Legal

Privacy Policy

Last updated: June 2, 2026

1. Introduction

Welcome to CodeSnatch ("we," "us," or "our"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and share your personal information. This Privacy Policy applies to our website at codesnatch.io and all related services, tools, and features (collectively, the "Platform"). The Platform provides data structures and algorithms (DSA) curriculum, practice problems with code execution, community-contributed content, AI-assisted learning, a code playground, analytics, and related educational services. By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Personal Information

  • Identity Data: Name, email address, and profile picture (if provided or obtained via Google OAuth).
  • Account Data: Username, password (stored in hashed form), account role, and authentication method (credentials or Google OAuth).
  • Profile Data: Bio, social links, preferences, language settings, and any other information you choose to add to your profile.
  • Technical Data: IP address, browser type and version, device type, operating system, time zone, and general location derived from your IP address.

2.2 Non-Personal Information

  • Usage Data: Pages visited, features used, lessons viewed, problems attempted, code submissions, time spent on pages, navigation paths, and interaction patterns.
  • Analytics Data: Learning progress, completion rates, performance metrics, review queue activity, and streak data.
  • Aggregate Data: Statistical or demographic data derived from your personal information but which does not directly or indirectly reveal your identity.

2.3 User Content

Code you write or submit (including practice problem solutions, playground code, and code snippets), articles, community problems, question bundles, interview experiences, and any other content you create or upload to the Platform.

2.4 Cookies and Tracking Technologies

We use cookies and similar technologies to maintain your session, remember your preferences, and gather analytics data. See Section 16 for detailed information about our use of cookies.

2.5 Payment Information

We do not store your credit card numbers, bank account details, or other financial payment information on our servers. All payment processing is handled by our third-party payment processor, Stripe. We only store transaction identifiers, purchase history, subscription status, and wallet/payout records necessary for operating the Platform.

3. How We Collect Information

3.1 Directly From You

  • When you register for an account or update your profile
  • When you make purchases, subscribe to premium plans, or buy AI tokens
  • When you create and publish content (articles, problems, snippets, question bundles, interview experiences)
  • When you submit code solutions or use the playground
  • When you contact our support team or provide feedback

3.2 Automatically

  • Through cookies and similar tracking technologies as you browse the Platform
  • Through server logs when you access the Platform
  • Through your interactions with Platform features (lesson progress, problem attempts, review queue activity)

3.3 From Third Parties

  • Google OAuth: If you sign in with Google, we receive your name, email address, and profile picture from Google.
  • Stripe: Transaction confirmations, subscription status updates, and payout processing information.
  • Analytics Providers: Aggregated usage data and performance metrics to help us understand how the Platform is used.

4. How We Use Your Information

  • Provide the Platform: Deliver DSA curriculum, execute code submissions, manage your account, process payments, track learning progress, and operate the community marketplace.
  • Personalize Your Experience: Tailor learning recommendations, populate your review queue, display relevant analytics, and remember your preferences and language settings.
  • Communicate With You: Send transactional emails (account verification, password resets, purchase receipts, payout notifications), service announcements, and responses to your support inquiries.
  • Analyze and Improve: Monitor usage patterns, diagnose technical issues, improve Platform features and content, and develop new functionality.
  • Protect the Platform: Detect and prevent fraud, abuse, security incidents, and violations of our Terms & Conditions.
  • Legal Compliance: Comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

5. How We Share Your Information

We do not sell your personal information. We may share your data in the following circumstances:

