Last updated: May 20, 2026
This policy explains how Codelit.io collects and uses information when you use the website, AI architecture tools, integrations, saved sessions, sharing features, and Stripe-powered billing.
When you use free or Pro AI models without your own API key, prompts, chat history, and related architecture context may be routed through Codelit servers and sent to AI providers or model-routing providers so they can generate a response. When you use your own API key from the BYOK menu, the key is stored in your browser and requests are intended to go directly from your browser to the selected AI provider.
Codelit does not use your prompts, architectures, saved sessions, or shared diagrams to train Codelit-owned AI models. Third-party AI providers may process submitted content under their own terms and privacy policies.
BYOK API keys are stored in your browser localStorage and can be cleared from Settings. Integration tokens are also stored in your browser and may be sent to Codelit API routes only when needed to call the connected provider on your behalf. If you call a Codelit API endpoint and include an API key in the request body, that key is transmitted to Codelit only to fulfill that request. We do not intentionally persist those API keys or integration tokens on our servers.
LocalStorage is controlled by your browser and device. Avoid entering API keys or connecting private workspaces on shared or untrusted devices.
Pro billing is handled by Stripe. Stripe receives the information needed to create checkout sessions, manage subscriptions, process payments, issue invoices, and provide the customer portal. Codelit stores subscription status and Stripe identifiers so the app can unlock Pro features and let you manage or cancel your subscription.
Architectures and boards you explicitly share are stored with a unique public link. Anyone with that link may view the shared content. Do not share content that contains secrets, credentials, private business information, or data you are not authorized to disclose.
We use service providers to operate Codelit, including Firebase/Google for authentication, database, hosting, and analytics storage; Stripe for billing; Vercel for hosting and deployment; AI providers for generation; and connected third-party platforms when you authorize an integration. These providers process data only as needed to provide their services to us or to you.
Codelit uses browser storage for app settings, model choices, API keys, integration tokens, usage counters, and session behavior. We do not currently use third-party advertising cookies. Authentication and payment providers may use cookies or similar technologies under their own policies.
We keep account, usage, billing, and saved content for as long as needed to provide the service, comply with legal obligations, resolve disputes, prevent abuse, and maintain business records. You can delete saved sessions and shared content where the product provides controls. You can request deletion of your account and associated Codelit data from Settings or by emailing us.
Some information may remain in backups, security logs, billing records, or records we must keep for legal, tax, fraud-prevention, or dispute-resolution purposes.
We use reasonable technical and organizational safeguards, including provider-managed authentication and payment processing. No internet service is perfectly secure. You are responsible for protecting your account, browser, devices, API keys, and connected workspaces.
Codelit is not directed to children under 13, and we do not knowingly collect personal information from children under 13.
Codelit is operated from the United States. If you use the service from another country, your information may be processed in the United States or other locations where our providers operate.
We may update this Privacy Policy as the service changes. The updated version will be posted here with a new "Last updated" date.
Questions or privacy requests? Email mo@codelit.io.