Privacy Policy

1. Introduction

Neuro Coding Studio ("we", "our", or "us"), operated by CodingLab, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at truthlensai.org (the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the Service.

2. Data We Collect

2.1 Account Information

When you sign in via Google, GitHub, or LinkedIn OAuth, we receive and store your name, email address, and profile image. This data is used solely to create and manage your account.

2.2 Payment Information

Payments are processed securely through Stripe. We receive confirmation of your purchase (amount, date, package) but we never receive, process, or store your full credit card number, CVV, or banking details.

2.3 Usage Data

We collect aggregated, non-identifying usage data to improve the Service, including: number of analyses performed, feature usage patterns, and general error logs. This data is not linked to individual submissions.

2.4 Support Communications

Messages and images sent through our in-app support chat are stored to provide customer service. Support conversations are retained only while your ticket is active and are automatically deleted within 24 hours after a ticket is closed.

2.5 Log & Security Data

We may collect IP addresses, browser type, and access timestamps for security monitoring, rate limiting, and abuse prevention. This data is kept for a limited period and is not shared externally.

3. Content You Submit

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service.
• Process transactions and manage your credit balance.
• Respond to support requests and communicate with you about the Service.
• Monitor and prevent security threats, fraud, and abuse.
• Comply with legal obligations.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Cookies & Tracking Technologies

We use strictly necessary cookies for authentication and session management. We do not use third-party advertising trackers or sell behavioral data to brokers.

• Essential cookies: Required for authentication, session persistence, and security (e.g., CSRF tokens).
• Analytics: We may use privacy-respecting analytics to understand aggregate usage patterns. No personal data is shared with analytics providers.

You can manage cookie preferences through your browser settings at any time.

6. Data Sharing & Third Parties

We may share limited data with the following categories of third parties, only as necessary to operate the Service:

• Authentication providers (Google, GitHub, LinkedIn) — to verify your identity during sign-in.
• Payment processor (Stripe) — to process credit purchases securely.
• Infrastructure providers (Vercel, Neon) — to host and operate the Service.
• Email service (Resend) — to deliver transactional emails such as support notifications.

We may also disclose your information if required to do so by law or in response to valid requests by public authorities.

7. Data Security

We implement industry-standard security measures to protect your data, including:

• TLS/SSL encryption for all data in transit.
• Encrypted database connections with connection pooling.
• Rate limiting and IP-based abuse prevention.
• Content Security Policy (CSP), HSTS, and other security headers.
• Role-based access controls for internal systems.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your account data for as long as your account is active. If you delete your account, your personal data will be removed from our systems within 30 days, except where we are required by law to retain certain records.

Submitted text for analysis is never stored. Support messages are automatically deleted 24 hours after ticket closure.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Under GDPR (EU/EEA Residents)

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate personal data.
• Right to erasure — request deletion of your personal data ("right to be forgotten").
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to restrict processing — request limitation of how we use your data.
• Right to object — object to processing of your personal data in certain circumstances.

Under CCPA (California Residents)

• Right to know what personal information is collected and how it is used.
• Right to delete personal information held by us.
• Right to opt-out of the sale of personal information — we do not sell your data.
• Right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, please contact us through our contact form or via the support chat. We will respond to verifiable requests within 30 days.

10. International Data Transfers

Our Service is hosted on infrastructure located in the European Union (EU-Central). If you access the Service from outside the EU, your data may be transferred to and processed in the EU. We ensure appropriate safeguards are in place to protect your data in compliance with applicable data protection laws.

11. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete such information promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for legal, operational, or regulatory reasons. We will post the revised policy on this page and update the "Last updated" date. We encourage you to review this page regularly.