Privacy Policy

Overview

CodeAndSystem.ai is a desktop application for interview prep and a supporting website. This policy describes what data the app and site handle, where that data goes, and what control you have over it. It applies to both the direct download and the Microsoft Store distribution of the Windows build.

The short version: your problem content stays on your device unless you trigger an action that sends it. When you do, it goes to an LLM provider (OpenAI or Anthropic) using either your own API key or, on paid plans, an in-memory key provisioned from our server. Our servers receive only the minimum needed for authentication, billing, trial limits, and basic product analytics — never your prompts, responses, screenshots, or clipboard contents.

Data Captured on Your Device

Screen captures: The app captures screenshots only when you press a hotkey or click a capture control. Captures are held in memory on your device and used to build the prompt sent to your selected LLM provider. The app does not run a continuous background screen recorder, and captured images are not written to disk by the app.

Clipboard text: When you explicitly trigger a clipboard-based action, the app reads the current clipboard contents (up to a 50 KB limit) and includes them in the prompt sent to your LLM provider. The app does not monitor the clipboard in the background.

Window metadata: To help you choose what to capture, the app enumerates visible windows and reads their titles and geometry. This metadata stays on your device and is not transmitted to our servers.

No other OS data: The app does not access the microphone, camera, accessibility APIs, or capture keystrokes. Global hotkeys are registered through standard OS APIs, not raw key logging.

Screen-Share Visibility (Privacy Mode)

The app includes a screen-share-resistant window mode. How strong that protection is depends on your operating system:

Windows: the app calls SetWindowDisplayAffinity with WDA_EXCLUDEFROMCAPTURE, a native kernel-level exclusion. Compositors, screen-share tools, and recorders see an empty region where the app is drawn.

macOS and Linux: there is no equivalent native API. The app draws an overlay and tries to detect known recording processes, but this is a best-effort mitigation, not a guarantee. Treat the macOS and Linux builds as providing visual discretion, not kernel-enforced privacy.

API Key Storage

If you bring your own API key, the app stores it on your device using the first available of the following, in order:

1. OS keychain: your platform's secret store — macOS Keychain, Windows Credential Manager, or the Linux Secret Service.

2. Encrypted file fallback: if no OS keychain is available, the key is written to a local file encrypted with AES-256-GCM using a key derived on your device. The file is created with user-only (0600) permissions on Unix systems.

3. Environment variable: the app will also read a key from an environment variable if you choose to provide one that way.

Your own API key is never sent to CodeAndSystem.ai servers. It is used exclusively by the app on your device to call the LLM provider directly.

Paid-plan pool keys: On paid plans, the CodeAndSystem.ai server can provision a shared LLM API key to your app at sign-in, so you can use the product without bringing your own key. These pool keys are delivered in the sign-in response, held only in memory on your device, and discarded when the app exits. They are never written to disk.

Data Sent to LLM Providers

When you trigger a solve action, the app sends the following from your device directly to OpenAI or Anthropic: the captured screenshot and/or clipboard text, any extracted problem text, and the prompt used to produce a response. Requests are sent directly to the provider's API — CodeAndSystem.ai does not proxy or retain a copy of this traffic.

The app supports a curated set of OpenAI and Anthropic models. The current model list is shown on the pricing and features pages. OpenAI and Anthropic operate their own infrastructure and retention policies, and your use of their APIs is governed by their terms and privacy documentation.

Data Sent to CodeAndSystem.ai Servers

Account: when you sign in with Google or GitHub, we receive your email address, display name, and the OAuth provider user ID. We store these in Supabase to identify your account across sessions and devices.

Sessions: the app exchanges an OAuth authorization code with our servers at /api/session/start and refreshes long-lived access at /api/session/refresh. To keep you signed in, the server stores hashed refresh tokens tied to your account — the raw tokens only exist on your device and are rotated during normal use.

Subscription: Stripe handles all payment processing. We never see or store card numbers. From Stripe we store your subscription status, plan, and current period end so the app knows whether your subscription is active.

Trial usage: during the free trial the app reports minimal events to /api/usage/report so we can enforce limits. Each event contains the event type (for example llm_call), the model name, a Unix timestamp, and the install channel (direct or msix-store). No prompt content, screenshot bytes, clipboard contents, or LLM response content is included.

