Privacy Policy

Last updated: May 4, 2026

1. Introduction

Codunk, operated by Yosuble AI LLC ("we", "our", "us") operates the website codunk.com and the studio application. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services.

By using Codunk, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

Data controller: Yosuble AI LLC, 1209 Mountain Road PL NE, STE R, Albuquerque, NM 87110, United States. Contact: contact@codunk.com.

2. Information We Collect

We collect the following categories of personal data:

  • Account data: email address, full name, avatar URL, authentication provider (email, Google, or GitHub).
  • Profile data: plan, credit balance, language preference, third-party integration credentials (e.g. Stripe keys, Supabase project URL and public key, Google Analytics ID — stored securely).
  • User content: projects, project files, chat messages with the AI, version history.
  • Billing data: plan, payment events, credit transactions, an opaque customer identifier from our payment processor. Credit card numbers are handled by our payment processor and never reach our servers.
  • Technical data: IP address, browser user-agent, timestamps of significant actions (login, password change), anonymised usage analytics.
  • Referral data: your referral code, who referred you (if applicable).

3. Purposes and Legal Basis (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)): providing the service, generating code, hosting projects, processing payments.
  • Legal obligation (Art. 6(1)(c)): retaining billing records as required by applicable tax law (up to 7 years under US IRS requirements).
  • Legitimate interest (Art. 6(1)(f)): fraud prevention, platform security, error monitoring, product improvement, anonymised analysis of chat interactions to improve AI quality (see section 5).
  • Consent (Art. 6(1)(a)): marketing emails, optional analytics cookies.

4. Sub-processors (GDPR Art. 28)

We share the minimum necessary data with carefully selected sub-processors, grouped here by category. The full list of named sub-processors (with jurisdictions and links to their own privacy policies) is published at codunk.com/sub-processors.

  • Application hosting & CDN (US / EU) — serves the Codunk web app, generated sites, and protects against DDoS
  • Database, authentication & file storage (EU — Frankfurt, Germany, AWS eu-central-1) — stores your account, projects, and uploads. All user data is hosted in the European Union
  • AI code generation (US) — turns your prompts into React/Tailwind code via a zero-retention API: prompts are NOT retained to train models
  • Payment processor / Merchant of Record (US) — handles checkout, subscriptions, and tax compliance
  • Transactional email (US) — sends auth, security and billing notifications
  • Email & build infrastructure (EU) — hosts our team mailboxes and supporting build tooling
  • Stock photography (US) — provides imagery for generated sites; no personal data is shared
  • Error monitoring (US / EU) — captures technical exceptions to keep the service stable
  • Live chat support (EU) — for customer support conversations you initiate

We may add or replace a sub-processor in the same category at any time without rewriting this policy; the live list at /sub-processors is always up to date and reflects the current state. We'll notify customers under a Data Processing Agreement of any addition or replacement that materially changes processing.

Cross-border transfers outside the EU are governed by the European Commission's Standard Contractual Clauses (SCCs, Decision 2021/914) and, where applicable, the EU-U.S. Data Privacy Framework.

5. AI Processing — What We Send

When you use the AI studio, the following is sent to our AI sub-processor:

  • Your prompt text
  • Files of the current project
  • Connected integration identifiers when relevant (e.g. database project URL, analytics ID) to generate functional code

The following is never sent to the AI provider:

  • Your email or identity
  • Your payment data
  • Data from other projects
  • Secret or private API keys (e.g. Stripe secret key)

Our AI sub-processor operates a zero-retention API: your prompts are not stored or used for training. The current provider is named in our sub-processor list.

Anonymised conversation analytics: we analyse chat messages in aggregate form (intent categories, language distribution, message volume) to improve the quality of AI responses. This analysis is performed on our own infrastructure, uses only anonymised and aggregated data, and no individual messages are shared with third parties or used for profiling. You can request deletion of your chat history at any time via Settings → Delete account or by contacting us.

6. Data Retention

  • Active account: data is retained for the lifetime of your account.
  • After deletion: personal data is erased within 30 days.
  • Billing records: retained up to 7 years to comply with US tax record-keeping requirements.
  • Backups: purged within 30 days maximum.

Published sites hosted on Codunk are taken offline immediately upon account deletion.

7. Your Rights (GDPR Chapter III, CCPA, and US state laws)

Depending on your location, you have the right to:

  • Access (Art. 15): obtain a copy of your personal data
  • Rectification (Art. 16): correct inaccurate data
  • Erasure / Right to be forgotten (Art. 17): delete your account and all associated data
  • Restriction (Art. 18)
  • Portability (Art. 20): receive your data in a machine-readable format
  • Objection (Art. 21)
  • No automated decision-making (Art. 22)

You can exercise most of these rights directly from the dashboard: Settings → Export my data and Settings → Delete account. For other requests, contact us at contact@codunk.com. Response within 30 days.

Right to complain: you may lodge a complaint with your national data protection authority. For EU residents: EDPB member list. For France: CNIL.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights:

  • Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information as defined by the CCPA/CPRA. We have not sold or shared personal information in the preceding 12 months.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at contact@codunk.com. We will verify your identity before processing any request. You may also designate an authorized agent to make a request on your behalf.

9. Cookies

We use strictly necessary cookies for authentication and session management. These cookies do not require consent. Optional analytics cookies are only set with your explicit consent via the cookie banner. You can change your preferences at any time.

10. Security

We implement industry-standard security measures: encrypted connections (TLS 1.2+), encrypted passwords (bcrypt), Row-Level Security policies on all user data, encryption at rest for sensitive credentials (integration API keys), rate limiting on sensitive endpoints, and security notification emails on password changes. However, no method of transmission over the internet is 100% secure.

11. Children

Codunk is not intended for use by children under 16 (GDPR) or under 13 (US COPPA). We do not knowingly collect personal data from children under these ages. If you believe a child has provided us with personal data, please contact us and we will promptly delete it. We do not have a verifiable parental consent mechanism as the service is not directed at children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be notified by email or through a notice in the dashboard. For EU users, material changes to how we process your data will require your affirmative consent before taking effect.

13. Contact

For any questions about this Privacy Policy, contact:

Yosuble AI LLC
1209 Mountain Road PL NE, STE R
Albuquerque, NM 87110
United States
Email: contact@codunk.com