Privacy Policy
Effective 3 July 2026 · CodeHub (codehub.bot)
This policy explains what CodeHub (“CodeHub”, “we”, “us”)
collects, why, and the choices you have. CodeHub is a code-intelligence service that indexes
software repositories into queryable code graphs, available on the web and over the Model
Context Protocol (MCP). Contact: support@codehub.bot.
1. Information we collect
- Account information. When you create an account, our authentication provider
(Clerk Inc.) collects your email address, name, avatar, and sign-in method (email, Google,
GitHub, or GitLab). We receive a unique account identifier and the profile details you share.
- Code-host connections. If you link GitHub or GitLab, the OAuth access token is held
by Clerk, not stored by CodeHub. We retrieve it transiently, only at the moment you list or
index repositories, and discard it when the operation completes. If you provide a personal
access token directly, we store it encrypted-at-rest with restricted file permissions and use
it only for the same purposes.
- Repository content. (a) Public hub: we index publicly available open-source
repositories; the resulting graphs and source excerpts are public. (b) Private
workspaces: when you choose repositories to index, we clone them, compute a code graph
(symbols, relationships, search indexes, and vector embeddings), and store the graph and
source text so that your workspace can serve search and source retrieval. Private workspace
content is visible only through your account and your workspace’s private MCP URL.
- Usage data. Server logs (IP address, request path, timestamp, user agent) for
security, rate limiting, and debugging.
- Cookies. Only essential authentication/session cookies (set by Clerk). No advertising
or cross-site tracking cookies.
2. How we use information
- To provide the service: indexing repositories, serving graphs, search, and MCP queries.
- To secure the service: authentication, abuse prevention, rate limiting, and incident response.
- To communicate with you about your account or material changes to the service.
Legal bases (UK/EU GDPR): performance of a contract (providing the service you signed
up for), legitimate interests (security, abuse prevention, service improvement), and consent
where required.
3. What we do not do
- We do not sell your personal data or your code, and we do not share it for advertising.
- We do not train machine-learning models on your private repository content. Vector
embeddings computed for your workspace are used solely to serve search within that workspace.
- We do not make private workspace content visible to other users or to the public hub.
4. Where your data lives
CodeHub is hosted on Google Cloud Platform in London, United Kingdom (europe-west2).
If you access the service from outside the UK/EEA, your data is processed there. Our
sub-processors may process limited data in other regions as described in their own policies.
5. Sub-processors
- Google Cloud Platform — hosting and storage.
- Clerk Inc. — authentication, account management, and OAuth token custody.
- GitHub, Inc. / GitLab Inc. — we call their APIs with your authorisation to list and
clone the repositories you select.
6. Retention
- Account data: for as long as your account exists.
- Private workspace graphs and source: until you delete the workspace or your account, or ask
us to remove them.
- Server logs: routinely rotated; retained no longer than 30 days except where needed for an
ongoing security investigation.
7. Security
All traffic is encrypted in transit (TLS). Data is encrypted at rest by our hosting provider.
OAuth tokens are held by Clerk and used transiently. Workspace MCP URLs contain a
high-entropy secret and can be rotated at any time from your workspace page — treat them like
API keys. No method of transmission or storage is completely secure; report suspected
vulnerabilities to support@codehub.bot and we will respond promptly.
8. Your rights
Depending on where you live (including under UK GDPR and EU GDPR), you have the right to
access, correct, delete, or export your personal data, to restrict or object to processing, and
to withdraw consent. To exercise these rights, contact support@codehub.bot. You may also lodge
a complaint with your supervisory authority (in the UK, the Information Commissioner’s
Office). If you are a California resident, you have equivalent rights under the CCPA/CPRA,
including the right to know, delete, and correct; we do not sell or share personal information
as those terms are defined in the CCPA.
9. Public repository content
The public hub contains facts computed from publicly available open-source repositories
(symbols, relationships, and source excerpts), which remain subject to their original
open-source licences. If you maintain a repository and want it removed from the public hub,
email support@codehub.bot with the repository URL and we will remove it.
10. Children
CodeHub is not directed at children under 16 and we do not knowingly collect their data.
11. Changes
We may update this policy as the service evolves. Material changes will be posted on this
page with an updated effective date, and where appropriate notified to account holders.
12. Contact
support@codehub.bot