Privacy Policy

Codelifter ("the Extension") is a Chrome browser extension that converts web page elements into React + Tailwind CSS code. We take your privacy seriously. This policy explains what data we collect, how it is used, and how it is protected.

The use of information received from Google APIs complies with the Chrome Web Store User Data Policy, including the Limited Use requirements.

1. DOM Structure

When you select an element or a full page for conversion, the Extension serializes the DOM tree of the selected area — including HTML tags, computed CSS styles, layout geometry (width, height, position), and visible text content. This data is transmitted to our Vercel proxy server, which forwards it to AI services (Anthropic Claude Sonnet, HuggingFace Qwen2.5-Coder) solely to generate code. The transmitted DOM data is deleted immediately after code generation is complete and is not stored permanently on our servers.

2. Screenshots

The Extension captures a screenshot of the selected element during conversion for visual analysis by the AI model. Screenshots are processed transiently and are never stored permanently.

3. API Keys (Optional BYOK)

Codelifter works with no API key — by default all AI processing is handled through our server proxy. Optionally, you may supply your own Anthropic API key (Bring Your Own Key). If you do, the key is stored only in chrome.storage.local on that single device (never synced via chrome.storage.sync), sent only as the "x-anthropic-key" request header to our proxy and forwarded to Anthropic for that single conversion request, then discarded — it is never written to our database or logs. You can remove the key at any time in Settings.

4. Account & Authentication Data

When you sign in, we store your email address and a user UUID in Supabase to authenticate your session and authorize the API calls tied to your subscription tier. Anonymous use (without signing in) is supported on the Free tier and does not create an account record. Session tokens (Supabase-issued JWTs) are kept in chrome.storage.local and, on the website, in secure cookies.

5. Subscription & Payment

Note: Pro subscription is available at $9/month or $99 lifetime. Payments are processed by Lemon Squeezy (Merchant of Record).

Pro subscription is managed and processed securely by Lemon Squeezy. We do not handle or store credit card numbers. Payment data is subject to Lemon Squeezy's Privacy Policy.

6. Usage Metadata

We collect the following usage data to understand product usage and enforce quotas:

• Authenticated users: monthly conversion counter stored in Supabase, linked to your user account
• Anonymous users: IP address hashed with SHA-256 + rotating salt (original IP is never stored)
• Error reports via Sentry with PII masking (email addresses, file paths, and tokens are stripped before transmission via beforeSend)

We process the data listed above strictly for the following purposes. We do not use any of this data for advertising, profiling, creditworthiness scoring, or training third-party AI models.

• Code generation — DOM and CSS of the element you convert are sent to our AI providers (Anthropic Claude, HuggingFace Qwen) solely to produce the returned React/Vue/Svelte component. The request payload is not retained after the response is sent.
• Quota enforcement — authenticated users: monthly conversion counter linked to your Supabase account; anonymous users: salted SHA-256 hash of IP to rate-limit abuse (the original IP is never stored).
• Account authentication — Supabase stores your email and user UUID to authenticate sign-in and authorize the API calls tied to your subscription tier.
• Payment processing — if you subscribe to Pro or Lifetime, Lemon Squeezy (Merchant of Record) handles card data directly; we only receive a subscription status tied to your user UUID.
• Security — the pairing token used by the optional MCP server is stored locally (chrome.storage.local and CLI config file chmod 600) to authenticate local WebSocket upgrades; it is never transmitted to our servers.
• Error monitoring — Sentry receives crash reports with on-device PII masking (emails, IPs, JWTs, hex64 tokens stripped via beforeSend) solely for diagnosing production failures.

Data is stored and transmitted with the following safeguards:

• All network transfer uses HTTPS (TLS 1.2+). Requests to our own API go to codelifter.vercel.app only.
• Authentication uses Supabase-issued JWT tokens; session tokens are stored in chrome.storage.local and browser cookies with secure/httpOnly flags where applicable.
• PII filtering runs entirely on your device before any DOM payload leaves the browser.
• The optional MCP server binds exclusively to 127.0.0.1 and enforces crypto.timingSafeEqual pairing-token checks, with a 3-strike 10-minute lockout.
• API keys for AI providers are held on our server only — never shipped in the extension or exposed to the client.

Before any DOM data is sent to an AI server, the Extension automatically detects and removes Personally Identifiable Information (PII) found in text content. This filtering runs entirely on-device before any data leaves your browser:

• Email addresses → [email]
• Phone numbers (international & Korean formats) → [phone]
• Credit card numbers → [card-number]
• Korean resident registration numbers → [ssn]

Collected data is never sold, shared, or transferred to third parties beyond the AI providers listed in the Data Sharing section.

When the Extension uses Chrome's built-in on-device AI (e.g., Prompt API, Summarization API), all processing occurs locally on your device. No data is transmitted to external servers for these operations.

