Privacy Policy

Codesift LLC · codesift.ai

Effective Date: May 1, 2026 · Last Updated: May 1, 2026

This Privacy Policy describes how Codesift LLC (“Codesift,” “we,” “us,” or “our”) collects, uses, discloses, and protects information when you use the Codesift platform at https://codesift.ai (the “Service”). By using the Service, you acknowledge that you have read and understood this Policy.

1. Information We Collect

1.1 Account Information

When you sign up, we collect: name and email address.

1.2 Customer Data

Customer Data is the content you submit to the Service for processing, which may include open-ended survey responses, qualitative text data, and metadata you associate with submissions. We process Customer Data on your behalf as a data processor.

1.3 Usage Data

We automatically collect information about how you use the Service, including: API request logs, credit consumption records, feature interaction events, error logs, timestamps, and browser/device information (user-agent, IP address, referring URL).

1.4 Payment Information

Payment card details are collected and processed by Stripe, our payment processor. We do not store payment card numbers. We retain billing history (amounts, dates, transaction IDs) for accounting and dispute resolution.

1.5 Communications

We collect the content of messages you send to us via email or support channels.

1.6 Cookies and Tracking

We use session cookies for authentication, preference cookies for UI settings, and analytics cookies (first-party) for aggregate usage analysis. We do not use third-party advertising cookies. You can disable cookies in your browser settings, though some Service features may not function correctly.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service;
  • Process your Customer Data and return Outputs to you;
  • Manage your Account, authenticate users, and enforce security;
  • Process payments and manage your credit balance;
  • Send transactional communications (account alerts, credit balance warnings, receipts);
  • Send service-related updates and, with your consent, marketing communications;
  • Monitor for abuse, fraud, and security incidents;
  • Comply with legal obligations;
  • Conduct aggregate, anonymized analytics to improve Service quality.

We do not sell your personal data or Customer Data to third parties.

We do not use your Customer Data to train or fine-tune AI models without your express consent.

3. How We Share Your Information

3.1 Sub-processors and Service Providers

A list of sub-processors is contained in Schedule 3 of the Data Processing Agreement.

Each sub-processor is bound by data processing terms consistent with applicable law and this Policy.

We may disclose information if required to do so by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.3 Business Transfers

If Codesift is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

We may share your information with third parties for purposes not described above with your prior written consent.

4. Data Retention

We retain Account Information for the life of your Account plus 2 years after termination to comply with tax and legal record-keeping requirements.

We retain Customer Data and Outputs until you delete them from your Account or your Account is terminated, whichever comes first. Following Account termination, Customer Data is deleted from production systems within 30 days and from backup systems within 90 days.

We retain Usage Data and logs for 12 months for security and operational purposes.

5. Your Rights and Choices

5.1 Access and Correction

You may access and update your Account Information at any time through the Service dashboard.

5.2 Deletion

You may delete your Customer Data and Outputs at any time from within the Service. To request Account deletion, contact us at support@codesift.ai. We will complete deletion within 30 days subject to applicable legal retention obligations.

5.3 Data Portability

You may export your Outputs in machine-readable format (CSV or JSON) via the Service dashboard.

5.4 Marketing Communications

You may opt out of marketing emails by clicking the unsubscribe link in any marketing email or by contacting us. You cannot opt out of transactional emails related to your Account.

5.5 Rights Under GDPR (EEA / UK Residents)

If you are located in the European Economic Area or United Kingdom, you have the following additional rights under the General Data Protection Regulation (GDPR) and applicable national or UK data protection law:

  • Right to access personal data we hold about you;
  • Right to rectification of inaccurate personal data;
  • Right to erasure (“right to be forgotten”) subject to legal exceptions;
  • Right to restriction of processing;
  • Right to data portability;
  • Right to object to processing based on legitimate interests;
  • Right to withdraw consent at any time where processing is based on consent;
  • Right to lodge a complaint with a supervisory authority.

To exercise these rights, contact us at legal@codesift.ai. We will respond within 30 days (extendable by a further 60 days for complex requests).

5.6 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to know what personal information we collect, to delete personal information, to opt out of the sale of personal information (we do not sell personal information), and to non-discrimination for exercising your rights. To submit a CCPA request, contact us at legal@codesift.ai.

6. International Data Transfers

Our servers and sub-processors are primarily located in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States.

For transfers of personal data from the EEA, UK, or Switzerland, we rely on the following transfer mechanisms:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission (Commission Implementing Decision (EU) 2021/914) as applicable to controller-to-processor and processor-to-processor transfers;
  • The UK International Data Transfer Agreement (IDTA) for transfers from the United Kingdom;
  • The Swiss Federal Data Protection Act framework as applicable.

Where we use SCCs with sub-processors, we have conducted or rely upon transfer impact assessments (TIAs) where required.

7. Security

We implement technical and organizational measures designed to protect your information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256 via AWS KMS);
  • Role-based access controls and principle of least privilege;
  • Regular security reviews and dependency updates;
  • Logging and monitoring for anomalous access.

No security measures are absolute. In the event of a data breach affecting your rights and freedoms, we will notify affected individuals and relevant authorities as required by applicable law.

8. Children’s Privacy

The Service is not directed to children under 18 years of age. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice on the Service at least 30 days before changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

10. Contact Us

For privacy inquiries, requests, or complaints, contact:

Codesift LLC Email: legal@codesift.ai Website: https://codesift.ai

We aim to respond to all privacy inquiries within 30 days.