Last updated May 9, 2026
This Privacy Policy explains how nascoder, Inc. (“nascoder,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you use the website at app.nascoder.com and the AI chat service offered there (the “Service”). By using the Service, you acknowledge that you have read and understood this policy. This policy is supplemental to, and incorporated by reference into, our Terms of Service.
We collect information in the following categories.
Authentication for the Service is performed by Auth0, Inc. (“Auth0”). When you sign up, Auth0 supplies us with the email address and display name associated with your chosen identity provider, together with a stable user identifier. We do not receive your password. If you sign in via a social identity provider, we may receive additional profile information that the provider chooses to share, such as a profile picture, but only the email address and display name are required to create an account. Your Auth0 credentials, multi-factor settings, and authentication history are managed within Auth0 in accordance with its own privacy practices.
The prompts you submit, the files you attach, and the model responses generated for you are stored in our application database for the purpose of presenting your conversation history within the Service. We refer to this collectively as “Conversation Content.” Conversation Content is associated with your account and is accessible to you through the Service.
We log events related to your use of the Service, including the model selected for each request, the timestamp of the request, input and output token counts, response latency, error codes, and a request identifier. These events power your usage dashboard, billing, and capacity planning, and allow us to detect abuse and investigate operational issues.
If you subscribe to a paid plan, billing is processed by Stripe, Inc. (“Stripe”). We store your Stripe customer identifier, the active subscription tier, the renewal date, and metadata sufficient to reconcile invoices and entitlements. We do not store your full payment-card number, expiration date, or security code; that information is collected and stored directly by Stripe in accordance with the Payment Card Industry Data Security Standard.
When you access the Service, our servers automatically receive technical data including your Internet Protocol (IP) address, your browser type and version, your operating system, the referring URL, and timestamps. This data is logged for security, abuse detection, and operational diagnostics.
We use cookies that are strictly necessary to maintain your signed-in session. Authentication cookies are issued by Auth0 in connection with Auth0’s session management. We do not use cookies for advertising or for tracking your activity across unrelated websites. You can disable cookies through your browser settings, but the Service will not function correctly if essential cookies are blocked.
We use the information described above for the following purposes:
We do not use your Conversation Content to train machine learning models, whether ours or those of any third party. Our improvement efforts rely solely on aggregate metrics and de-identified diagnostic data that cannot reasonably be used to reconstruct the contents of your conversations.
We share information with a small number of carefully selected service providers, each of which is contractually bound to use the information only for the purposes for which it was disclosed.
We do not sell your personal information, and we do not share it with third parties for their own marketing purposes. We may disclose information when we believe in good faith that disclosure is required to comply with a subpoena, court order, lawful request from a governmental authority, or other legal obligation, or where disclosure is necessary to protect our rights, the safety of our users, or the integrity of the Service. Where permitted, we will notify you in advance of any compelled disclosure.
Conversation Content is retained for a period that depends on your subscription tier:
Usage events and metrics are retained for twenty-four (24) months, after which they are deleted or aggregated into statistics that no longer identify you. Billing records are retained for the period required by applicable tax and accounting laws, typically seven (7) years.
When you close your account, we delete personally identifying information associated with your account from our active systems within thirty (30) days, subject to legal obligations to retain certain records. Backups containing your information are overwritten in the ordinary course of our backup rotation, which may take up to ninety (90) additional days.
Subject to applicable law, you have the right to access the personal information we hold about you, to request correction of inaccurate information, to request deletion of your personal information, and to request a portable export of your account data. You may exercise these rights by emailing support@nascoder.com from the email address associated with your account. We will respond to verifiable requests within the time period required by applicable law and will inform you if we are unable to fulfill a request, including the reason. You also have the right to lodge a complaint with a competent data-protection authority.
We protect your information using industry-standard administrative, technical, and physical safeguards. All connections between your browser and the Service are protected by Transport Layer Security (TLS). Conversation Content and other user data are stored in an AWS Relational Database Service instance with encryption at rest enabled. Access to production systems and data is restricted to authorized personnel under the principle of least privilege, and such access is logged and periodically reviewed. We maintain an incident-response process and will notify affected users and regulators of security incidents to the extent required by applicable law. No system is perfectly secure, however, and we cannot guarantee the absolute security of any information.
The Service is operated from, and your data is processed in, the United States of America. If you access the Service from outside the United States, you understand and acknowledge that your information will be transferred to, processed in, and stored in the United States, which may not provide the same level of data protection as the jurisdiction in which you reside. Where required, we implement appropriate safeguards for cross-border transfers, including standard contractual clauses with our processors. By using the Service, users located in the European Economic Area, the United Kingdom, or other jurisdictions outside the United States expressly consent to the transfer of their information to the United States.
The Service is not directed to, and we do not knowingly collect personal information from, children under the age of thirteen (13). If we learn that we have inadvertently collected personal information from a child under thirteen, we will delete that information from our systems. If you believe we may have collected such information, please contact us at support@nascoder.com.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email to the address associated with your account or through an in-app notice at least fourteen (14) days before the changes take effect, except that changes required for legal or security reasons may take effect immediately. The “Last updated” date at the top of this page reflects the date of the most recent revision.
For questions about this Privacy Policy, to exercise your rights, or to submit a privacy-related request, please contact us at support@nascoder.com. nascoder, Inc. is based in the United States.