Codeshift AI Privacy Policy
Introduction
Welcome to the Codeshift AI Community! This Privacy Policy explains how the Codeshift AI Community (the "Community") collects, uses, and protects your personal data in accordance with the EU General Data Protection Regulation (GDPR). The Community is hosted on the Circle.so platform and operated by MOVEMEANT PRODUCTIONS sp. z o.o., a company registered in Poland (hereinafter "we," "us," or "our"). MOVEMEANT PRODUCTIONS sp. z o.o. is the data controller responsible for your personal data. Circle.so (CircleCo, Inc.) acts as a data processor on our behalf.
By accessing or using the Codeshift AI Community platform, you acknowledge that you have read and agree to this Privacy Policy. If you do not agree with our practices, please do not use the Community. We are committed to safeguarding your privacy and ensuring the security of your personal information.
Personal Data We Collect
We collect personal data that you voluntarily provide to us, as well as some data automatically collected by our platform and tools. We do not collect any sensitive personal data (known as special category data under GDPR, such as information about health, ethnic origin, political beliefs, or similar sensitive information. The types of personal data we collect include:
Profile Information: When you register for the Community, we collect standard profile details such as your name and email address. You may also choose to provide additional profile information like a username, avatar/photo, or bio in your Circle profile. All such information is stored in Circle’s platform.
Account Credentials: You create a login (email and password) to access the Community. Passwords are stored in encrypted form by Circle and not visible to us.
Content You Post: Any posts, comments, messages, or other content you contribute within the Community will be collected and stored on Circle. This content may include personal data if you choose to share it. Please remember that content you post may be visible to other community members, so only share information you are comfortable making public to the group.
Payment Information: If the Community offers paid features or memberships, payments are processed securely by Stripe. When you make a payment, you will provide credit card or other billing details directly to Stripe. We do not store your full payment card details on our systems. We may receive limited information from Stripe needed to record your payment (such as your name, subscription level, transaction ID, and the last four digits of your card). Stripe is a PCI-DSS compliant payment processor, and their handling of your payment data is covered by their own privacy policy and GDPR compliance measures.
Usage Data: When you use the Community, certain data is collected automatically by Circle and our other tools. This includes technical information such as your IP address, browser type, device information, and operating system. We also collect usage logs like when you last logged in, pages or posts you view, and interactions on the platform. This data is collected through cookies and similar technologies (explained in the Cookies section below) and helps us ensure the platform functions properly and improve the user experience.
Cookies and Analytics Data: We use cookies in a limited way (see Cookies section). For example, when you log in, Circle will set essential cookies to keep you authenticated. We also use Google Analytics to gather anonymized statistical information about how users navigate the site (e.g. page views, time on site). Google Analytics may collect your IP address and device identifiers, but we configure it to anonymize IP addresses where possible. No personally identifying report is generated – we only see aggregate trends. You can read more in the Cookies section, and you can opt-out of Google Analytics as described there.
Note: We do not intentionally collect any special categories of personal data about you (such as race, health, religious or political information), nor do we ask you to provide such information. Please avoid sharing sensitive personal details about yourself or others in your profile or posts. If you do so, that is your choice, and we will treat any such information as regular personal data under this Policy.
How We Use Your Personal Data (Purpose and Legal Basis)
We process your personal data only for specific purposes and in accordance with the lawful bases permitted by GDPR (Article 6). Below we explain what purposes we use data for and the legal basis for each:
Providing the Community Services: We use your profile and account data to create and maintain your account, allow you to log in, and enable you to participate in the Community (post messages, connect with others, etc.). This is necessary for the performance of the contract between you and us – i.e. to provide the services you have signed up for. (Legal basis: GDPR Art. 6(1)(b) – performance of a contract).
