Privacy Policy

Last updated: 2026-05-10

code-prompt ("we", "us") provides a SaaS at code-prompt.app that turns a developer’s rough idea into a structured engineering specification — scope, edge cases, file layout, testing expectations, and acceptance criteria. This policy explains what we collect, how we use it, and your choices.

Information we collect

• Account data — email address and authentication identifiers, collected through our auth provider (Clerk) when you sign up or sign in.
• Billing data — subscription status, plan, and payment metadata. Card numbers are processed by our billing provider (Stripe via Clerk Billing); we never see or store full card details.
• Specification content — the structured intake fields you submit (project description, stack, constraints, definition of done) and the generated specification output. We store this so you can access your history.
• Usage metrics — request counts, timestamps, and token consumption, used to enforce monthly quotas and detect abuse.
• Operational logs — request metadata (IP, user-agent, response status) collected by our infrastructure provider (Cloudflare) for security and reliability.

How we use information

• To authenticate you and provide the service.
• To process subscriptions and bill you.
• To generate written specifications on your behalf. The text of your intake is sent to our processing provider (Google AI Studio — Gemini) via Cloudflare AI Gateway. We do not use your input to train models, and we do not share it with third parties beyond what is necessary to fulfill the request.
• To maintain quota counters and rate limits.
• To send transactional messages about your account (e.g. billing receipts, security notices). We do not send marketing email without explicit opt-in.

Third-party processors

• Clerk — authentication and billing orchestration.
• Stripe — payment processing (via Clerk Billing).
• Cloudflare — hosting (Workers), object storage (R2 for prompt history), key-value storage (KV for usage counters), and AI Gateway (request routing and observability).
• Google AI Studio — LLM inference for generating prompt expansions.

Each processor handles data under their own privacy policy. We configure them to retain only what is needed to operate the service.

Data retention

• Account data — retained for the lifetime of your account. Deleted within 30 days of account deletion.
• Prompt history — retained for the lifetime of your account so you can access it. Deleted within 30 days of account deletion.
• Operational logs — retained per Cloudflare’s default retention windows, typically 30–90 days.

Your choices

• Access & export — your prompt history is accessible at /dashboard/history. Email us for a full export of any other data we hold about you.
• Correction & deletion — you may delete your account at any time from your Clerk-managed profile, which triggers deletion of associated prompt history.
• Opt-outs — we do not run advertising cookies. The site uses cookies only for authentication sessions and CSRF protection.

Children

code-prompt is not directed to children under 13. We do not knowingly collect data from children. If you believe a child has provided us with information, contact us and we will delete it.

International transfers

code-prompt operates on Cloudflare’s global edge network and Google’s AI Studio. Your data may be processed in the United States or other countries where these providers maintain infrastructure.

Changes to this policy

We will update this page when our practices change. Material changes will be highlighted on the dashboard or via email.

Contact

Questions or requests: dwalzak@gmail.com.