Privacy Policy
Last updated: July 5, 2026
We built Context Engine to index your code, not to collect it. This page explains exactly what we store, why, and how you stay in control.
Scope
This Privacy Policy explains how Context Engine ("we", "us"), operated by codesay.ai, collects, uses, and protects information when you use our website, dashboard, and the remote MCP service accessed via an API key (together, the "Service"). It does not apply to third-party sites we link to.
Data we collect
Account information: when you sign in with GitHub OAuth, we receive your GitHub username, email address, and avatar URL. Usage data: API key identifiers, call counts, latency, and error logs, used for billing and abuse prevention. Query content: the natural-language queries and file paths your agent sends to codebase_context are processed to return results and are never sold or shared for advertising. Payment data: subscription payments are processed by our payment provider, Creem — we never see or store your card number.
Cookies and advertising
We use a small number of strictly necessary cookies to keep you signed in (session cookies) and to remember your language/theme preference. If we enable third-party advertising (for example, Google AdSense) on this site, Google and its advertising partners may use cookies to serve and measure ads, including personalized ads based on your visit here and other sites. You can opt out of personalized advertising at Google's Ad Settings (adssettings.google.com) or via aboutads.info. We will update this section with a full vendor list before any ad service goes live.
How we use it
We use the information above to operate and secure the Service, enforce usage quotas, process payments, and respond to support requests. We use feedback signals (not the underlying code) to improve retrieval quality, and we never sell your code or share it with third parties to train AI models.
Third parties we rely on
Running the Service relies on a small number of processors: GitHub (authentication), Creem (payment processing), and our cloud infrastructure provider (hosting and data storage). Each only receives the data it needs to perform its function. If third-party advertising or analytics is enabled, that provider will be added here.
Retention, deletion, and security
Each API key maps to an isolated workspace; repositories, indexes, and usage data are never visible across tenants. You can rotate a key at any time — the old key stops working immediately. Deleting a project stops service immediately and voids remaining quota; the underlying data is removed per our retention schedule. All uploads are verified by content hash and path-boundary checks before being indexed.
Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing, including opting out of personalized advertising. To exercise any of these rights, email us at the address below — we will respond within a reasonable time.
Children's privacy
The Service is not directed at children under 13 (or the minimum age required by your local law), and we do not knowingly collect personal information from them. If you believe a child has provided us data, contact us and we will delete it.
Changes to this policy
We may update this Privacy Policy as the Service evolves. Material changes will be reflected by updating the date at the top of this page; where required, we will also notify you by email or an in-product notice.
Contact us
Questions about this policy or your data? Email [email protected].