Community Operations and Support: We process personal data as needed to manage the Community and assist you. For example, we may use your email to send essential account communications such as a welcome message, password reset links, or important notifications about the platform. We might also use your information to respond to your inquiries or provide user support. This is within our legitimate interest to ensure a smooth user experience, and often also necessary to fulfill our contract with you. (Legal basis: Art. 6(1)(b) and Art. 6(1)(f) – contract and legitimate interests). Please note: We do not send any marketing or promotional emails at this time. You will not receive newsletters or ads from us, only operational communications related to your use of the Community.
User-Generated Content Display: Content that you post (such as comments or questions) is processed and displayed to other authorized community members as part of the service. This is inherent in the Community platform – by posting, you are intentionally making that content available to others. (Legal basis: Art. 6(1)(b) – performance of contract, as you are choosing to publish this information on the platform).
Payments and Transactions: If you make payments (for example, for a premium membership or event), we will process your personal data to handle those transactions. This includes using your name and payment information to process payments through Stripe and to maintain proper transaction records. Processing payments is necessary to perform our contractual obligations (e.g. granting you access to paid features). We also retain transaction records to comply with legal obligations (such as financial reporting and tax laws). (Legal basis: Art. 6(1)(b) – contract; and Art. 6(1)(c) – compliance with legal obligations).
Platform Improvements and Analytics: We analyze usage data and feedback to improve our Community’s functionality and user experience. For instance, we look at which sections of the platform are most active or how engagement changes over time, using tools like Google Analytics. We do this in an anonymized or aggregated way that does not identify individuals. It is in our legitimate interest to understand how our services are used so we can improve them. (Legal basis: Art. 6(1)(f) – legitimate interests). You have the right to object to analytics processing (see “Your Rights” below), and you can opt-out of Analytics cookies as noted in the Cookies section.
Automation and Feature Functionality: We utilize certain automation workflows (via n8n) and web application features (via Bubble) to operate the Community. These tools may process your data in the background to, for example, sync information between systems or enable interactive features on our website related to the Community. For example, if we have a custom front-end or forms built with Bubble that connect to your Circle profile, or automated tasks with n8n to send you a confirmation when you complete an activity, those processes will use your data solely to provide or enhance the service you requested. (Legal basis: Art. 6(1)(b) – contract; and Art. 6(1)(f) – our legitimate interest in efficient service delivery).
AI Functionality: Our Community may offer AI-driven features (for instance, an AI assistant or content generation powered by OpenAI’s API). If you choose to use these features, the content you input (which might include personal data you provided in a query or message) will be sent to OpenAI to generate a response. We only use this functionality at your direct request (e.g. you ask a question to an AI assistant in the community). (Legal basis: Art. 6(1)(b) – contract, as this is a feature you choose to use; and potentially Art. 6(1)(a) – consent, since by using the AI feature you are implicitly consenting to that specific processing). The data sent to OpenAI is used only to provide you with the AI-generated output and is not used by us for any other purpose. OpenAI, as our processor, is contractually bound not to use your data for training their models or any unrelated purposes without permission (per their API terms).
Security and Abuse Prevention: We may process certain data (like IP addresses, and user activity logs) to monitor for and prevent fraudulent, malicious, or illegal activity on the platform. This includes ensuring users adhere to our Community guidelines and Terms of Service, and investigating any violations. Doing so is necessary to protect our service and community members. (Legal basis: Art. 6(1)(f) – legitimate interests in maintaining security). In some cases, we may also have legal obligations to disclose data if required by law enforcement or to comply with legal processes, but we will only do so in accordance with the law.
Legal Compliance: Finally, we may process and retain certain data as needed to comply with applicable laws or regulatory requirements. For example, business and financial records (which may include personal data like names on invoices) are kept for accounting/tax compliance for the legally required periods. (Legal basis: Art. 6(1)(c) – legal obligation). Also, if we ever need to use data to establish or defend legal claims, that would fall under legitimate interest or legal obligation as well.
