PRIVACY POLICY

Privacy Policy

Last updated: June 4, 2026

1. Introduction

This Privacy Policy explains how Codron handles your data. It covers the Codron desktop application, the web dashboard at codron.app, and the cloud services we operate on your behalf.

2. Who We Are

Codron is operated by Viva Technologies Lab, LLC, a United States limited liability company. References to "we", "us", or "Codron" in this policy refer to that entity. You can reach us at contact@vivatechlab.com.

3. Information We Collect

We collect only what is required to operate the service.

  • Account data. When you sign in with Google or GitHub we receive your email, display name, and avatar URL from the provider.
  • Project metadata. Project names, mission prompts, engagement history, decisions, operator messages, chat messages, and engagement metrics are stored in our database so the desktop app and web dashboard can share state across your devices.
  • Billing data. If you upgrade to a paid plan, Stripe processes your payment. We store only the Stripe customer and subscription identifiers. We never see your card details.
  • Support content. When you submit a message through the in-app Contact form, the message body, your account id, and a timestamp are stored so we can respond.
  • Optional integrations. If you connect a Telegram bot for notifications, we store the bot token and chat id. If you provide an MCP server entry, the configuration is stored as you supplied it.

4. What Stays on Your Machine

Codron drives the Claude Code (or Codex) command line on your own computer. The contents of the repositories Codron operates on, the diffs it produces, and the tool outputs it observes are processed locally and are not uploaded to our servers. We see only the metadata listed in section 3, plus anything you choose to share explicitly (for example by pasting an excerpt into a support message).

5. How We Use Your Information

  • To authenticate you and keep your session active
  • To synchronize project state across your devices
  • To process subscription payments and manage your plan
  • To respond to support requests you initiate
  • To send notifications you have configured (such as Telegram alerts)
  • To diagnose crashes and improve the service

We do not sell your personal data, and we do not use your project content to train models.

6. Third-Party Services

Codron relies on the following providers. Each operates under its own privacy policy.

  • Supabase for authentication, database, and realtime synchronization
  • Stripe for subscription billing and payment processing
  • Google and GitHub for OAuth sign-in
  • Vercel for web hosting
  • Anthropic, OpenAI as the model providers your local agent talks to. You bring your own subscription or API key, and these providers receive your prompts directly from your machine. We do not proxy your model traffic.
  • Telegram if you opt into bot notifications

7. Storage and Security

Cloud data is stored with Supabase and protected by row-level security policies that restrict each row to its owning account. Auth tokens on the desktop are stored using the operating system's secure credential store (Keychain on macOS and Credential Manager on Windows). Connections between the desktop, the dashboard, and our backend use TLS.

8. Your Rights and Controls

  • You can delete any project from the dashboard. This cascades to its decisions, engagements, operator messages, chat history, and snaps.
  • You can mute notifications globally in Settings, or per project from the project view.
  • You can cancel a paid subscription from the in-app billing portal at any time.
  • To delete your entire account and all associated cloud data, email contact@vivatechlab.com. We will action the request within 30 days.

9. Data Retention

We retain account and project data for as long as your account is active. Cancelling a paid subscription does not delete your data; it only stops billing. Once you delete a project or your account, we remove the data from our active systems within 30 days. Backups are rotated and overwritten on a 30 day cycle.

10. Children's Privacy

Codron is not directed at children under 13, and we do not knowingly collect personal information from anyone under that age. If you believe we have, contact us and we will remove it.

11. International Transfers

Our cloud infrastructure is operated in the United States. By using Codron from outside the United States you consent to your data being processed in the United States.

12. Changes to This Policy

We may update this policy as the service evolves. Material changes will be announced in the dashboard or by email before they take effect. The Last updated date at the top of this page always reflects the current version.

13. Contact

Questions, requests, or concerns? Email contact@vivatechlab.com.

Privacy Policy · Codron