Privacy Policy

1. Who Controls Your Data

CodeGround is the controller for the personal data described here, except where a service provider acts as an independent controller for its own services. Contact us at codegroundsupport@gmail.com.

2. Data We Collect

• Account data: email address, authentication identifiers, display name, avatar URL, sign-in state, and profile settings.
• Practice data: problem submissions, code, quant answers, test results, progress, score reports, transcripts, notes, and whiteboard content.
• Resume deep-dive data: uploaded resume files, extracted resume text, generated questions, and temporary resume context.
• Voice and AI data: voice transcripts, AI prompts and responses, whiteboard snapshots/images when you ask for visual help, token usage, and provider-cost telemetry.
• Billing data: plan selection, subscription status, Stripe customer/subscription/invoice identifiers, refund requests, cancellation status, acceptance records, and payment metadata. We do not store full card numbers.
• Security and operations data: IP-derived rate-limit fingerprints, user agent, request timestamps, concurrency locks, error states, and abuse-prevention records.
• Device storage: local storage and session storage values used for auth sessions, dashboard filters, workspace state, and product preferences.

3. Why We Use Data

• Provide the service, authenticate users, save progress, run practice workspaces, and generate interview feedback.
• Process payments, renew subscriptions, provide invoices, manage cancellations, review refunds, and enforce plan limits.
• Protect CodeGround, prevent abuse, rate-limit costly AI/voice actions, investigate security events, and respond to disputes.
• Improve reliability, debug issues, measure aggregate usage, and maintain billing-cost controls.
• Comply with legal obligations and enforce our Terms.

4. Legal Bases for EEA/UK Users

Where GDPR or UK GDPR applies, we rely on contract necessity to create accounts, provide paid subscriptions, run interviews, save submissions, and deliver requested AI/voice/resume features. We rely on legitimate interests for security, fraud prevention, product reliability, usage analytics, dispute evidence, and abuse controls. We rely on legal obligation for tax, accounting, and required compliance records. If we ask for consent for a specific optional activity, you can withdraw that consent where applicable.

5. Service Providers and Sharing

We share data with service providers only as needed to operate CodeGround. Current categories include authentication and database hosting, payment processing, AI model providers, voice/transcription providers, hosting, logging, and customer support tooling. These providers may process data in the United States or other countries.

We may also share relevant records with Stripe, card networks, banks, legal advisors, regulators, or law enforcement when needed for payment disputes, refunds, fraud prevention, legal claims, or compliance.

CodeGround does not sell personal data or process personal data for targeted advertising. If our practices change, we will update this notice and provide any rights or opt-out mechanisms required by applicable law.

6. AI, Resume, and Voice Processing

When you use AI assistance, mock interview voice responses, quant checking, resume deep dives, or whiteboard visual help, the relevant content may be sent to AI or voice providers to generate the requested response. Do not upload sensitive personal data, secrets, confidential employer information, production credentials, or information you do not have permission to process.

7. Retention

We keep account, billing, acceptance, subscription, refund, and dispute-related records as long as needed for service, accounting, tax, security, legal, and chargeback purposes. Practice submissions, score reports, and profile data are generally retained until you ask us to delete them, subject to legal and operational exceptions. Ending a subscription, losing paid access, or having an account suspended or terminated does not automatically delete stored data. Resume deep-dive context is designed to be temporary, but generated questions and interview results may remain in your account history if you save or use them in the app.

8. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal data. EEA/UK users may also lodge a complaint with a data protection authority. To make a request, email codegroundsupport@gmail.com. We may need to verify your identity and may retain limited records where required for billing, security, disputes, or law. If applicable law gives you a right to appeal our response, you may appeal by replying to our response or emailing the same address with the subject "Privacy Appeal."

9. Security

We use technical and organizational measures such as authenticated API access, row-level database controls, server-side provider keys, rate limits, concurrency limits, security headers, and operational cleanup jobs. No system is perfectly secure, so you should avoid storing secrets or highly sensitive information in practice workspaces.

10. Changes

We may update this Privacy Policy as CodeGround changes. If changes are material, we will take reasonable steps to notify users by email, through an in-product notice, or by posting an updated policy and changing the effective date above.