Privacy Policy

ANATECH OÜ ("we", "us") operates ctxsync, an AI-powered code context platform. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Estonian and EU law.

We collect the following data:

• Account data: Email address and authentication credentials
• Project data: Repository URLs, project names, and configuration you provide
• Source data: Code from repositories, crawled web pages, and uploaded files synced into isolated containers
• Usage data: Chat interactions with AI assistants, feature usage patterns
• Server logs: IP address, browser type, and access timestamps (retained for 30 days)

Your data is used exclusively to:

• Provide and maintain the ctxsync service
• Process your sources within isolated AI containers
• Communicate with you about your account and service updates
• Improve the service based on aggregated, anonymized usage patterns
• Comply with legal obligations

We do not sell your data. We do not share your personal data with third parties for marketing purposes.

Your code is processed within isolated Docker containers dedicated to your account. Each container is sandboxed — no other user can access your data.

ctxsync does not use your data to train AI models. We do not retain your data beyond what is necessary to provide the service.

When you provide your own API keys for third-party LLM providers, your data and prompts are sent directly to those providers. Each provider has their own data handling and retention policies. It is your responsibility to review the terms and privacy policies of any LLM provider whose API keys you use with ctxsync.

We use the following third-party processors:

• Cloud hosting: For infrastructure and container hosting
• Email delivery: For transactional emails (account confirmation, notifications)
• Cloudflare: For CDN, DDoS protection, and security

All processors are bound by data processing agreements and comply with GDPR requirements.

Account data is retained for the duration of your account. Code data in containers is deleted when you remove a project or terminate your account. Server logs are retained for 30 days. Chat history is retained while your account is active.

Upon account deletion, all personal data is removed within 30 days, except where retention is required by law.

Under the GDPR, you have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data
• Erasure — request deletion of your data
• Portability — receive your data in a portable format
• Restriction — limit how we process your data
• Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), isolated container environments, and access controls. However, no system is completely secure, and we cannot guarantee absolute security.

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users. The "Last updated" date at the top of this page reflects the most recent revision.

For data protection inquiries, contact us at [email protected].