Privacy Policy

By CodeCleaner AI Team

- 13 minutes read - 2626 words

CodeCleaner AI - Privacy Policy

Last Updated: June 08, 2025

1. Introduction

Welcome to CodeCleaner AI (“codecleaner.ai”, the “Service”), operated by Wermi Pte Ltd (“Wermi,” “we,” “us,” or “our”). We are committed to protecting your privacy and handling your personal data in an open and transparent manner.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. It also outlines your data protection rights under applicable laws, including the EU General Data Protection Regulation (GDPR), Singapore’s Personal Data Protection Act 2012 (PDPA), and relevant principles from United States privacy laws.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Wermi Pte Ltd, registered in Singapore, is the primary data controller for the personal data processed in connection with the Service.

2. Information We Collect

We collect several different types of information for various purposes to provide and improve our Service to you.

2.1. Personal Information You Provide to Us:

  • Account Information: When you register for an account, we collect information such as your name, email address, and password.
  • Subscription Information: If you subscribe to a paid plan, we (or our third-party payment processors) collect payment and billing information (e.g., credit card details, billing address). Wermi Pte Ltd itself typically does not store full credit card numbers, relying on PCI-DSS compliant payment processors.
  • Communications: If you contact us for support or other inquiries, we collect the information you provide in your communications (e.g., email address, content of your message).
  • API Keys (BYOK Feature): If you use the “Bring Your Own Key” (BYOK) feature for third-party Large Language Models (LLMs), you provide your API key for that specific LLM directly to the Service for the purpose of enabling that integration. We transmit this key as instructed by you to the respective LLM provider but do not use it for any other purpose.

2.2. Information We Collect Automatically:

  • Usage Data: We automatically collect information about how you access and use the Service. This may include your IP address, browser type, browser version, operating system, device information, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, features used, error logs, and other diagnostic data.
  • Cookies and Similar Tracking Technologies: We use cookies and similar tracking technologies (e.g., web beacons, pixels) to track activity on our Service, store certain information, and improve and analyze our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. For more details, please refer to our [Cookie Policy (if you have one, link it here, otherwise expand this section)].

2.3. Your Code Snippets and Related Data:

  • Purpose of Processing Code: When you submit code snippets or files to CodeCleaner AI for analysis, writing assistance, debugging, or fixing, we process this code solely to provide you with the requested Service functionality.
  • NO TRAINING ON YOUR CODE: We do not use any of your proprietary code snippets, files, or any personally identifiable information contained within your code to train our own AI models or any third-party AI models.
  • Temporary Processing: Code snippets are processed to provide you with real-time suggestions and analysis. We may temporarily store code snippets associated with your session or project within the Service to enable features like history or context awareness for your convenience. You retain control over your code.
  • Anonymized and Aggregated Data for Service Improvement: We may use anonymized and aggregated data derived from the use of the Service (e.g., frequency of use of certain features, common types of errors in a non-identifiable way) to improve the overall functionality, performance, and user experience of CodeCleaner AI. This data will not contain any of your personal information or identifiable code.

2.4. Information from Third-Party Integrations:

  • GitHub Integration (Power User Plan): If you choose to integrate your CodeCleaner AI account with your GitHub account, we will request your authorization to access certain information from your GitHub account (e.g., repository lists, code files you select for analysis) as necessary to provide the integration features. We will only access data that you explicitly authorize, and our use of that data will be limited to providing and improving the integration features. Your use of GitHub is subject to GitHub’s own privacy policy and terms of service.

3. How We Use Your Information

We use the collected data for various purposes:

  • To provide, operate, and maintain our Service.
  • To manage your account, including processing your subscriptions and payments.
  • To provide customer support and respond to your requests and inquiries.
  • To communicate with you about your account, service updates, security alerts, and promotional offers (where you have consented to receive such communications).
  • To personalize and improve the Service, including monitoring usage trends and developing new features.
  • To ensure the security and integrity of our Service, prevent fraud, and enforce our terms.
  • To comply with legal obligations and respond to lawful requests from public authorities.
  • For an_alytical purposes, using anonymized and aggregated data to understand how our Service is used and to improve it.

4. How We Share and Disclose Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We may share your information with third-party vendors, consultants, and other service providers who perform services on our behalf, such as payment processing (e.g., Stripe, PayPal), hosting, data analytics, email delivery, and customer service. These service providers are contractually obligated to protect your data and are restricted from using your personal information for any other purpose.
  • Third-Party LLM Providers (BYOK): When you use the BYOK feature, your API key and the code you submit for analysis via that key are transmitted directly to the selected LLM provider (e.g., OpenAI, Gemini, Anthropic). Your interaction with these providers is governed by their respective privacy policies and terms of service. Wermi Pte Ltd is not responsible for the data practices of these LLM providers when you use your own keys.
  • GitHub (Integration): If you use the GitHub integration, information will be shared with GitHub as necessary to provide the Service features, subject to your authorization and GitHub’s policies.
  • Legal Obligations and Rights Protection: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:
    • Comply with a legal obligation (e.g., subpoena, court order).
    • Protect and defend the rights or property of Wermi Pte Ltd.
    • Prevent or investigate possible wrongdoing in connection with the Service.
    • Protect the personal safety of users of the Service or the public.
    • Protect against legal liability.
  • Business Transfers: In the event of a merger, acquisition, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Wermi Pte Ltd’s assets, your personal information may be among the assets transferred. We will notify you before your personal information is transferred and becomes subject to a different privacy policy.
  • With Your Consent: We may disclose your personal information for any other purpose with your explicit consent.
  • Aggregated or Anonymized Data: We may share aggregated or anonymized information that does not directly identify you with third parties for research, marketing, analytics, or other purposes.

5. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy, or as required to comply with our legal obligations (e.g., tax, accounting), resolve disputes, and enforce our legal agreements and policies.

  • Account Information: Retained for as long as your account is active and for a reasonable period thereafter in case you decide to re-activate the Service, or as necessary for our legitimate business interests or legal obligations.
  • Usage Data: Generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.
  • Code Snippets: Code snippets submitted for analysis are generally processed in real-time and may be stored temporarily in association with your active session or project to enhance user experience (e.g., for undo features or context continuity). You have control over your projects and can delete them. We do not retain your code for purposes other than providing the service to you.

6. Data Security

We implement appropriate technical and organizational measures to protect the security of your personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include data encryption, access controls, and secure software development practices. However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7. Your Data Protection Rights

Depending on your location and applicable data protection laws, you may have certain rights regarding your personal information.

7.1. For Users in the European Economic Area (EEA) - GDPR:

If you are a resident of the EEA, you have the following data protection rights:

  • Right to Access: You can request copies of your personal information.
  • Right to Rectification: You can request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to Erasure (“Right to be Forgotten”): You can request that we erase your personal information, under certain conditions.
  • Right to Restrict Processing: You can request that we restrict the processing of your personal information, under certain conditions.
  • Right to Object to Processing: You can object to our processing of your personal information, under certain conditions, particularly where we rely on legitimate interests as our legal basis.
  • Right to Data Portability: You can request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority.

Our legal basis for collecting and using the personal information described in this Privacy Policy depends on the personal information we collect and the specific context in which we collect it. We primarily process your data based on:

  • Performance of a contract: To provide you with the Service you requested and manage your subscription.
  • Consent: For marketing communications or specific data processing activities where we ask for your consent.
  • Legitimate interests: For improving our Service, security, fraud prevention, provided these interests are not overridden by your data protection interests or fundamental rights and freedoms.
  • Legal obligations: To comply with applicable laws.

7.2. For Users in Singapore - PDPA:

If you are in Singapore, you have rights under the Personal Data Protection Act 2012 (PDPA), including:

  • Right to Access: You can request access to your personal data that is in our possession or under our control.
  • Right to Correction: You can request to correct an error or omission in your personal data that is in our possession or under our control.
  • Right to Withdraw Consent: You can withdraw your consent for the collection, use, or disclosure of your personal data at any time, by giving reasonable notice.
  • Data Portability: You may have the right to data portability under certain conditions as the PDPA evolves.

We have appointed a Data Protection Officer (DPO) who can be contacted regarding any questions or concerns about our personal data handling practices (see Section 12).

7.3. For Users in the United States:

While the US does not have a single federal privacy law akin to GDPR or PDPA, various state laws (e.g., California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), etc.) provide consumers with specific rights. These may include:

  • Right to Know/Access: The right to know what personal information is being collected about them, how it is used and shared.
  • Right to Delete: The right to request the deletion of their personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale/Sharing (if applicable): CodeCleaner AI does not “sell” personal information in the traditional sense or as defined by some of these laws. We do not share your personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights.

We will comply with applicable US state privacy laws as they come into effect and apply to our Service and our users.

To exercise any of these rights, please contact us using the contact details provided in Section 12. We will respond to your request in accordance with applicable data protection laws.

8. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

Wermi Pte Ltd is based in Singapore. If you are located outside Singapore and choose to provide information to us, please note that we transfer the data, including personal data, to Singapore and process it there. Our service providers may also be located in other countries.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. For transfers of personal data from the EEA, UK, or Switzerland to countries not deemed adequate by the European Commission, we rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.

9. Children’s Privacy

Our Service is not intended for use by individuals under the age of 18 (or the relevant age of majority in their jurisdiction). We do not knowingly collect personally identifiable information from children under this age. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and use personal data about you, including to serve interest-based advertising (where applicable and with your consent). For further information about the types of cookies and tracking technologies we use, why, and how you can control them, please see our [Cookie Policy (link if separate) or expand this section with details about cookie types, purposes, and management options].

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date at the top of this Privacy Policy. We may also provide notice to you through the Service or via email if the changes are material.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Service after the posting of such changes will constitute your acknowledgment and acceptance of the changes.

12. Contact Us / Data Protection Officer (DPO)

If you have any questions about this Privacy Policy, your data protection rights, or our data handling practices, or if you wish to make a complaint, please contact our Data Protection Officer at: xxx