Privacy Policy

Last updated: 1 June 2026

Who we are

Coducky is made by Capital Studio, a company based in Australia. This policy explains what data the Coducky macOS app and the website at coducky.com (the "Service") collect, and what we do with it. In this policy, "we", "us", and "Coducky" mean Capital Studio. If you have a question about your privacy, email us at hello@coducky.com.

Local-first by design

Coducky is built so that your sensitive data never leaves your Mac. It reads the local git repositories you point it at and computes diffs on-device. Your source code, your diffs, your review notes, your chat history, and your provider API keys are stored only on your machine: keys in the macOS Keychain, reviews and notes in a local database, and logs in local files that never record your code, prompts, or model responses. None of this is ever sent to, or stored on, a server we operate. We cannot read your code, because it never reaches us.

What we collect

The data that does reach us is limited to the following:

  • Trial data. The first time you run Coducky, the app sends a salted, one-way hash of your device's hardware identifier and a timestamp to a small trial registry we operate, so that a free trial cannot be reset by reinstalling. We cannot reverse the hash to identify you or your device, and it carries no code, file names, or personal details.
  • Update checks. The app periodically checks coducky.com for new versions. Like any web request, our hosting provider may log your IP address, the app version, and the time in standard server logs.
  • Purchase data. When you buy Coducky, checkout is handled by Lemon Squeezy, our merchant of record. They collect your name, email, and billing details to process the payment and tax. We receive your email and licence information so we can deliver and support your licence.
  • Email you send us. If you email us, we keep your message and address so we can reply and provide support.

What we do not collect or do

  • No accounts, sign-in, or user profiles.
  • No analytics, telemetry, or crash-reporting SDKs, and no advertising or cross-site tracking.
  • No access to your location, contacts, calendar, or photos.
  • We do not use your code, your prompts, or AI output to train any model.
  • We do not sell or rent your data to anyone.

Model providers and your own keys

When you run an AI review, the diffs and prompts you choose are sent directly from your Mac to the third-party model provider you select (for example Anthropic, OpenAI, Google, OpenRouter, or Mistral), authenticated with your own API key or subscription. We do not see, store, proxy, or route that traffic. How each provider handles the data you send is governed by that provider's own privacy policy, so review them and choose providers you trust.

Who processes data for us

We keep our list of service providers short. We rely on:

  • Cloudflare to host the website, the trial registry, and app downloads. It processes the hashed trial id and standard request logs (including IP addresses).
  • Lemon Squeezy (our merchant of record, owned by Stripe) to process purchases and tax, and to activate your licence key.

We do not share your data with anyone else, except where we are required to by law.

How long we keep it

Your reviews, notes, and keys live on your Mac until you delete them or remove the app and its support files. We keep the hashed trial record for as long as we need to run the trial system. Purchase records are kept for as long as needed to meet our tax and accounting obligations, then deleted.

Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, to object to certain processing, and to complain to a data protection authority. Because we hold almost nothing tied to you, most requests are quick to handle.

You can delete the local data Coducky stores at any time by removing the app and its support files from your Mac. For anything held by us or our providers, email hello@coducky.com and we will help. You can also lodge a complaint with your local authority, such as the Office of the Australian Information Commissioner (OAIC) in Australia or your supervisory authority in the EU or UK.

Children

Coducky is a developer tool that is not directed at children. We do not knowingly collect personal data from anyone under 16, or under the minimum age set by the law where you live. If you believe a child has provided us with personal data, contact us and we will delete it.

International users

Coducky runs on your Mac wherever you are. The limited data described above may be processed by our providers (Cloudflare and Lemon Squeezy) in countries other than your own, under the safeguards in their own privacy policies. By using the Service you understand that this limited processing may take place internationally.

Changes to this policy

We may update this policy as Coducky evolves or as the law requires. When we make a material change, we will note it in the app or on the site and update the "last updated" date at the top of this page.

Contact

Questions about your privacy or this policy? Email us at hello@coducky.com.