We will not use your personal data for any purpose that is incompatible with the above purposes without first obtaining your consent or providing required notice. We do not use your data for any kind of automated decision-making that produces legal or similarly significant effects on you (no profiling or algorithms decide matters about you without human involvement). In summary, your data is used strictly to run and improve the Community services you expect, and not for unsolicited marketing or unrelated purposes.
Cookies and Tracking Technologies
Cookies are small text files placed on your device to help operate our website and gather information. Our use of cookies and similar tracking is minimal and intended to ensure the Community platform functions correctly and to analyze usage for improvement.
Essential Cookies (Circle): The Circle.so platform uses necessary cookies for core functionality. For example, when you log in to the Community, Circle sets a session cookie to keep you logged in and remember your preferences. These cookies are essential for security and account management, and the site cannot function properly without them. Because they are necessary, we do not request separate consent for these.
Analytics Cookies (Google Analytics): We use Google Analytics to collect anonymized usage statistics. Google Analytics sets cookies (_ga, _gid, etc.) to distinguish users and throttle request rates. The information collected through these cookies includes data like your IP address (anonymized), browser type, pages visited, time spent, and other usage metrics. We use these insights to understand overall user engagement and improve the Community. These cookies are not strictly necessary, so depending on applicable law we either operate them under our legitimate interest or seek consent via your browser settings. You can opt-out of Google Analytics by using a browser plugin or by adjusting cookie settings in your browser to block analytics cookies. Additionally, you may use "Do Not Track" or similar settings which we honor for Google Analytics to the extent feasible. Google Analytics data is handled by Google in accordance with their privacy policy. We do not combine analytics data with any identifiable personal data about you.
Circle Default Cookies: Aside from login sessions, Circle may use other default cookies or local storage (for example, to keep track of UI preferences or notifications state). These are typically only used within the community platform environment. For details, you can refer to Circle’s own cookie or privacy notice.
No Third-Party Advertising Cookies: We do not use any advertising networks or third-party ad cookies on our Community. We also do not currently use any social media tracking pixels or similar.
Cookie Consent: When you first visit the Community, you will see a minimal cookie presence (only essential ones). By continuing to use the site, you are essentially agreeing to our use of cookies as described here. If in the future we implement a cookie consent banner (for example, if required by local law), we will update this Policy accordingly. You can manage or delete cookies at any time through your browser settings. Keep in mind that disabling certain cookies (especially essential ones) may affect the functionality of the platform (for example, you might not be able to stay logged in).
How We Share Personal Data (Subprocessors and Third Parties)
We do not sell your personal information to anyone. We only share your data with trusted third parties who are our service providers (acting as data processors) or where necessary for legal compliance. These companies only process your data on our behalf and under our instructions, and they are all GDPR-compliant with appropriate safeguards in place. The key subprocessors and partners we use are:
Circle.so (CircleCo, Inc.) – Community Platform Host. Circle is the software platform on which the Codeshift AI Community operates. All of your profile information, community content, and interactions are stored on Circle’s servers. Circle acts as a data processor, processing member data on our behalf. We have a Data Processing Agreement (DPA) in place with Circle to ensure your data is handled securely and in compliance with GDPR. (Note: Circle’s own privacy policy does not apply to what you do in our Community – instead, this document (our privacy policy) governs that, with Circle as processor.)
n8n (n8n.io) – Automation Workflow Tool. We use n8n to automate certain internal workflows that might involve your data (for example, synchronizing information between Circle and our other databases, sending automated notifications, or handling user requests like data deletion flows). Our n8n instance is hosted within the EU, and it processes data only as needed for these specific tasks under our control. n8n’s platform is GDPR-compliant and we ensure any personal data in automation is transmitted and stored securely (often only transiently during the workflow).
Supabase – Database and Storage. Supabase is an EU-hosted database solution we use to store additional data related to the Community and our web features. For instance, if we have a separate website or features (perhaps via Bubble) that need to store or retrieve user data (like profiles or app-specific content), that data may reside in our Supabase database. Supabase is a GDPR-compliant service (it offers EU data hosting options) and we have configured our Supabase to store data in the European Union. All data in Supabase is encrypted at rest and in transit.
