A
ACE Platform

ACE Platform Privacy Policy

Effective Date: December 1, 2025 · Version: 1.0.0

1. Introduction

This Privacy Policy explains how Code Engine ("Company", "we", "us", or "our") collects, uses, and protects your personal data when you use the ACE (Agentic Context Engineering) platform ("Service").

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller: Code Engine
Email: privacy@code-engine.app

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Organization name
  • Password (stored hashed, never in plain text)

2.2 Execution Trace Data

When you use the Service, you submit:

  • Task descriptions - Text describing coding tasks
  • Execution steps - Sequence of actions taken (tool calls, code snippets)
  • Results - Outcomes of task execution (success/failure, outputs)
  • Playbook references - Which patterns were consulted

Important: You control what data you submit. Do not submit personally identifiable information (PII) of others, credentials, API keys, or secrets, or sensitive business data you do not have rights to process.

2.3 Derived Data (Patterns)

Our AI processes your execution traces to generate:

  • Coding patterns and insights
  • Confidence scores and usage statistics
  • Semantic embeddings for similarity matching

2.4 Technical Data

We automatically collect:

  • IP addresses
  • Browser/client type and version
  • API request timestamps
  • Usage metrics (features used, API calls made)

2.5 Cookies and Tracking

Our website uses:

  • Essential cookies - Required for authentication and security
  • Analytics cookies - To understand usage patterns (with consent)

3. How We Use Your Data

3.1 Primary Purposes

PurposeLegal Basis (GDPR)
Providing the ServiceContract performance (Art. 6(1)(b))
Account managementContract performance (Art. 6(1)(b))
AI pattern generationContract performance (Art. 6(1)(b))
Security and fraud preventionLegitimate interest (Art. 6(1)(f))
Legal complianceLegal obligation (Art. 6(1)(c))

3.2 AI Processing

Your data is processed by AI systems:

AI ComponentModelPurposeData Processed
ReflectorClaude Sonnet (Anthropic)Analyze traces, identify patternsExecution traces
CuratorClaude Haiku (Anthropic)Merge and deduplicate patternsPattern content
EmbeddingsSentence TransformersSemantic similarityPattern text

Your Rights Regarding AI Processing

  • You can disable automatic AI learning in settings
  • You can review all AI-generated patterns
  • You can delete any pattern
  • You can request human review of AI decisions

3.3 What We Do NOT Do

  • We do NOT sell your data
  • We do NOT share data between customers
  • We do NOT use your data to train our own AI models
  • We do NOT use your patterns to benefit other users

4. Data Sharing

4.1 Third-Party Processors

We share data with these processors:

ProcessorPurposeLocationSafeguards
AnthropicAI model inferenceUSAStandard Contractual Clauses
ClerkAuthenticationUSAStandard Contractual Clauses
VercelWebsite hostingEU/USAStandard Contractual Clauses
Logfire (Pydantic)ObservabilityEUData Processing Agreement

5. Data Retention

Data TypeRetention PeriodDeletion
Account dataWhile account active30 days after account deletion
Execution tracesUntil project deletedImmediate upon project deletion
PatternsUntil project deletedImmediate upon project deletion
Technical logs90 daysAutomatic
Audit logs1 yearAutomatic

Right to Deletion: You can delete your account and all associated data at any time via the Website settings or by contacting us.

6. Data Security

We implement appropriate technical and organizational measures:

6.1 Technical Measures

  • Encryption in transit (TLS 1.3)
  • Encryption at rest (AES-256)
  • API token hashing (SHA-256)
  • Multi-tenant data isolation
  • Regular security audits

6.2 Organizational Measures

  • Access controls and least privilege
  • Employee security training
  • Incident response procedures
  • Regular security reviews

7. Your Rights (GDPR)

Under GDPR, you have the following rights:

RightDescriptionHow to Exercise
AccessObtain a copy of your dataSettings > Export Data
RectificationCorrect inaccurate dataSettings > Profile
ErasureDelete your dataSettings > Delete Account
RestrictionLimit processingContact us
PortabilityReceive data in machine-readable formatSettings > Export Data
ObjectObject to processing based on legitimate interestContact us
Withdraw ConsentWithdraw consent for optional processingSettings > Privacy
ComplaintLodge complaint with supervisory authoritySee Section 11

Response Time: We will respond to requests within 30 days.

8. International Transfers

Your data may be transferred to countries outside the EEA (specifically, the USA for AI processing via Anthropic and authentication via Clerk).

Safeguards: Standard Contractual Clauses (SCCs), Data Processing Agreements, and assessment of recipient country's data protection adequacy.

9. Automated Decision-Making

The Service uses AI to make automated decisions about pattern retention and similarity. For ACE, pattern decisions do not have legal or similarly significant effects on you.

However, you can override any AI decision via the management interface, request human review by contacting us, or disable automatic learning entirely.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect data from children. If we learn we have collected data from a child, we will delete it promptly.

11. Supervisory Authority

If you believe we have violated your data protection rights, you have the right to lodge a complaint with a supervisory authority.

For the Netherlands:
Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
https://autoriteitpersoonsgegevens.nl

For other EU countries: You may contact your local Data Protection Authority.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or Website notice. The "Last Updated" date at the top indicates when changes were made.

13. Contact Us

For privacy-related inquiries:

Data Protection Contact:
Email: privacy@code-engine.app
Subject line: "Privacy Inquiry - ACE"

General Contact:
Website: https://code-engine.app
Support: support@code-engine.app

By using the ACE Platform, you acknowledge that you have read and understood this Privacy Policy.