✓
We create accounts. We never sell, share, or rent your data.
CodeMeYo accounts let you receive automatic updates, sync settings across devices, and manage Pro subscriptions. Nothing about your account — your email, your name, your devices, your usage — is ever sold, rented, shared with advertisers, or made available to data brokers. We share account data only with the specific services we need to run (listed in section 5) and only what's strictly necessary. Not now, not ever.
1. Introduction
CodeMeYo ("the Service", "the App") is operated by Jag Journey, LLC, a company based in the United States. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to the CodeMeYo desktop apps (Windows, macOS, Linux), the mobile apps (iOS, Android), the website at codemeyo.com, and any related services we operate.
By creating an account, subscribing, donating, or otherwise using CodeMeYo, you agree to the practices described here. If you do not agree, please do not use the Service.
2. What we collect
We collect only what we need to run the Service. Specifically:
- Account information - your email address, your name (optional), a cryptographically hashed password, whether your email has been verified, and whether you have two-factor authentication enabled. We never store your password in plaintext.
- Device registrations - for each device you sign in on, we store the platform (Windows / macOS / Linux / iOS / Android), the device name you choose, and a hashed machine identifier. We never store the raw MAC address, serial number, or any other hardware fingerprint.
- Usage telemetry (opt-in only) - if you enable usage reporting, we receive, per request: the LLM provider, the model name, input and output token counts, estimated cost, and a timestamp. That is the complete list. We never receive your prompt content, the LLM's response, the files involved, diffs, or any other content. Usage telemetry is off by default and you can disable it at any time from the app settings.
- Payment metadata - we do not see, store, or process your credit card number. Stripe (web) and Apple / Google (mobile) handle all card data directly. What we store is: your Stripe customer ID, the current subscription ID, plan name, status (active, past-due, canceled), current period end, and whether auto-renewal is on. For mobile purchases, we store the IAP receipt identifiers returned by Apple StoreKit or Google Play Billing.
- Donation records - if you donate through codemeyo.com, we store the amount, your email address (for the receipt), your name (optional), and any message you attached. Donations do not require an account.
- Support correspondence - when you email us, we keep the email thread to answer you and for our own records.
- Security logs - we briefly log IP addresses on login attempts and billing events for abuse detection. These logs are rotated and purged after 30 days.
3. What we don't collect
CodeMeYo is designed so that the sensitive parts of your workflow stay on your device. We do not collect:
- Your LLM API keys. BYOK (bring your own key) keys are stored locally on your device, protected by the operating system's secure store - Windows Credential Manager / macOS Keychain / libsecret on Linux, Apple Keychain on iOS, and the Android Keystore on Android. They are never transmitted to our servers.
- Prompt content and LLM responses. When you chat with Claude, Grok, GPT, Gemini, DeepSeek, Mistral, Groq, or a local Ollama model, the request goes directly from your device to that provider. Our servers do not proxy those requests and do not see their content.
- Your project files. Source code, diffs, screenshots, terminal output, and anything else the agent reads or writes on your machine stays on your machine.
- Precise location. We do not use GPS, precise location, or device geolocation.
- Third-party tracking or advertising identifiers. No IDFA, no Advertising ID, no Google Analytics, no Facebook Pixel, no cross-site tracking cookies.
4. How we use the data we do collect
- To run the Service. Authenticate you, deliver auto-updates, honor your subscription entitlements, and sync device registrations.
- Security. Detect abuse, rate-limit API endpoints, investigate suspicious sign-ins, and enforce our Terms.
- Customer support. Answer your questions, reset your password, refund you, or help you export / delete your data.
- Product improvement. If you opt in to usage telemetry, we aggregate the counts to understand which providers / models are popular and how cost is trending - never tied back to individual prompts.
- Legal compliance. Comply with tax, accounting, and subpoena obligations.
5. Who we share it with
We share the minimum necessary data with a small number of service providers so the Service can function:
- Stripe (payment processing, web subscriptions, donations). Stripe receives what they need to charge the card - your name, email, billing address, and card details you enter on their form. Stripe's privacy policy.
- Apple (iOS in-app subscriptions). Apple handles the purchase and returns a receipt identifier to us. Apple's privacy policy.
- Google (Google Play subscriptions). Google handles the purchase and returns a purchase token. Google's privacy policy.
- Amazon Web Services (hosting). Application servers and database instances run on AWS infrastructure in the United States.
- Cloudflare (CDN, DDoS protection, caching for codemeyo.com). Cloudflare sees IP addresses of website visitors as part of serving traffic.
- Sentry (error monitoring). If the app crashes, we receive a stack trace plus your user ID to help us debug. We do not put personal data, prompts, or API keys in error reports.
- Mailgun (transactional email). Sends account verification emails, password resets, billing receipts, and support responses.
- Legal compliance. We may disclose data if we believe in good faith that we are legally required to - for example, in response to a valid subpoena, court order, or lawful government request. We will notify you before disclosing unless prohibited by law or court order.
