Privacy Policy

1. Introduction

Code Editor Land ("we", "our", or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our code editor application, website, and related services (collectively, the "Service").

We are dedicated to providing a free, open-source code editor to developers worldwide. Our services are built using Cloudflare Workers, Firebase, and other third-party infrastructure providers to deliver a high-performance, global experience.

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by all the terms outlined in this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Scope of This Privacy Policy

This Privacy Policy applies to:

• Our desktop application (Land editor) and associated components
• Our website at https://editor.land and all subdomains
• Any APIs, backend services, and Cloudflare Workers that power our Service
• Any other services that link to this Privacy Policy

This policy does not apply to third-party websites, services, or applications that you may access through links on our Service. We are not responsible for the privacy practices of these third parties.

3. Types of Data We Collect

We collect several categories of personal information to provide and improve our Service:

3.1 Personal Information

Personal information is data that can be used to identify you individually. We collect:

• Account Information: When you create an account, we collect your email address, username, and password (hashed). This information is stored securely using Firebase Authentication.
• Profile Information: Optional profile data such as display name, avatar, and bio that you choose to provide.
• GitHub OAuth Data: If you sign up using GitHub OAuth, we receive your GitHub account ID, username, email address (as provided by GitHub), and avatar URL. We do not access your private repositories or other sensitive GitHub data.
• Communications: Information from your messages to us, including support requests, bug reports, and feedback. We may retain these communications to improve our Service and respond to your inquiries.

3.2 Usage and Technical Data

We automatically collect certain information about your device and how you interact with the Service:

• Device Information: Operating system, device type, screen resolution, language settings, and unique device identifiers.
• Usage Data: Actions taken within the editor, features used, extensions installed, performance metrics, and crash reports (without personal content).
• Network Data: IP address, ISP, connection type, and approximate geographic location derived from IP (used for Cloudflare Workers analytics and security).
• Application Performance: Anonymous performance metrics including startup time, memory usage, editor responsiveness, and error logs that do not contain user code or personal data.
• Telemetry Data: Aggregated, anonymized data about how the Service is used to inform feature development and bug fixes. This data is never sold or shared with advertisers.

3.3 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze Service usage:

• Essential Cookies: Required for authentication sessions, security features, and basic functionality. These cannot be disabled.
• Analytics Cookies: Used by Cloudflare Analytics and Firebase Analytics to understand user behavior and improve the Service. These can be disabled via your browser settings .
• Preference Cookies: Remember your settings, theme preferences, and customization choices.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent some features of the Service from functioning properly.

4. How We Use Your Data

We use the collected data for the following legitimate purposes:

4.1 Providing and Improving the Service

• Creating and managing your account
• Authenticating your identity and maintaining session security
• Providing cloud synchronization of settings and extensions (if enabled)
• Improving editor performance, stability, and user experience
• Developing new features based on aggregated usage patterns
• Testing and debugging the application

4.2 Communications

• Sending service-related notifications (security alerts, feature updates, account verification)
• Responding to your support inquiries and feedback
• Providing information about community contributions and events (only with your consent)

4.3 Security and Compliance

• Detecting and preventing fraud, abuse, and security incidents
• Verifying your identity for authentication purposes
• Complying with legal obligations and protecting our rights and users
• Auditing and analyzing usage patterns for security research

4.4 Analytics and Metrics

• Understanding how users interact with the Service to guide development priorities
• Measuring feature adoption and identifying usability issues
• Tracking crash reports and performance bottlenecks
• Monitoring Service availability and reliability metrics

ttttt4.5 Legal Basis for Processing (GDPR Article 6) tttt

tttttUnder the General Data Protection Regulation (GDPR), we tttttprocess your personal data based on the following legal tttttgrounds: tttt

ttttt
• ttttttConsent (Article 6(1)(a)): For analytics ttttttcookies, optional telemetry collection, and marketing ttttttcommunications. You may withdraw consent at any time. ttttt
ttttt
• ttttttContract Performance (Article 6(1)(b)): For ttttttaccount creation, authentication, settings synchronization, ttttttand delivering the core Service functionality. ttttt
ttttt
• ttttttLegitimate Interests (Article 6(1)(f)): For ttttttsecurity monitoring, abuse prevention, service improvement, ttttttcrash reporting, and performance optimization. We balance ttttttthese interests against your rights and freedoms. ttttt
ttttt
• ttttttLegal Obligation (Article 6(1)(c)): For ttttttcompliance with applicable laws, responding to legal ttttttprocesses, and fulfilling regulatory requirements. ttttt
tttt

5. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. We share data only in the following circumstances:

5.1 Service Providers and Infrastructure

We rely on trusted third-party providers to operate the Service:

• Cloudflare Workers: Our backend APIs and serverless functions run on Cloudflare's global network. Cloudflare processes request data including IP addresses, User-Agent strings, and HTTP headers to deliver the Service, provide security (DDoS protection, WAF), and generate analytics. Cloudflare's privacy practices are governed by their Privacy Policy.
• Firebase (Google): We use Firebase Authentication for account management, Firebase Analytics for aggregate usage metrics, and Firebase Cloud Messaging for notifications. Google processes data in accordance with their Privacy Policy. Data is stored in Firebase data centers governed by Google's data processing terms.
• CloudFlare R2: For storing and serving public assets (downloadable releases, images, documentation). This data is publicly accessible and does not contain personal information.

