Privacy

How CodeNeter handles your data.

What we collect, what gets sent where, what we never train on, and how to reach us across CodeNeter.

Last updated: May 5, 2026.

Table of contents
  1. What we collect
  2. Code and prompts
  3. Training
  4. Authentication and sessions
  5. Billing and analytics
  6. Remote session attach
  7. MCP and integrations
  8. Data retention
  9. Your rights
  10. Contact

What we collect

Account data

When you sign up we store the information needed to create and secure your account: email, display name, identity-provider id, and (for team plans) the workspace you belong to. We do not sell or rent this data.

Run metadata

For each agent run we record metadata: which surface (IDE, CLI, or remote), which model, request and response token counts, latency, tool-call counts, and outcome. This lets us bill correctly, show per-account analytics, and diagnose problems.

Metadata is not the prompt body. The text of your prompt and the text of the model response are handled separately and retained only as needed to operate the service, support analytics, investigate issues, and meet legal obligations.

Telemetry

Crash reports, performance traces, and feature-usage events may be collected to operate the product, support billing, diagnose problems, and improve reliability and security.

Code and prompts

When you run an agent, the prompt and the context the agent gathered — file contents it read, search results, command output, MCP responses, image attachments — may be processed by CodeNeter services and sent to the model provider you chose for that run.

We use this data to operate the product, route requests, enforce plan limits, provide analytics, and support reliability and abuse prevention.

The provider's own privacy policy governs what they do with the data while it is on their side.

Training

CodeNeter does not train any model on your code, prompts, or tool outputs. We do not sell, license, or share customer content with any third party for training.

When you choose a third-party model provider or connect your own account, that provider handles the request under its own terms and privacy policies. Review the provider's documentation and account settings if you need provider-specific training guarantees.

Authentication and sessions

Sign-in is handled through standard identity providers and email magic links. We store the minimum identity claims needed to authenticate you, plus a hashed session token.

Editor and CLI sign-in use per-device credentials and sessions. If you need help revoking access to a device or session, contact support.

Billing and analytics

If you purchase a paid plan, we and our service providers may process billing data such as plan tier, usage totals, billing status, and payment-related records needed to operate the service. We do not store full card numbers ourselves.

The dashboard shows per-account analytics built from the same run metadata used for billing. On team plans, workspace admins can see aggregated usage across members. Product and billing details may evolve as billing features roll out.

Remote session attach

Remote attach lets you join a running CLI session from the browser. While attached, CodeNeter relays the session events needed to keep your CLI and browser in sync, including streaming tool calls, output previews, and approval prompts.

To operate the feature, those events pass through CodeNeter infrastructure and are associated with your authenticated session. We keep remote-session data only as long as needed to operate the feature, support reliability, and enforce our retention practices.

Treat remote attach with the same caution as SSH access: anyone with your dashboard credentials can answer approval prompts on an attached session. On team plans, attach permissions are scoped per member.

MCP and integrations

When you enable an MCP server (local or hosted), the agent talks to it using the MCP protocol as needed to fulfill your requests. Depending on how the integration is configured, CodeNeter may store limited connection metadata and credentials needed to reach it on your behalf.

Third-party connections you wire in — your own ChatGPT account, hosted MCP services, anything else — operate under their own privacy policy and terms. Review those providers separately before sending sensitive data through them.

Data retention

We keep account data for as long as your account is active. Run metadata is kept long enough to support billing, reporting, and product analytics, security, and support, then aggregated or deleted according to our retention practices. Remote-session data is retained only as long as needed to operate the feature and support reliability.

Specific retention windows may vary by data type and applicable legal, operational, and security requirements.

Your rights

Depending on where you live, you may have rights to access, correct, export, delete, or object to certain processing of your personal data.

  • Request a copy of your account data and run history.
  • Request deletion of your account or specific personal data.
  • Ask us to correct inaccurate personal data.
  • Object to or request restriction of certain processing where applicable.

To make one of these requests, contact [email protected]. We may need to verify your identity before completing the request.

Specific GDPR, UK-GDPR, and CCPA rights — including the right to object, to portability, and to lodge a complaint with a supervisory authority — apply where the relevant law covers you.

Contact

Privacy questions, data-export requests, or deletion requests: [email protected].

For team and enterprise buyers, a Data Processing Addendum (DPA) is available on request through the same address.