Legal

Privacy Policy

Last updated: May 26, 2026

CodeFlame ("we", "our", or "us") operates a self-hosted developer environment platform. This Privacy Policy explains what information we collect, how we use it, and how we protect it when you use our software or visit our website.

1. Information We Collect

We collect the following categories of information:

• Account data: username, display name, email address, and hashed password.
• Git identity: name and email used for Git commits, provided by you in your profile.
• OAuth tokens: access tokens for GitHub and Bitbucket, stored encrypted in our database and used solely to perform Git operations on your behalf.
• Workspace metadata: names, templates, and activity timestamps of your development environments.
• Usage data: last-seen timestamps and workspace activity, used for automatic idle shutdown.
• Payment data: billing details are processed by Stripe, Inc. We do not store credit card numbers or full payment details on our servers.

2. Self-Hosted Deployments

CodeFlame is designed to run on your own infrastructure. When you deploy CodeFlame on your servers, all workspace data, source code, and credentials remain within your environment. We do not have access to your workspaces, repositories, or the code written inside them.

3. How We Use Your Information

• To create and manage your account and workspaces.
• To authenticate you with GitHub or Bitbucket on your behalf.
• To process subscription payments via Stripe.
• To send transactional emails (e.g., billing receipts, password resets).
• To improve reliability and performance of the platform.

4. Payment Processing

We use Stripe to process payments. When you provide payment information, it is sent directly to Stripe's servers. Stripe's use of your data is governed by their Privacy Policy. We receive only a payment confirmation and last four digits of your card for display purposes.

5. Data Sharing

We do not sell, rent, or share your personal data with third parties except:

• Stripe — for payment processing.
• GitHub / Bitbucket — OAuth tokens are used to call their APIs on your behalf.
• When required by law or to protect our legal rights.

6. Data Retention

Account data is retained for as long as your account is active. When you delete your account, your personal data and workspace records are removed. OAuth tokens are deleted immediately upon disconnecting the integration.

7. Security

Passwords are hashed using bcrypt. OAuth tokens are stored in a server-side database accessible only to authenticated users. Sessions use HTTP-only, Secure cookies. All traffic is encrypted via HTTPS.

8. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data via your profile page.
• Delete your account and associated data.
• Withdraw consent for OAuth integrations at any time.

9. Cookies

We use a single session cookie to keep you logged in. No third-party tracking or advertising cookies are used.

10. Contact

For privacy-related questions, please contact us at privacy@codeflame.dev.