Privacy Policy

This Privacy Policy explains how Related Code Kft. (“we,” “us,” or “our”), as the data controller, collects, uses, and protects the personal information of users (“you” or “your”) when you access and use our AI chat service (“the Service”). By using the Service, you agree to the terms and practices described in this Privacy Policy.

Information Collection and Use

To access and use the Service, you must be a registered user and at least 18 years old. You can sign up or log in using one of four authentication methods: email and password, Google account, Apple account, or as a guest user.

We collect and process the following categories of personal data:

• Account data — Email address and display name (when applicable)
• Conversation data — Messages, prompts, and AI-generated responses
• Uploaded files — File attachments you submit through the Service
• Payment data — Billing information collected and processed by Stripe on our behalf
• Usage data — Message counts, token usage, feature utilization, and rate-limiting data
• Device and browser data — IP address, device type, browser, and referrer information collected by our hosting provider
• Log data — User ID, model usage, token counts, feature flags, and error details for debugging and monitoring

We do not sell your personal data. We only share your data with the third-party service providers described in this Privacy Policy as necessary to operate and deliver the Service.

In addition to the data we collect, you may submit content through the Service — including messages, prompts, and file uploads — that is processed by our AI providers to generate responses. This user-submitted content may contain personal data at your discretion. We treat such content as described in the relevant sections below.

Firebase Services

We use Firebase, a Google product, for authentication, database, and file storage services:

• Firebase Authentication — Your authentication data is securely stored and managed by Firebase
• Firestore Database — User-entered and AI-generated data (threads, messages) are stored securely
• Firebase Storage — File uploads and attachments are stored with encryption

For more information on how Firebase handles user data, please refer to their Privacy Policy.

Usage Tracking and Rate Limiting

We use Upstash Redis for usage tracking, rate limiting, and caching to ensure fair use of the Service and prevent abuse. This includes tracking message counts, token usage, and feature utilization. For more information, please refer to Upstash's Privacy Policy.

Payment Processing

We use Stripe to process payments for paid subscription plans. When you subscribe to a paid plan, Stripe collects and processes your payment information (such as credit card number, billing address, and related details) directly. We do not store your full payment card details on our servers.

Stripe may collect additional information as necessary to process your payment and prevent fraud. For more information on how Stripe handles your data, please refer to Stripe's Privacy Policy.

AI and Language Model Providers

We integrate multiple advanced AI technologies to provide intelligent responses. When you use the Service, your messages are processed by the selected AI provider. Each provider has their own data handling practices:

Additional providers may include Vercel v0, MiniMax, ZAI, and others. Your data is processed by these providers as necessary to deliver the Service, as described in their respective privacy policies.

We access all AI providers via their commercial APIs. Under their API terms, your messages and data are not used to train or fine-tune their models. We do not use your conversations to train any AI models ourselves.

Web Search Functionality

When web search is enabled, we use Exa to provide real-time search results and web content for AI responses. Your search queries are processed by Exa to retrieve relevant information. For more information, please refer to Exa's Privacy Policy.

Website Hosting and Analytics

Our website and all services are hosted on Vercel. Vercel may collect certain data for analytics purposes, including page views, sessions, visitor country, device type, browser, and referrer information. For more information, please refer to Vercel's Privacy Policy.

Logging and Monitoring

We use Axiom for server-side logging and monitoring to maintain the reliability and performance of the Service. Logs may include your user ID, model usage, token counts, feature flags (such as web search or reasoning), and error details. These logs are used solely for debugging, performance monitoring, and abuse prevention. We do not log the content of your messages. For more information, please refer to Axiom's Privacy Policy.

Authentication Providers

We offer multiple authentication methods for your convenience:

• Email/Password — Traditional authentication managed by Firebase
• Google Sign-In — OAuth authentication via Google
• Apple Sign-In — OAuth authentication via Apple
• Guest Login — Anonymous authentication with limited features

When using social login providers, we receive only the necessary information (email, display name) to create your account. We do not access any other data from your social accounts.

