← Back

Privacy Policy

Effective date: 18 April 2026

Who we are

Code Overlord is a product of Xcribe Limited, a company registered in England and Wales (company number 14860348). Our registered address is 11 Ducketts Wharf, South Street, Bishop's Stortford, England, CM23 3AR.

For privacy enquiries, contact us at privacy@codeoverlord.dev.

What data we collect

When you use our website, we may collect:

  • Account information — email address, name, and authentication provider (Google) when you sign in via AWS Cognito.
  • Waitlist information — email address and referral source when you join the waitlist.
  • Usage analytics — page views, clicks, session recordings, and device information via PostHog (EU-hosted). All form inputs are masked in session recordings.
  • Technical data — IP address (for geolocation, anonymisable), browser type, operating system, and screen dimensions.

When you use our desktop or mobile applications, we may additionally collect:

  • App usage data — features used, session duration, agent types invoked, and crash reports.
  • Device information — device model, OS version, app version.
  • Push notification token (mobile) — a Firebase Cloud Messaging identifier used solely to wake the app when your paired desktop sends an alert. Not used for marketing.
  • Workspace files and notes (mobile) — files you explicitly sync from your paired Code Overlord desktop are stored in your AWS S3 account for relay to the phone. We never access them outside of this sync relay.

Android device permissions

The Code Overlord Android app requests the following device permissions. Each is optional, requested at runtime, and can be denied or revoked at any time via Android Settings → Apps → Code Overlord → Permissions.

  • Camera (android.permission.CAMERA) — used solely to scan the QR code displayed on your paired Code Overlord desktop during initial pairing. Camera frames are processed on-device by Google's ML Kit barcode scanner. No images are stored, transmitted, or sent to any server.
  • Microphone (android.permission.RECORD_AUDIO) — used for the optional voice dictation feature. Audio is processed entirely on-device by the Moonshine speech-recognition model (an open-source model that runs locally). No audio is recorded to disk, transmitted, or sent to any server.
  • Notifications (android.permission.POST_NOTIFICATIONS) — used to alert you when an AI agent on your paired desktop needs your input.
  • Bluetooth Connect (android.permission.BLUETOOTH_CONNECT) — used by the Android audio stack when a Bluetooth microphone is connected for voice dictation.
  • Internet & network state — used to sync with your paired desktop via AWS relay and to fetch the on-device speech model on first run.

No permission is used for advertising, tracking across apps, or profiling. If you need clarification or wish to revoke any permission, contact us at privacy@codeoverlord.dev.

How we use your data

  • To provide and improve the Code Overlord service.
  • To manage your account and authentication.
  • To process waitlist signups and invite allocations.
  • To analyse usage patterns and improve user experience.
  • To send service-related communications (not marketing, unless you opt in).
  • To detect and prevent abuse or security incidents.

Analytics and cookies

We use PostHog for product analytics, hosted in the EU (Frankfurt). PostHog may set cookies or use localStorage for session tracking. You can opt out of analytics tracking at any time by contacting us.

Session recordings mask all form input values by default. We do not record passwords, payment details, or other sensitive field content.

Data storage and security

Your data is stored on Amazon Web Services (AWS) infrastructure in the EU (London, eu-west-2) for authentication and application data, and PostHog Cloud EU (Frankfurt) for analytics data.

We use industry-standard security measures including encryption in transit (TLS), encrypted storage, and access controls via AWS IAM.

Data sharing

We do not sell your personal data. We share data only with:

  • AWS — infrastructure provider (authentication, storage).
  • PostHog — product analytics (EU-hosted).
  • Google — if you sign in via Google OAuth.

Your rights (GDPR)

Under UK and EU data protection law, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate personal data.
  • Erase your personal data ("right to be forgotten").
  • Restrict or object to processing of your data.
  • Data portability — receive your data in a structured format.
  • Withdraw consent at any time.

To exercise any of these rights, email privacy@codeoverlord.dev. We will respond within 30 days.

Data retention

Account data is retained for as long as your account is active. Analytics data is retained for up to 1 year. You may request deletion of your data at any time.

Children

Code Overlord is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us.

Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the service after changes constitutes acceptance.

Contact

Xcribe Limited
11 Ducketts Wharf, South Street
Bishop's Stortford, England, CM23 3AR
Company number: 14860348
Email: privacy@codeoverlord.dev