  • Other Users: Community content you publish (articles, problems, code snippets, question bundles, interview experiences) is visible to other users. Your public profile information (name, bio, avatar) is visible alongside your contributions. Content may be indexed by search engines.
  • Service Providers: We share data with trusted third-party service providers who assist in operating the Platform, including Stripe (payment processing and payouts), MongoDB (database hosting), Resend (transactional email delivery), and AI providers (AI-assisted learning features). All service providers are bound by data processing agreements. If you use a Bring-Your-Own API key, the upstream provider (Anthropic, OpenAI, or Google) becomes your direct counterparty for that request and bills you under their own terms and privacy policy. We act solely as a transient forwarder for that call and do not retain the key.
  • Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of CodeSnatch, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
  • Third-Party Software Vendors: When you purchase a third-party software license through the Platform (for example, Onyx Code Pro — a desktop AI coding environment developed by Loko Technologies Ltd.), we share aggregate sales data and limited license-record metadata (anonymized purchase counts, refund counts) with that vendor for revenue reporting and product analytics. We do not share your email address, payment details, or activation-call IP addresses with vendors for marketing purposes. See Section 7 below for the full data flow.

6. AI Technology

The Platform includes AI-assisted learning features that help you understand DSA concepts, receive hints, and get explanations. These features operate on a token-based usage model.

  • Your queries to AI features are sent to third-party AI providers for processing. We transmit only the information necessary to generate a response.
  • We do not use your personal content, code submissions, or learning data to train AI models.
  • AI token consumption is tracked for billing and usage management purposes.
  • Bring-Your-Own API Keys: Any authenticated user may optionally supply their own Anthropic, OpenAI, or Google API key. When you do, the key is stored only in your browser's local storage on the device you entered it on. The key is transmitted over an encrypted HTTPS connection to our server only as a request header on each AI call, used in memory to issue that single request to the upstream provider, and discarded when the request completes. We do not write your API key to any database, log file, analytics tool, or backup we control. We do not share it with any party other than the provider it targets (Anthropic, OpenAI, or Google). We retain only a boolean flag on the corresponding usage log indicating that a personal key was used for that request, so that the request can be excluded from platform AI token deductions. You can remove the key at any time from Settings, which wipes it from that browser.
  • The Platform uses automated recommendations to suggest learning paths, populate your review queue, and surface relevant practice problems based on your progress and performance. These recommendations are generated algorithmically and do not involve profiling for purposes unrelated to the Platform.

7. Third-Party Software Licensing

The Platform resells third-party developer software licenses. The current third-party product offered is Onyx Code Pro, a desktop AI coding environment developed by Loko Technologies Ltd. When you purchase a third-party software license through the Platform — either as a paid purchase or as a benefit bundled into a CodeSnatch Premium subscription — the following data flows apply:

  • Purchase: We process your payment through Stripe under our merchant-of-record agreement, issue the invoice, and remit applicable taxes. Your payment details are handled entirely by Stripe.
  • License record: We create a license record in our database containing the generated license code, the email address associated with your CodeSnatch account, the product type, the source of issuance (paid purchase or Premium bundle), and the timestamps of issuance.
  • Activation: When you activate the software, the third-party application on your computer contacts our license activation API. The application transmits the license code, a one-way SHA-256 hash of stable hardware identifiers (the "Machine ID", which we never reverse), the application version, an optional human-readable device label, and the request IP address (for rate limiting and the “was this you?” security email). We store the hashed Machine ID and a truncated IP (truncated to /24 for IPv4 and /48 for IPv6 in our server logs after 30 days).
  • Refresh: The third-party application periodically refreshes its activation token by repeating the activation call. Each refresh transmits the same fields and is logged identically.
  • Device management: If you remove a device from your license through the third-party application, we receive a request to revoke that device record, send an email-confirmation deep link to your address on file, and on click clear the device record.
  • Email delivery: Activation codes, recovery codes, device-removal confirmations, and security notifications are sent from our Resend account to the email address associated with your CodeSnatch account.
  • Offline license file mint: If you mint an offline license file at our offline-activation page, we record the issuance against a per-device 30-day cooldown to prevent abuse. The minted file contains the hashed Machine ID, validity dates, and an Ed25519 signature; we do not store the file itself after delivery.

