Privacy Policy
Last updated: 2026-07-04
CodeCortex Chat(“we”, “us”, or “the Service”) is operated by CodeCortex and is accessible at https://codecortex.co. We take your privacy seriously. This Policy explains what information we collect, how we use it, and the choices you have. By using the Service, you consent to the practices described here.
1. Information We Collect
1.1 Information you provide
- The text prompts and messages you enter into the chat.
- Conversation titles (auto-generated or edited by you).
- Settings you configure (system prompt, theme, language, thinking-mode toggle).
1.2 Information collected automatically
- Your approximate country, derived from the Vercel
x-vercel-ip-countryheader, used solely to pick a default UI language. - Your IP address, used only in-memory for server-side rate limiting and discarded immediately after the request completes.
- Standard request logs maintained by Vercel (URL, timestamp, status code, user-agent) for security and abuse prevention.
1.3 Information we do not collect
- We do not use cookies for tracking.
- We do not deploy analytics scripts (no Google Analytics, no Plausible, no Hotjar).
- We do not maintain user accounts, email addresses, or any personally identifiable account data.
- Your conversations are stored only in your browser's
localStorage; they never touch our server storage.
2. How Your Data Is Processed
When you send a message, it is forwarded from your browser to our server route (/api/chat) and then relayed to the OpenRouter API (openrouter.ai) for processing. OpenRouter returns a streamed response that we pass back to your browser in real time. Neither we nor OpenRouter retain your prompts beyond what is strictly necessary to fulfil the request.
OpenRouter's data handling is governed by their own privacy policy and terms available at openrouter.ai/privacy. We encourage you to review it.
3. Legal Basis (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal basis for processing your messages is Article 6(1)(b) GDPR (performance of a contract — you asked us to send the message to the model and return the response). The legal basis for IP-based rate limiting and locale detection is Article 6(1)(f) GDPR (our legitimate interest in preventing abuse and providing a usable default language).
4. Data Retention
- Conversations: retained in your browser until you clear them via Settings → Clear all conversations or clear browser data.
- Server logs: Vercel retains edge and function logs for up to 30 days for security and debugging.
- OpenRouter prompts: governed by OpenRouter's retention policy referenced above.
5. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you.
- Request correction or deletion of your data.
- Object to or restrict certain processing.
- Lodge a complaint with your local data-protection authority.
Because we do not maintain user accounts, the easiest way to exercise these rights is to clear your browser's localStorage for this site. For any further request, contact us at privacy@codecortex.co.
6. Children's Privacy
The Service is not directed to children under 13 (or the equivalent minimum age in the relevant jurisdiction). We do not knowingly collect personal information from children. If you believe a child has used the Service, please contact us and we will take appropriate steps.
7. Third-Party Links & Content
AI responses may contain links to third-party websites or generated code snippets. We are not responsible for the content, privacy practices, or accuracy of third-party sites. Markdown rendering on this site disallows raw HTML and strips potentially dangerous elements (scripts, iframes, etc.) to mitigate XSS risks.
8. Advertising
We may display advertising served by Google AdSense or other partners. Advertisers may use cookies to serve ads based on your prior visits to this and other websites. Google's use of advertising cookies enables it and its partners to serve ads based on your visits. You may opt out of personalised advertising by visiting Google Ads Settingsor aboutads.info/choices. See our Cookie Policy for details.
9. International Transfers
The Service runs on Vercel's global edge network and the OpenRouter API is operated from jurisdictions that may differ from your own. By using the Service, you consent to the transfer of your messages to such jurisdictions for processing.
10. Security
API keys are stored only in server-side environment variables and are never exposed to the browser. All communication between your browser and our server is encrypted via HTTPS. We apply per-IP rate limiting, input validation, and security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy) to mitigate common web attacks.
11. Changes to This Policy
We may update this Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be announced on the homepage.
12. Contact
Questions about this Policy? Email privacy@codecortex.coor visit our Contact page.
CodeCortex Chat — a fast, private, streaming AI chat powered by OpenRouter. Markdown rendering, code highlighting, thinking mode, multi-language UI.