5.2 Legal and Safety Disclosures

We may disclose your personal information if required to do so by law or in response to valid legal requests, including to meet national security or law enforcement requirements. We may also disclose information to:

• Protect our rights, property, or safety, or the rights, property, or safety of our users or the public
• Prevent or address fraud, security, or technical issues
• Enforce our Terms of Service or other agreements
• Respond to court orders, subpoenas, or other legal process

5.3 Business Transfers

If Code Editor Land undergoes a merger, acquisition, asset sale, or similar corporate event, your personal information may be transferred as part of the business assets. We will notify you via email or prominent notice on our website before such a transfer, and the new entity will continue to be bound by this Privacy Policy unless you consent otherwise.

5.4 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot reasonably be used to identify you with researchers, industry analysts, or the public to demonstrate the impact and reach of our open-source project. This data is stripped of all personally identifiable information.

6. International Data Transfers

Our infrastructure is operated by Cloudflare and Google, which have data centers worldwide. When you use our Service, your personal information may be transferred to, stored, and processed in countries other than your country of residence, including the United States and European Union member states.

Both Cloudflare and Google participate in and comply with international data transfer frameworks such as the EU-U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs) to ensure adequate protection of your personal data. By using our Service, you consent to such international transfers.

We take reasonable steps to ensure that your personal data is processed securely and in accordance with this Privacy Policy, regardless of where it is processed.

7. Data Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

• Account Information: Retained as long as your account remains active. If you delete your account, we permanently delete all associated personal data within 30 days, except for logs and analytics that have been anonymized.
• Email Communications: Retained for up to 7 years for compliance and support continuity purposes.
• Analytics and Telemetry: Aggregated, anonymized data may be retained indefinitely for trend analysis and Service improvement. Personal identifiers are removed after 12 months.
• Server Logs: Cloudflare logs including IP addresses are retained for up to 24 months for security, analytics, and abuse prevention purposes.
• Crash Reports: Retained for up to 12 months to address stability issues, then automatically deleted.

When we no longer need your personal information, we securely delete or anonymize it. Some data may be retained in backups for up to 90 days before being purged.

8. Data Security Measures

Code Editor Land implements industry-standard security measures to protect your personal information:

• Encryption in Transit: All communications with our Service use TLS 1.3 encryption. Our website enforces HTTPS via HSTS headers.
• Encryption at Rest: Sensitive data stored in Firebase is encrypted using Google's server-side encryption. We employ Firebase Security Rules to restrict unauthorized access.
• Authentication Security: Passwords are hashed using scrypt with strong cost factors. We support two-factor authentication (2FA) via TOTP where available.
• Cloudflare Workers Security: Our APIs are protected by Cloudflare's Web Application Firewall (WAF), DDoS mitigation, and rate limiting. All worker code undergoes security review before deployment.
• Access Controls: Strict internal access controls limit who within Code Editor Land can access user data. Access is granted on a least-privilege basis and logged for audit purposes.
• Regular Security Audits: We conduct periodic security reviews, dependency vulnerability scanning, and penetration testing to identify and remediate potential risks.
• Incident Response: We have established procedures for responding to security incidents, including mandatory breach notification within 72 hours to affected users and regulators where required by GDPR.

⚠️ Security Disclaimer: No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You also play a role in protecting your account by using strong passwords and enabling two-factor authentication when available.

9. Your Data Subject Rights (GDPR/CCPA)

Depending on your jurisdiction, you may have the following rights regarding your personal data:

9.1 Rights Under GDPR (EU Residents)

• Right to Access: Request a copy of all personal data we hold about you, free of charge, in a commonly used electronic format.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure (Right to be Forgotten): Request deletion of your personal data when it is no longer necessary or you withdraw consent (subject to legal retention obligations).
• Right to Restrict Processing: Request limitation of data processing in certain circumstances, such as when you contest data accuracy or processing is unlawful.
• Right to Data Portability: Receive your personal data in a structured, machine-readable format and transmit it to another controller.
• Right to Object: Object to processing based on legitimate interests or direct marketing activities.
• Right to Withdraw Consent: Withdraw previously given consent at any time, without affecting processing that occurred before withdrawal.
• Right to Lodge a Complaint: File a complaint with a supervisory authority if you believe our processing violates applicable data protection law.

9.2 Rights Under CCPA/CPRA (California Residents)

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, share, or sell.
• Right to Delete: Request deletion of personal information we maintain about you (with exceptions similar to GDPR).
• Right to Opt-Out: Opt out of the sale or sharing of personal information. We do not sell personal data for monetary consideration, but sharing for cross-context behavioral advertising is prohibited under CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights, including by denying goods or services, charging different prices, or providing a different level or quality of service.
• Right to Limit Use of Sensitive Personal Information: You may limit our use and disclosure of sensitive personal information (e.g., precise geolocation, race, ethnicity, etc.) to purposes other than those necessary to provide the Service.

9.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: [email protected]

We will respond to your request within 30 days for GDPR/CCPA compliance. We may need to verify your identity before processing certain requests, which may require additional information from you. There is no charge for reasonable requests unless they are manifestly unfounded or excessive.