Your use of the third-party software itself (chat, autocomplete, agents, file processing on your local machine) is governed by the vendor's Terms of Service and Privacy Policy. For Onyx Code Pro, those are published by Loko Technologies Ltd. at onyxcode.app/terms and onyxcode.app/privacy. We do not transmit your CodeSnatch user content, learning data, or platform activity to Loko Technologies Ltd. — only the data described above strictly necessary to issue and verify the license.

CodeSnatch Premium bundle: CodeSnatch Premium subscribers receive an Onyx Code Pro license automatically upon Premium activation, at no additional cost. The same data flows above apply. If your Premium subscription ends, is refunded in full, or is the subject of a chargeback, the bundled Onyx Code Pro license is automatically revoked (this triggers a revocation email to your address on file).

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Platform's services. If you request deletion of your account, we will remove your personal data within 30 days, except where retention is required by law (e.g., financial transaction records). Community content you have published may be anonymized rather than deleted if it has been relied upon by other users. Anonymized and aggregated data that cannot be used to identify you may be retained indefinitely for analytics and Platform improvement purposes.

9. Data Security

We implement industry-standard security measures to protect your personal information, including encryption in transit (TLS/SSL), secure password hashing (bcrypt), role-based access controls, and regular security reviews. Payment data is handled entirely by Stripe, which is PCI DSS compliant. However, no method of electronic storage or transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

10. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete personal data.
  • Deletion: Request that we delete your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, commonly used, and machine-readable format.
  • Consent Withdrawal: Withdraw consent for optional data processing at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Marketing Preferences: Opt out of promotional communications at any time by using the unsubscribe link in our emails or by contacting us.

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

11. Children's Privacy

The Platform is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are between 13 and 18 years of age, you may only use the Platform with the consent of a parent or legal guardian. If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child under 13, please contact us at [email protected].

12. International Data Transfers

CodeSnatch operates globally, and your information may be transferred to and processed in countries other than your country of residence, including Canada and the United States. These countries may have data protection laws that differ from your jurisdiction. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or other legally recognized transfer mechanisms, to protect your information in accordance with this Privacy Policy.

13. Third-Party Links

The Platform may contain links to third-party websites, services, or resources that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify registered users of material changes via email and/or a prominent notice on the Platform. The "Last updated" date at the top of this page reflects the most recent revision. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

15. Regional Provisions

15.1 European Economic Area (EEA) and United Kingdom

If you are located in the EEA or UK, we process your personal data on the following legal bases: performance of a contract (providing the Platform services), your consent (where applicable), legitimate interests (improving and securing the Platform), and compliance with legal obligations. Where we rely on legitimate interests, we ensure these do not override your fundamental rights. Under the GDPR, you have the right to access, rectify, and erase your personal data (the "right to be forgotten"), as well as the right to restrict processing, data portability, and to object to processing. For international data transfers outside the EEA/UK, we use Standard Contractual Clauses (SCCs) approved by the European Commission. You also have the right to lodge a complaint with your local data protection authority.

15.2 California (CCPA/CPRA)

If you are a California resident, you have the right to: know what personal information we collect and how it is used; request deletion of your personal information; opt out of the sale or sharing of personal information (we do not sell personal information); and not be discriminated against for exercising your privacy rights. To exercise these rights, contact us at [email protected].

15.3 Canada (PIPEDA)

CodeSnatch is operated from British Columbia, Canada, and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and British Columbia's Personal Information Protection Act (PIPA). We collect, use, and disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances. You have the right to access and correct your personal information and to withdraw consent, subject to legal or contractual restrictions.

16. Cookies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and core Platform functionality. These cannot be disabled without impairing your ability to use the Platform.
  • Analytical Cookies: Help us understand how users interact with the Platform, which pages are most popular, and where users encounter issues. This data is used to improve the Platform.
  • Functionality Cookies: Remember your preferences, language settings, and customizations to provide a more personalized experience.

You can manage cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at [email protected].

Back to Home · Terms & Conditions

Privacy Policy