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contractual Necessity — Processing required to provide the Service you signed up for (account management, message processing, file storage, web search, and other features you use)
• Legitimate Interest — Processing for security, fraud prevention, usage monitoring, logging, analytics, and service improvement
• Consent — Where you have given explicit consent, such as subscribing to marketing communications or accepting analytics cookies
• Legal Obligation — Processing required to comply with applicable laws and regulations

Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service:

• Essential Cookies — Required for authentication, session management, and core functionality. These cannot be disabled.
• Analytics Cookies — Used by Vercel Analytics to collect aggregated, anonymous usage data such as page views, session duration, and device information

We do not use advertising or third-party tracking cookies. Analytics cookies are only set with your prior consent, which you can grant or withdraw at any time via the cookie banner displayed when you first visit the Service. You can also manage cookie preferences through your browser settings, though disabling essential cookies may prevent the Service from functioning properly.

Our Service does not respond to “Do Not Track” (DNT) browser signals, as there is no industry-standard protocol for compliance. However, you can control tracking through the cookie consent banner and your browser settings.

International Data Transfers

Our Service relies on third-party providers located outside the European Economic Area (EEA), primarily in the United States. This means your personal data may be transferred to and processed in countries that may not provide the same level of data protection as your home country.

Where such transfers occur, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or the provider's certification under recognized frameworks to ensure your data remains protected in accordance with GDPR requirements. We maintain Data Processing Agreements (DPAs) with our sub-processors to ensure they process your data in compliance with GDPR.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Secure authentication with support for OAuth providers
• Rate limiting and abuse prevention mechanisms
• Regular monitoring and logging of access to systems
• Use of industry-standard cloud infrastructure with built-in security controls

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where required, inform affected users in accordance with GDPR.

Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information as soon as possible. If you believe a child has provided us with personal data, please contact us at info@relatedcode.com.

Your Rights Under GDPR

As a user in the European Economic Area (EEA), you have the following rights regarding your personal data under GDPR:

• Access — Request access to your personal data
• Rectification — Correct inaccurate or incomplete data
• Erasure — Request deletion of your personal data
• Restrict Processing — Limit how we process your data
• Data Portability — Receive your data in a portable format
• Object — Object to processing for marketing or legitimate interests
• Withdraw Consent — Withdraw consent for data processing at any time

To exercise these rights, contact us at info@relatedcode.com. We will respond without undue delay and in any event within one month of receiving your request. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

You also have the right to lodge a complaint with a supervisory authority. For users in Hungary, the relevant authority is the Hungarian National Authority for Data Protection and Freedom of Information (NAIH): naih.hu.

Data Retention and Deletion

We retain your personal data only as long as necessary to provide our Service or as required by law. Specific retention periods are as follows:

• Account data (email, display name) — Retained while your account is active; deleted within 30 days of account deactivation
• Conversation data (threads, messages, uploaded files) — Retained while your account is active; deleted within 30 days of account deactivation
• Usage and rate-limiting data (Upstash Redis) — Retained for up to 90 days
• Server logs (Axiom) — Retained for up to 90 days
• Billing records (Stripe) — Retained as required by applicable tax and accounting laws (up to 8 years under Hungarian law)

If you deactivate your account, we will delete your personal data within 30 days unless we are required to retain it for legal or regulatory reasons.

You can request the deletion of your data at any time by contacting us at info@relatedcode.com. We will comply with your request unless we are legally obligated to retain the data.

Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significantly affects you. AI-generated responses are provided as informational output based on your input and do not constitute automated decisions about you.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal information, please contact us at:

Given the nature and scale of our data processing activities, we are not required to appoint a Data Protection Officer under GDPR. For any data protection inquiries, please contact us at the email address above.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will notify users of significant changes via email or through the Service, and any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this Privacy Policy periodically.