Privacy Policy

This Policy applies to personal information we process about (a) visitors to our website; (b) users of the Takeover application; (c) representatives of customers and prospective customers; and (d) end users whose information you process through the Service.

For information you process through the Service in connection with your business operations (“Customer Data”), we act as a service provider (under CCPA/CPRA) or processor (under GDPR), and you act as the business or controller. Our processing of Customer Data is governed by your agreement with us, including any Data Processing Addendum.

2.1 Information You Provide

• a)Account information: name, email address, organization, role, password hash, billing contact.
• b)Payment information: processed by our payment processor (Stripe). We do not store full card numbers.
• c)Communications: messages you send to us (support requests, sales inquiries, feedback).
• d)Voice input: voice recordings you provide to AXON for command processing. Where voice authentication is enabled, a voice print is created and stored locally on your device.
• e)Screen content: where you enable AXON screen vision, screenshots or screen frames are processed to provide context-aware responses. Screen content is processed locally where feasible; remote processing requires explicit consent.
• f)Customer Data: any data you submit to the Service in the course of your business operations.

2.2 Information Collected Automatically

• a)Device and usage information: operating system, application version, crash reports, performance metrics, feature usage events.
• b)Log information: IP address, timestamps, error logs, and API call metadata when the application communicates with our servers.
• c)Cookies and similar technologies: on the website, we use a minimal set of strictly necessary cookies; analytics cookies are used only with consent where required.

2.3 Information from Third Parties

• a)Integration providers (e.g., Plaid for banking, Stripe for payments, calendar providers, identity providers) — only the data you authorize them to share.
• b)Model providers (Anthropic, OpenAI) — when the Service uses these providers, the relevant prompts and context are transmitted to the provider as required to generate responses.
• c)Publicly available sources, where relevant (e.g., publicly listed company information for enrichment features you enable).

We use personal information to:

• a)Provide, maintain, secure, and improve the Service;
• b)Authenticate users and prevent fraud, abuse, or unauthorized access;
• c)Execute the actions you instruct AXON to perform, including communications, transactions, and integrations;
• d)Provide customer support and respond to inquiries;
• e)Process payments and manage billing;
• f)Send service-related communications (e.g., security alerts, transactional emails);
• g)Send marketing communications, with your consent where required, and always with an opt-out;
• h)Comply with legal obligations, enforce our Terms, and protect our rights.

We do not sell personal information. We do not use Customer Data to train AI models for any purpose other than providing the Service to you, and we do not share Customer Data with third parties for their own marketing purposes.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases:

• a)Performance of a contract — to provide the Service you have requested;
• b)Legitimate interests — to secure the Service, prevent fraud, improve the product, and conduct ordinary business operations, where not overridden by your rights;
• c)Consent — for optional features such as marketing communications, certain analytics, and biometric processing;
• d)Compliance with legal obligations — to meet our regulatory, tax, and audit obligations.

We disclose personal information to:

• a)Subprocessors and infrastructure providers, including cloud hosting (Supabase, Upstash), payments (Stripe), email delivery, error monitoring, and analytics, in each case bound by data protection terms;
• b)Model providers (Anthropic, OpenAI) — for inference where you have enabled cloud reasoning;
• c)Integration providers (Plaid, calendar/email providers, MCP servers) — for the integrations you have connected;
• d)Professional advisors (legal, accounting, audit) under confidentiality;
• e)Government, law enforcement, or other parties where required by law, subpoena, or court order, or where necessary to protect our rights or the safety of others;
• f)Acquirers and successors in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction.

A current list of our subprocessors is available on request at unfold@codewithali.com.

If you are a California resident, you have the following rights, subject to verification of your identity:

• a)Right to know what categories and specific pieces of personal information we have collected, the sources, the purposes for collection, and the categories of third parties to whom we have disclosed it;
• b)Right to delete personal information we have collected, subject to certain exceptions;
• c)Right to correct inaccurate personal information;
• d)Right to opt out of the sale or sharing of personal information — we do not sell or share (as defined under CCPA/CPRA) personal information;
• e)Right to limit use and disclosure of sensitive personal information;
• f)Right to non-discrimination for exercising your rights.

To exercise these rights, contact us at unfold@codewithali.com. We may need to verify your identity before fulfilling your request. You may also designate an authorized agent to make a request on your behalf.

6.1 Categories of Personal Information (CCPA/CPRA Disclosure)

In the preceding twelve (12) months, we have collected the following categories of personal information: identifiers; commercial information; internet or electronic network activity; geolocation data (general, IP-based); audio (voice input); professional or employment-related information; and inferences drawn from the foregoing. We have disclosed each of these categories to the third parties described in Section 5 for the purposes set forth in Section 3.

If you are in the EEA, UK, or Switzerland, you have the following rights, subject to verification and applicable exceptions:

• a)Access — to obtain a copy of your personal data;
• b)Rectification — to correct inaccurate personal data;
• c)Erasure — to request deletion, subject to legal exceptions;
• d)Restriction — to limit our processing in certain circumstances;
• e)Portability — to receive your data in a structured, commonly used format;
• f)Objection — to object to processing based on legitimate interests;
• g)Withdrawal of consent — where processing is based on consent;
• h)Lodging a complaint — with your local supervisory authority.

Where you enable voice authentication, the Service creates a mathematical representation of your voice (a “voice print”). Voice prints are biometric identifiers under several U.S. state laws, including the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act, and the Washington Biometric Privacy Act.

• a)Voice prints are created only with your explicit enrollment;
• b)Voice prints are stored locally on your device by default and are not transmitted to CodeWithAli;
• c)Voice prints are used solely for authentication;
• d)You may delete your voice print at any time through the application settings.

If you reside in Illinois, by enabling voice authentication you provide your written consent to the collection, storage, and use of your voice print as described in this Section.

The Service is not directed to children under sixteen (16) and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.

CodeWithAli is based in the United States. If you are located outside the United States, personal information may be transferred to and processed in the United States or other jurisdictions that may not provide the same level of data protection as your jurisdiction. Where required, we rely on appropriate transfer mechanisms, including the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, and other lawful safeguards.

We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS 1.3) and at rest (AES-256), least-privilege access controls, hardware-backed credential storage where available, and continuous monitoring. No method of transmission or storage is 100% secure; you use the Service at your own risk and should maintain your own security practices.

In the event of a security incident affecting your personal information, we will notify you and applicable regulators where required by law.

We retain personal information only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by category of data; account information is generally retained for the duration of your relationship with us plus a reasonable period thereafter. Customer Data is retained as set forth in your order form.

Our website uses a minimal set of strictly necessary cookies for session management and security. We do not use third-party advertising cookies. Where required by law (e.g., the EU ePrivacy Directive), we obtain consent before placing non-essential cookies. You can control cookies through your browser settings.

We honor Global Privacy Control (GPC) signals as a valid opt-out request under CCPA/CPRA.

Some browsers transmit “Do Not Track” signals. We do not currently respond to DNT signals because no industry standard for DNT has been adopted. We do honor GPC signals as described above.

We may update this Policy from time to time. When we do, we will revise the “Last Updated” date above and, if changes are material, provide additional notice (such as an in-app notice or email). Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

For questions, requests, or complaints regarding this Policy or our privacy practices, contact:

CodeWithAli
Attn: Privacy
California, USA
unfold@codewithali.com

EU/UK residents: you also have the right to lodge a complaint with your local supervisory authority. California residents: you may contact the California Attorney General's office.