We do not sell your personal data. Not to advertisers, not to data brokers, not to anyone. Ever.
6. Third-party services you configure
CodeMeYo connects to third-party LLM providers when you configure their API keys or sign into their services:
These API calls go directly from your device to the provider. CodeMeYo's servers do not proxy, inspect, or log them. Ollama runs entirely on your local machine; no data leaves your computer.
If you manage your subscription through Stripe's Customer Portal, your interactions there are governed by Stripe's privacy policy.
7. Cookies
codemeyo.com uses only the minimum cookies required for the site to work. We do not use advertising or analytics cookies.
- laravel_session - session cookie that keeps you signed in. Required. Expires when you close the browser or after a period of inactivity.
- XSRF-TOKEN - CSRF protection token. Required for form submissions. Expires with the session.
- remember_web - optional "remember me" cookie that keeps you signed in for up to 30 days. Only set if you tick the box at sign-in.
- 2fa_challenge - short-lived cookie used during two-factor authentication to remember which account is mid-challenge. Expires after a few minutes.
We do not use Google Analytics, Facebook Pixel, LinkedIn Insight, TikTok Pixel, or any comparable third-party tracking cookie.
8. Data retention
- Account data - kept for as long as your account exists.
- Account deletion - when you delete your account (see section 9), we immediately soft-delete the record and anonymize personal fields. Seven (7) days later, a scheduled job hard-purges the row and any linked device, telemetry, and log records. This grace period lets you reverse an accidental deletion.
- Usage telemetry - raw events are kept for 90 days. After 90 days, they are aggregated to monthly provider-and-model totals with no user linkage, and the raw events are deleted.
- Security and access logs - rotated and purged after 30 days.
- Billing records - we retain invoice records for as long as required by U.S. tax and accounting law (generally seven years), even after account deletion. These records contain the invoice amount and date and no longer link to your identity once you delete your account.
9. Your rights
Regardless of where you live, you have the following rights with respect to your data:
- Access - see what we hold about you. Sign in at /dashboard/profile or email us.
- Rectification - correct inaccurate data. Edit your email or name at /dashboard/profile.
- Deletion - remove your account. Use the "Delete Account" button at /dashboard/profile, or email us.
- Portability - receive your data in machine-readable form. Email us for a full JSON export of your account, devices, subscription history, and telemetry.
- Objection / opt-out - turn off usage telemetry at any time from the app settings. Email us to object to any other specific processing.
- Withdraw consent - where processing relies on your consent (e.g., telemetry), withdraw it at any time.
If you are in the European Economic Area, the United Kingdom, or Switzerland, you also have the right to lodge a complaint with your local data protection authority.
If you are a California resident, the CCPA / CPRA gives you equivalent rights (access, deletion, correction, and the right to opt out of sale or sharing). We do not sell or share personal data as those terms are defined under California law.
10. Children's privacy
CodeMeYo is not intended for children under 13. We do not knowingly collect personal information from anyone under 13. If we learn that we have collected data from a child under 13, we will delete it promptly. Parents or guardians who believe their child has provided us information can email codemeyo.com/contact and we will delete the record immediately.
11. Mobile app specifics
iOS. Apple requires us to declare what we collect on the App Store "Privacy" label. Our declaration:
- Contact info: Email Address - linked to you - used for App Functionality and Customer Support only.
- Identifiers: User ID - linked to you - used for App Functionality.
- Purchases: Purchase History - linked to you - used for App Functionality.
- Usage Data: Product Interaction - linked to you if you opt in to telemetry; used for Analytics and Product Personalization only.
- Tracking: We do not track you across apps or websites owned by other companies.
Android. Our Google Play Data Safety form declares the same categories as above, plus a statement that data is encrypted in transit and that users can request deletion.
12. International data transfers
Jag Journey, LLC is based in the United States, and our servers run in the United States. If you use the Service from outside the U.S., your data will be transferred to and processed in the U.S. Where EU / UK law applies, we rely on Standard Contractual Clauses or an equivalent lawful transfer mechanism.
13. Security
We use industry-standard controls to protect your data: TLS 1.2+ for all traffic, bcrypt for password hashing, OS-level secure stores for any secrets on your device, and least-privilege access to our databases. No system is perfectly secure, and we cannot guarantee absolute security, but we work continuously to reduce risk. If we discover a breach that affects you, we will notify you as required by law.
14. Changes to this Policy
We may update this Policy from time to time. For material changes we will notify signed-in users by in-app notification and email at least 14 days before the change takes effect. The "Last updated" date at the top of this page will reflect any revision. Continued use of the Service after the effective date means you accept the updated Policy.
15. Contact us
Questions, requests, or GDPR / CCPA inquiries:
Jag Journey, LLC
Email: codemeyo.com/contact
Location: King County, Washington, United States
Website: jagjourney.ai
For GDPR-specific requests, email the same address with the subject line "GDPR Request" and we will route it to our privacy contact.