Privacy Policy

Date of entry into force: January 27, 2026

This Privacy Policy describes how we collect, use, store, and protect personal data of users of the Service, including the Visual Studio Code plugin, the website, and future mobile applications.

GDPR Compliance: This Privacy Policy is prepared in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR). When processing personal data, we follow the principles set out in Article 5 of the GDPR.

1. Data Controller

The controller of personal data is the legal entity that owns and operates the Service. The servers are located in Sweden, within the European Union. The controller complies with GDPR (General Data Protection Regulation) and applicable EU legislation.

See Article 4(7) GDPR — definition of a data controller.

2. Users

The Service is intended for developers. User age is not actively verified; therefore, the Service does not guarantee the absence of users under the age of 18.

See Article 8 GDPR — conditions applicable to child’s consent.

3. Registration

Users may register and access the Service using the following methods:

  • Username and password
  • Email
  • Social authentication: GitHub, Google, Telegram

See Article 6(1)(a) GDPR — consent of the data subject.

4. Categories of Data Collected

The Service may collect the following data:

  • Personal data: email address, username, profile image (avatar), Telegram User ID
  • Technical data: IP address, activity timestamps, number of lines written, programming languages
  • Social network data: username, email address, and avatar when registering via GitHub or Google
  • API keys: long-lived tokens that can be regenerated; stored securely, with hashing and revocation planned for future updates

Note: No financial or payment-related data is collected.

See Article 4(1) GDPR — definition of personal data.

5. Purposes of Data Processing

Personal data is processed exclusively for the following purposes:

  • User authentication and identification
  • Verification that the user is the legitimate account holder
  • Operation of the plugin, website, and future applications
  • Technical support and account recovery

See Article 5(1)(b) GDPR — purpose limitation.

6. Logs and Analytics

  • Log data is retained only for as long as necessary to comply with legal obligations, typically from 1 to 6 years
  • Logs may include IP addresses, activity timestamps, errors, and technical information
  • User-Agent data is currently not stored
  • No marketing or tracking cookies are used; only strictly necessary technical session cookies are applied

See Article 5(1)(e) GDPR — storage limitation.

7. User Rights

Users have the right to:

  • Right of access — request a copy of their personal data (to be implemented)
  • Right to rectification — correct inaccurate data such as username, avatar, or email
  • Right to erasure — permanently delete their account and all associated data
  • Right to withdraw consent — withdraw consent for data processing
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing in certain circumstances

See Chapter III GDPR (Articles 15–22).

8. Data Storage and Security

  • Data is stored on servers located in Sweden
  • Data transmission is secured using HTTPS
  • Appropriate technical and organizational security measures are applied

See Article 32 GDPR — security of processing.

9. API Keys

  • API keys are long-lived and can be regenerated by the user
  • Keys are stored securely
  • Key revocation will be implemented in future updates

10. Third-Party Integrations

Telegram, Google, and GitHub are used exclusively for authentication purposes. Only minimal required data is transferred. Users may choose which platform to use for authentication and password recovery.

See Article 28 GDPR — data processors.

11. Password Recovery

  • A “Forgot password” feature will be implemented in the future
  • Users will receive a one-time secure recovery link via email or a connected platform
  • After confirmation, the user sets a new password

12. Personal Data Breaches

In the event of a personal data breach that may result in a high risk to users’ rights and freedoms, the relevant supervisory authority will be notified within 72 hours, as required by GDPR. Affected users will also be notified where applicable.

See Articles 33–34 GDPR.

13. Policy Updates

We reserve the right to update this Privacy Policy. The current version will always be available to users. Users will be informed in advance of any material changes.

See Article 13(2)(c) GDPR.

14. Contact Information

For privacy-related inquiries, exercising GDPR rights, or submitting complaints, users may contact the Service through official communication channels.

See Article 13(1)(a) GDPR.

15. Right to Lodge a Complaint

Users have the right to lodge a complaint with a data protection supervisory authority if they believe their personal data is processed in violation of GDPR. In Sweden, the competent authority is Integritetsskyddsmyndigheten (IMY).

See Article 77 GDPR.

Last updated: January 27, 2026

← Back to Home