Problem events: when you complete a problem, the app sends the problem ID, category, solve timestamp, and install channel to /api/usage/problem-event. This powers the public aggregate statistics on our trending problems page. It does not include your solution, your prompt, or the LLM response.

Version check: the app periodically fetches /api/version/latest to find out whether a new release is available. This is a plain GET request that reveals your IP address to our server, as any HTTP request does, and contains no additional data.

Waitlist (when enabled): if the site is running in waitlist mode, we collect only the email address you submit and use it once to notify you at launch. You can ask us to delete it at any time.

Local Data on Your Device

In addition to API keys, the app keeps a small amount of local state in its platform config directory — your cached email, a cached trial-status snapshot so the app works briefly offline, and application settings. Stderr logs written by the app stay on your device and are not transmitted.

To remove all locally stored data, delete the CodeAndSystem.ai config directory for your platform (typically under ~/Library/Application Support on macOS, %APPDATA% on Windows, and ~/.config on Linux) and sign out of any active sessions. You can also remove stored API keys from within the app's Settings screen.

Website Analytics

The marketing site uses Cloudflare Web Analytics as our primary analytics tool. It is cookie-less, does not fingerprint visitors, and does not store full IP addresses.

Advertising & Conversion Measurement

When we run Google Ads campaigns, the site loads the Google Ads conversion tracking pixel (gtag.js) via googletagmanager.com. This lets us measure how many ad clicks result in a download or a purchase, so we can evaluate campaign effectiveness.

What is sent to Google: When a conversion event fires — on /download (trial signup) and /checkout/success (purchase) — Google receives the page URL, the conversion event name, a transaction ID used for deduplication, and the purchase value (for checkout only). No personally-identifying information, no screen content, and no LLM prompts or responses are included in these events.

Cookies: gtag.js sets first-party cookies with approximately 90-day retention (the Google Ads default). These cookies help Google attribute conversions to the correct ad click.

Opting out: You can opt out of Google Ads measurement at adssettings.google.com, or by installing the Google Ads opt-out browser add-on. Standard ad-blocking browser extensions also block googletagmanager.com naturally. The pixel is only active when we have an active Google Ads campaign configured; if no campaign ID is set, the script is not loaded.

Cloudflare Web Analytics remains our primary analytics tool and continues to run in parallel as the privacy-friendly behavioral analytics layer.

Microsoft Store Distribution

The Windows build is available both as a direct download and through the Microsoft Store as an MSIX package. Installing from the Store shares the standard install metadata Microsoft collects for any Store app; it does not give Microsoft any additional visibility into your use of CodeAndSystem.ai. The app behaves the same on both channels, except that telemetry events are tagged with msix-store instead of direct so we can understand how installs are split.

Data Retention

Account and subscription data: kept while your account exists. Deleted on request or when you close your account.

Trial usage events: retained while relevant to enforcing trial limits and for basic aggregate analytics. Deleted with your account.

Problem events: retained to compute aggregate problem statistics. The per-user rows are deleted when you delete your account; anonymized aggregate counts that no longer identify you may remain.

Refresh tokens: rotated during normal use and invalidated on sign-out or account deletion.

Your Rights

Regardless of where you live, you can email us to access the personal data we hold about you, correct it if it is wrong, export a copy, or delete your account and associated data. If you are in the EU or UK, these map to your rights under GDPR Articles 15, 16, 17, and 20. If you are in California, they map to your rights under Cal. Civ. Code § 1798.100 et seq. We do not sell or share personal information for cross-context behavioral advertising.

To exercise any of these rights, email support@codeandsystem.ai. We will respond within 30 days.

International Transfers

The website runs on Cloudflare Workers, which serves responses from the location closest to you. Supabase hosts the database we use for account and subscription data. Stripe processes payments. OpenAI and Anthropic process LLM requests you initiate. These providers principally operate in the United States; using the product means your data may be transferred to and processed there.

Children

CodeAndSystem.ai is intended for adult software engineers preparing for technical interviews. It is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, email us and we will delete it.

Changes to This Policy

If we make material changes, we will update the date at the top of this page and, for changes that affect how we handle existing user data, notify signed-in users by email. Continued use of the app or site after an update means you accept the revised policy.

Contact

Questions, requests, or complaints about this policy go to support@codeandsystem.ai.