We do not sell, share, or transfer your personal data to third parties, except in the following limited circumstances:

• AI providers: DOM snapshots are routed through our Vercel proxy server to Anthropic (Claude Sonnet) and HuggingFace (Qwen2.5-Coder) solely for code generation.
• Supabase: User authentication, subscription status, conversion history, rate-limit counters, and error logs are stored in Supabase (USA). Supabase is our primary database and authentication provider.
• Lemon Squeezy: For subscription management and payment processing (Merchant of Record — handles tax, refunds, and PCI compliance on our behalf).
• Sentry: Error reports with PII masking are sent to Sentry for crash monitoring and debugging.
• PostHog: Anonymous usage data (framework selection, conversion success/failure, install/session/first-conversion funnel events, model used, tokens used, duration, whitelist-labelled client errors) is sent for product improvement. PII scrubbing (URL hostname, error labels, anonymized stack paths) is applied before transmission. A single `consent_declined` event is sent when a user declines, so opt-out rates are visible — afterward no further data is sent.
• Legal requirements: If required by law or valid legal process.

The Extension does not use cookies, tracking pixels, or third-party analytics scripts. The website uses a single setting cookie (cl_locale) to remember your language preference.

Codelifter v1.0.3 introduces optional telemetry collection.

Anonymous usage data is sent to PostHog and Sentry after user consent. No data is transmitted if consent is not given.

Purpose

• Understand conversion usage patterns (framework selection, success/failure, model used, tokens used, duration)
• Funnel analysis: extension installed, first session, first successful conversion
• Anonymous error monitoring (whitelist-labelled error events)
• Capture an explicit signal when a user declines telemetry, so opt-out rates are visible
• Sentry crash reports with PII scrubbing for production debugging

What We Do NOT Collect

• Content of pages you convert (DOM, text)
• Browsing activity in other tabs
• Personal identifying information (name, email, phone, etc.)

PII Protection Measures

• URL: Only hostname transmitted (path/query/fragment removed)
• Stack trace: Local paths (file://, chrome-extension://) anonymized
• Errors: Converted to whitelist-based labels (rate_limited, unauthorized, etc.)
• autocapture: false — No automatic click tracking

Opt-Out

You can change your consent status anytime in Settings > Privacy. Note: Withdrawing consent stops all future telemetry, but data already received by PostHog/Sentry cannot be retroactively deleted from their servers.

DOM snapshots and screenshots are processed transiently and are not stored on our servers after the API response is returned.

Authenticated user conversion counts are retained in Supabase for as long as your account exists. Anonymous IP hashes are rotated monthly. Error logs in Sentry are retained for 90 days.

Payment-related records (subscriptions: lemonsqueezy_subscription_id, paid_at, status; payment_events: Lemon Squeezy webhook history including raw_payload) are retained for 5 years in accordance with Article 6 of the Korean Consumer Protection in E-Commerce Act. Records exceeding the retention period are automatically purged by a monthly cron (1st day of each month, 06:00 KST).

Since we do not maintain a persistent user database for anonymous users, there is generally no personal data stored on our servers that we can retrieve or delete on request. Authenticated users may request account deletion by contacting us. For any concerns regarding data processed by our AI providers, please refer to their respective privacy policies.

The Extension is not directed at children under 13. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. We will notify users of significant changes by updating the "Last updated" date at the top of this page. Continued use of the Extension after changes constitutes acceptance of the updated policy.

When you enable the MCP server in Developer integrations settings, Codelifter starts a local WebSocket server bound exclusively to localhost:12307.

• The server is accessible only from processes on your local machine — external network access is blocked at the OS network layer.
• The x-codelifter-token header must be included in the WebSocket upgrade request and must match the pairing token shown in extension settings. Requests without a valid token are rejected immediately. Three consecutive failed attempts trigger a 10-minute block.
• Web pages cannot call the MCP server directly via fetch() or XMLHttpRequest because the browser's CORS policy blocks cross-origin requests to localhost without an explicit CORS header — which Codelifter does not set.
• Data transmitted through the MCP server follows the same path as the standard /api/transform route described in "Data We Collect" above. No additional data is sent.
• The pairing token can be regenerated at any time from extension settings. Regenerating the token immediately invalidates any previously connected MCP clients.
• The Codelifter CLI's local MCP server binds exclusively to 127.0.0.1:12307 and is never exposed to external networks.
• Authentication is performed solely with the user's own pairing token. The token is never transmitted to Codelifter's servers.
• The extension and CLI communicate directly on-device. DOM data collected during conversion is not stored on our servers outside of the standard /api/transform path described in "Data We Collect" above.

In accordance with Article 31 of the Korean Personal Information Protection Act, the Company designates the following officer responsible for overseeing all personal information processing matters and protecting users' personal information.

• Name: Jang Hyeok (Representative)
• Title: Representative / Personal Information Protection Officer
• Email: jh0580jh@tididig.com
• Phone: +82 10 4567 1569

Users may direct any privacy-related inquiries, complaints, or remedy requests arising from the use of the Service to the Protection Officer. The Company will respond and address such inquiries without delay.

If you have questions or concerns about this Privacy Policy, please contact us at:

Email: jh0580jh@tididig.com