Legal

Privacy Policy

Effective Date: February 25, 2026 · Last Updated: February 25, 2026

1. Introduction

ConstantCoder (“Company,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, retain, and safeguard information when you visit our website at constantcoder.ai (the “Site”), use our platform, APIs, autonomous coding agents, and any related services (collectively, the “Services”).

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Services.

2. Information We Collect

2.1 Information You Provide Directly

  • Account & Registration Data: When you sign up for the Services, sign up for early access, or create an account, we collect your name, email address, company name, job title, and any other information you voluntarily submit.
  • Payment Information: If you purchase a subscription or incur metered overage, we collect billing details such as credit card number, billing address, usage totals, and transaction history. Payment processing is handled by our third-party payment processor (Stripe), and we do not store full credit card numbers on our servers.
  • Repository & Code Data: When you connect your GitHub, GitLab, Bitbucket, or other source control repository, our agents access your codebase to perform the services you have authorized. This may include source code, configuration files, commit history, pull request metadata, issue tracker data, and related content.
  • Communications: When you contact us for support, send feedback, or communicate with us through any channel, we collect the content of those communications along with associated metadata (e.g., timestamps, sender information).
  • Configuration Data: Configuration files, agent settings, workflow definitions, permissions, and preferences you define for your autonomous agents.

2.2 Information Collected Automatically

  • Usage Data: We collect information about how you interact with the Services, including pages visited, features used, agent deployment activity, session duration, click patterns, and navigation paths.
  • Device & Browser Information: We automatically collect your IP address, browser type and version, operating system, device identifiers, screen resolution, language preference, and referring URL.
  • Log Data: Our servers automatically record information including requests made to our APIs, access times, hardware and software information, crash reports, and system activity.
  • Cookies & Tracking Technologies: We use cookies, web beacons, pixel tags, and similar technologies to collect information about your browsing activity, maintain session state, and analyze service performance. See Section 7 for more details.
  • Analytics Data: We use Vercel Analytics and may use other analytics tools to understand how users engage with our Site and Services.

2.3 Information From Third Parties

  • Source Control Providers: When you authorize a connection to GitHub, GitLab, Bitbucket, or other source control platforms, we receive account information, repository metadata, organization details, and access tokens in accordance with the permissions you grant.
  • Issue Trackers: If you connect Linear, Jira, GitHub Issues, or other project management tools, we receive ticket data, project information, and related metadata.
  • Authentication Providers: If you authenticate using a third-party provider (e.g., Google, GitHub OAuth), we receive basic profile information from that provider.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, operate, maintain, and improve the Services, including deploying autonomous coding agents that analyze, maintain, build, and architect your codebase.
  • Account Management: To create, authenticate, and manage your account; process payments and billing; and maintain your subscription.
  • Agent Operations: To enable our AI agents to read your code, write code, open pull requests, run CI/CD pipelines, and perform other authorized engineering tasks on your behalf.
  • Communications: To send you transactional emails (e.g., account confirmations, billing receipts, agent activity notifications), respond to support requests, and provide updates about the Services.
  • Product Improvement: To analyze usage patterns, diagnose technical issues, improve agent performance, develop new features, and enhance user experience.
  • Security & Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, abuse, and other harmful activity.
  • Compliance: To comply with applicable legal obligations, enforce our Terms of Service, and protect our legal rights.
  • Marketing (with consent): Where permitted by law and with your consent, to send promotional communications about new features, product updates, and relevant content. You may opt out at any time.

4. How We Share Your Information

We do not sell your personal information. We may share information in the following limited circumstances:

  • Service Providers: We share information with trusted third-party vendors who perform services on our behalf, including cloud infrastructure providers, payment processors (Stripe), analytics services (Vercel Analytics), email delivery services, and customer support tools. These providers are contractually obligated to use your information only as necessary to provide services to us and are bound by confidentiality obligations.
  • Source Control & CI/CD Integrations: To deliver the Services, our agents interact with your connected source control platforms and CI/CD systems. Data exchanged with these platforms is governed by both this Privacy Policy and the respective platform’s own privacy policy.
  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
  • Legal Requirements: We may disclose information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.
  • With Your Consent: We may share information for any other purpose disclosed to you at the time we collect the information or with your explicit consent.
  • Aggregated or De-identified Data: We may share aggregated or de-identified information that cannot reasonably be used to identify you for research, analytics, benchmarking, or other lawful purposes.

