Privacy Policy

1. Introduction

cmodl ("we," "us," or "our") operates the cmodl platform, an AI-powered software development platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

2. Information We Collect

2.1 Account Information

When you create a cmodl account, we collect:

• Name and email address
• Organization name and role
• Authentication credentials (managed via OIDC; we do not store passwords directly)
• Billing information (processed by our payment provider)

2.2 Usage Data

We automatically collect information about how you interact with the platform:

• Pages visited, features used, and actions taken
• Session duration and frequency of use
• Device type, browser, operating system, and IP address
• Error logs and performance metrics

2.3 AI Interaction Data

When you interact with cmodl's AI agents, we collect:

• Chat messages and prompts sent to AI agents
• Code snippets, project context, and file contents shared during sessions
• Agent task outputs (generated code, plans, deployment configurations)
• Approval gate decisions and feedback provided to agents

Important: Your chat messages and code inputs are transmitted to third-party AI providers for processing. See Section 4 for details.

3. How We Use Your Data

We use the information we collect to:

• Provide, operate, and maintain the cmodl platform
• Process AI agent requests by sending prompts to language model providers
• Improve our services, including agent accuracy and performance
• Communicate with you about your account, updates, and support
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

4. Third-Party AI Processors

cmodl uses third-party large language model (LLM) providers to power its AI agents. When you interact with an agent, your input (including chat messages, code, and project context) may be sent to the following providers:

• Anthropic — Claude models for code generation, analysis, and planning
• OpenAI — GPT models for code generation and natural language processing

These providers process your data under their respective data processing agreements with cmodl. We use API-tier access with zero data retention (ZDR) agreements where available, meaning providers do not retain your inputs or outputs for training purposes.

For Enterprise customers with self-hosted or hybrid deployments, AI processing can be configured to use your own model endpoints, keeping data within your infrastructure.

5. Data Retention

• Session data (chat messages, agent task context): retained for 1 hour by default after session completion, then automatically purged. Enterprise customers can configure custom retention periods.
• Account data (profile, settings, preferences): retained until you delete your account or request erasure.
• Usage analytics: retained in aggregated, anonymized form for up to 24 months for product improvement.
• Audit logs: retained for 90 days (or as required by your organization's compliance policy for Enterprise plans).

6. Your Rights

Depending on your jurisdiction (including under GDPR, CCPA, and similar regulations), you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — correct inaccurate or incomplete personal data
• Erasure— request deletion of your personal data ("right to be forgotten")
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing of your personal data for specific purposes
• Restriction — request limited processing of your data under certain conditions
• Withdraw consent — withdraw previously granted consent at any time

To exercise any of these rights, contact us at privacy@cmodl.com. We will respond within 30 days.

7. Cookies and Tracking

We use cookies in the following categories:

• Essential cookies — required for the website and platform to function (authentication, session management, security). These cannot be disabled.
• Analytics cookies — help us understand how visitors use our site (e.g., page views, navigation patterns). We use PostHog for product analytics.
• Marketing cookies — used to deliver relevant content and measure advertising effectiveness. Only activated with your explicit consent.

You can manage your cookie preferences at any time using the "Cookie Preferences" link in the website footer. Non-essential cookies are only activated after you provide explicit consent.

8. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• OIDC-based authentication with support for enterprise SSO
• Role-based access controls and audit logging
• Regular security assessments and penetration testing
• Infrastructure hosted on SOC 2 certified cloud providers

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure adequate safeguards through Standard Contractual Clauses (SCCs) and data processing agreements with all sub-processors.

10. Children's Privacy

cmodl is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the platform after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us:

• Email: privacy@cmodl.com
• General inquiries: Contact page