Privacy Policy

Last updated: March 14, 2026

1. Introduction

codrsync is operated by Epic Holding Ltda ("we", "our", or "us"), headquartered in Curitiba, Parana, Brazil. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service at codrsync.dev and our CLI tool, in compliance with the Brazilian General Data Protection Law (LGPD — Lei 13.709/2018).

Data Controller: Epic Holding Ltda
Contact: privacy@codrsync.dev

2. Information We Collect

Account Information: When you create an account, we collect your email address, name, and profile information from your authentication provider (GitHub or Google).

Billing Information: When you subscribe to a paid plan, we collect billing information through our payment providers (Stripe for card payments, ASAAS for PIX payments in Brazil). We do not store your full card number or banking details — these are handled directly by the payment provider.

CPF/CNPJ: For PIX payments in Brazil, we collect your CPF or CNPJ as required by Brazilian payment regulations. This data is shared with ASAAS for payment processing only.

Usage Data: We collect information about how you use our service, including API calls, storage usage, and feature interactions.

Project Data: Files and content you upload to our cloud workspaces are stored securely and associated with your account.

3. Legal Basis for Processing (LGPD Art. 7)

We process your personal data based on the following legal grounds:

  • Contract performance: To provide the services you subscribed to (account management, workspace provisioning, billing)
  • Legitimate interest: To improve our services, prevent fraud, and ensure security
  • Legal obligation: To comply with tax, accounting, and regulatory requirements
  • Consent: For optional analytics cookies and marketing communications (you may withdraw consent at any time)

4. How We Use Your Information

  • To provide and maintain our service
  • To authenticate your identity and manage your account
  • To process your transactions and manage your subscription
  • To send you service-related communications
  • To improve and optimize our service
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

5. Data Storage and Security

Your data is stored on secure servers provided by our infrastructure partners. We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security audits.

Data location: Your data may be stored in data centers located in the United States and Europe. By using the Service, you consent to this international transfer of data, which is conducted with appropriate safeguards as required by LGPD.

6. Third-Party Services and Data Sharing

We share your data with the following third-party services, strictly as needed to provide the Service:

  • Supabase: Authentication and database (US)
  • Hetzner: Cloud workspace hosting (Germany)
  • Vercel: Web hosting and CDN (US)
  • Stripe: Card payment processing (US) — subject to Stripe's Privacy Policy
  • ASAAS: PIX payment processing (Brazil) — subject to ASAAS's Privacy Policy
  • Resend: Transactional emails (US)
  • GitHub/Google: OAuth authentication

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

7. Cookies and Tracking

We use the following types of cookies:

  • Essential cookies: Required for authentication, session management, and language preferences. These cannot be disabled as they are necessary for the Service to function.
  • Analytics cookies: Used to understand how you interact with the Service and improve your experience. These are only set with your consent.

You can manage your cookie preferences at any time through the cookie settings banner on our website. Essential cookies will remain active as they are required for the Service.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide you services. Specific retention periods:

  • Account data: Retained while your account is active, deleted within 30 days of account closure
  • Workspace data: Subject to tier-based retention (7–60 days after inactivity for archival)
  • Billing records: Retained for 5 years as required by Brazilian tax law
  • Analytics data: Anonymized after 12 months

9. Your Rights (LGPD Art. 18)

Under the Brazilian LGPD, you have the right to:

  • Confirmation and access: Confirm whether we process your data and access it
  • Correction: Request correction of inaccurate or outdated data
  • Anonymization or deletion: Request anonymization, blocking, or deletion of unnecessary data
  • Portability: Request transfer of your data to another provider
  • Information about sharing: Know which third parties we share your data with
  • Consent withdrawal: Withdraw consent for optional data processing at any time
  • Opposition: Object to processing that violates the LGPD

To exercise any of these rights, contact us at privacy@codrsync.dev. We will respond within 15 days as required by law.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service and update the "Last updated" date. Continued use after changes constitutes acceptance of the updated policy.

12. Contact and Complaints

For questions about this Privacy Policy or to exercise your data rights: privacy@codrsync.dev

If you believe your data protection rights have been violated, you may file a complaint with the Brazilian National Data Protection Authority (ANPD) at www.gov.br/anpd.

Epic Holding Ltda — Curitiba, PR, Brazil