5. Data Security

We implement industry-standard administrative, technical, and physical security measures designed to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: All data transmitted between your browser and our Services is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption.
  • Infrastructure Isolation: Your code never leaves your Virtual Private Cloud (VPC). Agents run in isolated sandboxes with least-privilege access, ensuring strict separation between customer environments.
  • SOC 2 Compliance: Our infrastructure and practices are designed to meet SOC 2 Type II compliance standards, covering security, availability, processing integrity, confidentiality, and privacy.
  • Access Controls: We enforce role-based access controls, multi-factor authentication for internal systems, and regular access reviews to limit data access to authorized personnel only.
  • Monitoring & Incident Response: We continuously monitor our systems for security threats and maintain an incident response plan to promptly address any security events.
  • Regular Audits: We conduct regular security assessments, penetration testing, and vulnerability scans of our infrastructure and codebase.

While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Services. We also retain information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes.

  • Account Data: Retained for the duration of your account and for up to 30 days following account deletion to allow for account recovery.
  • Code & Repository Data: Processed in real-time by our agents and not persistently stored beyond what is necessary for active service delivery. Upon disconnection of a repository or account termination, all cached code data is purged within 72 hours.
  • Usage & Analytics Data: Retained in identifiable form for up to 24 months, after which it is aggregated or anonymized.
  • Payment Records: Retained for up to 7 years as required by applicable tax and financial regulations.
  • Communication Records: Support tickets and correspondence are retained for up to 3 years following resolution.

7. Cookies & Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for the operation of the Site and Services, including session management, authentication, and security. These cannot be disabled.
  • Performance & Analytics Cookies: Help us understand how visitors interact with the Site by collecting and reporting information anonymously. We use Vercel Analytics for this purpose.
  • Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings.

Most web browsers are set to accept cookies by default. You can modify your browser settings to decline cookies or alert you when cookies are being sent. Note that disabling cookies may affect the functionality of the Services.

8. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to certain legal exceptions.
  • Portability: Request a copy of your personal information in a structured, commonly used, machine-readable format.
  • Restriction: Request that we restrict processing of your personal information under certain circumstances.
  • Objection: Object to the processing of your personal information for direct marketing or where we rely on legitimate interests.
  • Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • Opt-Out of Marketing: Unsubscribe from promotional emails by clicking the “unsubscribe” link in any marketing email or by contacting us directly.
  • Do Not Track: We currently do not respond to “Do Not Track” browser signals. We will update this policy if that changes.

To exercise any of these rights, please contact us at contact@seaportand.co. We will respond to your request within 30 days (or sooner where required by applicable law). We may request additional information to verify your identity before processing your request.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected, the categories of sources, the business or commercial purpose for collecting, and the categories of third parties with whom we share personal information.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
  • Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information for purposes authorized by the CPRA.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a request, email contact@seaportand.co with the subject line “California Privacy Request.”

10. European Economic Area, United Kingdom & Swiss Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable local data protection laws.

10.1 Legal Bases for Processing

  • Contract Performance: Processing necessary to perform our contract with you (e.g., providing the Services, managing your account).
  • Legitimate Interests: Processing necessary for our legitimate interests, including improving the Services, ensuring security, and conducting analytics, provided these interests are not overridden by your fundamental rights.
  • Consent: Where you have given explicit consent to the processing (e.g., marketing communications).
  • Legal Obligation: Processing necessary to comply with a legal obligation to which we are subject.

10.2 International Data Transfers

Your personal data may be transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country. We ensure that appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognized transfer mechanisms.

10.3 Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority in your country of residence if you believe our processing of your personal data infringes applicable data protection law.

11. Children’s Privacy

The Services are not directed to individuals under the age of 16 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take reasonable steps to delete such information promptly. If you believe we have collected information from a child, please contact us at contact@seaportand.co.

12. Third-Party Links & Services

The Services may contain links to third-party websites, services, or integrations (e.g., GitHub, GitLab, Bitbucket, Linear, Jira, Stripe) that are not operated by us. We are not responsible for the privacy practices or content of these third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with our Services.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes, we will notify you by posting the updated policy on our Site with a revised “Last Updated” date and, where required by law, provide additional notice (such as email notification or an in-app banner). Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

ConstantCoder

Email: contact@seaportand.co

Website: constantcoder.ai

We will endeavor to respond to all legitimate requests within 30 days. In certain circumstances, it may take us longer if your request is particularly complex or you have made multiple requests, in which case we will notify you and keep you updated.