Privacy & Security

Your code is your most sensitive asset. Codewick is designed from the ground up with a privacy-first architecture — your source code is never stored on Codewick’s servers.

How AI requests work

When you use an AI feature in Codewick, here is exactly what happens:

The Codewick desktop app assembles the relevant context (code, conversation history, system prompts).
That context is sent directly from your machine to the AI provider over HTTPS.
The AI provider returns a response directly to your machine.
Codewick’s servers are never in the middle of this exchange.

This means your code travels over an encrypted connection from your desktop straight to the AI model. Codewick’s infrastructure never sees, processes, or stores it.

What’s sent to AI models

When an AI feature runs, the following may be included in the request:

Relevant code and context for the current task (not your entire project)
Conversation history from the current chat session
System prompts that instruct the model how to behave

Only the context needed for the current operation is sent. Codewick uses file targeting and @ mentions to keep the payload minimal.

What’s NEVER sent

The following are never included in AI requests:

Your account credentials or payment information
Code from files not relevant to the current task
Telemetry or analytics data
Personally identifiable information (PII)
Files excluded by .codewickignore

What Codewick servers store

Codewick’s servers handle account management and billing. They store:

Data	Purpose
Hashed account credentials	Authentication
Subscription state	Plan management and billing
Anonymous usage counters	Token budget tracking
Payment records	Stripe transaction references

Local storage

Everything related to your projects stays on your machine:

Project files — your source code, assets, and configuration
Session history — chat conversations and AI interactions
Checkpoints — saved project snapshots for rollback
Editor state — open files, cursor positions, panel layout

This data is stored in Codewick’s local application directory and is never uploaded to Codewick servers.

Analytics

Codewick uses Cloudflare Web Analytics for anonymous, privacy-respecting analytics. This means:

No cookies are used for tracking
No personal data is collected
No cross-site tracking
Analytics are aggregated and anonymous

You can opt out of analytics entirely in Settings > Privacy > Analytics.

If you’re in the EU or EEA, you have the following rights:

Access — Request a copy of all data Codewick holds about you.
Erasure — Request deletion of your account and associated data. Processed within 30 days.
Portability — Export your data in a standard format before account deletion.
Consent withdrawal — Opt out of analytics or delete your account at any time.

To exercise any of these rights, go to Settings > Account or contact support through the in-app support panel.

Third-party services

Codewick integrates with a small number of third-party services, each with a specific purpose:

Service	Role	What they receive
Stripe	Payment processing	Payment method, billing address, transaction amounts
Cloudflare	Infrastructure and analytics	Anonymous page-view data (no PII)
AI provider	Model inference	Code context and prompts for AI features

No other third parties receive your data. Codewick does not sell, share, or monetize user data.

Security practices

All network communication uses HTTPS/TLS encryption
Credentials are stored as salted hashes — never in plain text
Payment processing is handled entirely by Stripe (PCI-DSS compliant)
The desktop app is code-signed and notarized by Apple