Privacy
Treat your data and your recipients' data with care.
Codexroom logs the minimum data we need to deliver the product. Recipients of shares get a clear analytics notice. The detail below covers what we keep and what we never store. The formal text lives in the privacy policy.
What we store about your workspace
Identity, workspace data, subscription state.
User identity from Clerk: user ID, email, name.
Workspace data: tokens, slot types, templates, assets, decks, shares, audit log.
Subscription data: plan, status, Stripe customer ID, Stripe subscription ID.
Stored inside Supabase Postgres in your region, with the tenancy and encryption posture documented on the security page.
What we store about share recipients
Per-event records in share_views.
Each event in the share_views table carries: timestamp, share ID and deck ID, slide index (for slide-viewed events), session ID (a UUID generated client-side scoped to a single viewing session), geography parsed to country, region, city only, user agent parsed to browser, OS, device type, and the referrer if present.
What we never store
The data the recipient never gives up.
Raw IP addresses past the request lifecycle.
Cross-share fingerprinting of the recipient.
Third-party tracker data.
Recipient identity beyond what the share creator supplied.
How recipients learn about analytics
A disclosed notice on every viewer.
The viewer footer carries the line: "This presentation may collect viewing analytics. See the privacy notice." The link opens this page.
Data deletion
Through the admin UI, the API, or by request.
Customers delete data through the admin UI, the API, or by request. Audit log entries are immutable by design. Customers who require historical share view data deletion can request it from the admin UI.
Regional residency
Asia, EU, or US regions. Pinning on Enterprise.
Asia-Pacific customers land in the Singapore region by default. EU customers land in the EU region. US customers land in the US region. Region pinning available on Enterprise. Cross-border transfers covered under PDPA Section 26 for Singapore-originating data, the EU Standard Contractual Clauses for EU-originating data, and the UK addendum for UK-originating data.
See it work