Bubble.io – Web Application Platform. We use Bubble to build certain web features or interfaces for the Codeshift AI platform (for example, a custom front-end or integration outside the core Circle community). In doing so, Bubble may process some personal data (like if you log into a Codeshift AI web portal built on Bubble, or submit information through a Bubble-based form). Bubble, Inc. is a platform that is committed to GDPR compliance and allows hosting on secure cloud infrastructure. We ensure that any personal data processed via Bubble is limited to what’s necessary for those features, and we have a DPA with Bubble if required.
OpenAI API – AI Functionality. For any AI-driven features in the Community (e.g. an AI assistant or content generation), we use OpenAI’s API. When you engage with such features, relevant data (such as the question or text you input, and contextual info needed to formulate a reply) is sent to OpenAI’s servers. OpenAI may be based in the United States, meaning this involves a transfer of data outside the EU (see International Data Transfers section below). We have a Data Processing Addendum in place with OpenAI, and OpenAI has committed to GDPR compliance measures for customer data. Importantly, OpenAI will not use your data submitted through the API to train their models or for any purpose except to provide the service to us, per their terms. The responses are then returned to our platform to deliver back to you. We do not share any more of your personal information with OpenAI than necessary; typically, it’s just the content of your query and perhaps a system prompt context.
Stripe – Payment Processor. If you make payments (for example, purchasing a membership or other paid service in the Community), those payments are handled through Stripe. Stripe may collect your payment card number, billing address, and other payment details directly. We (and Circle, if payments are integrated through Circle’s Stripe connection) receive confirmation of payment and basic customer info from Stripe, but not your full card number or sensitive financial data. Stripe is a globally recognized payment provider and operates in compliance with GDPR via its European entity (Stripe Payments Europe, Ltd.). All payment transactions are encrypted and processed securely. Stripe may act as an independent data controller for your payment information for compliance and anti-fraud purposes; their privacy policy covers these aspects.
Google Analytics – Analytics Provider. As noted in the Cookies section, we use Google Analytics to gather usage data. Google LLC is a processor for this analytics data. While Google is a US-based company, for European users Google typically uses EU-located servers when possible and has measures like Standard Contractual Clauses in place for any necessary international transfers. The analytics data shared with Google does not include your name, email, or other direct identifiers – it consists of usage statistics and device identifiers. We have configured Google Analytics with privacy measures (like IP anonymization). Google acts only on our instructions and does not share this data further.
Aside from the above subprocessors, the only other circumstances in which we might share personal data are:
Within Our Organization: Your data may be accessed by authorized personnel of MOVEMEANT PRODUCTIONS sp. z o.o. (for example, our community administrators or support team) but only on a need-to-know basis. We are a Poland-based company and no external contractors or third-party individuals are given access to personal data. In other words, we do not outsource data processing to anyone aside from the trusted vendors listed above. Our internal staff are bound by confidentiality and trained in data protection.
Legal Requirements: If we are compelled by law or a valid legal process (such as a court order or government demand) to disclose certain data, we may do so. We will only share the specific data required and only when we have a lawful basis to do so. Whenever permitted, we would inform affected users about such disclosures.
Business Transfers: In the unlikely event that MOVEMEANT PRODUCTIONS sp. z o.o. undergoes a major business transaction (like a merger, acquisition, or asset sale of the Community), user data might be transferred to the new owner as part of that deal. If that happens, we will ensure the new owner has to respect the same privacy obligations described in this Policy, and we will notify you of any change in data control.
No Other Sharing: We do not share your personal data with any advertisers or social media companies. We do not sell, rent, or trade your information to third parties for their own marketing purposes.
Data Retention Policy
We will retain your personal data for as long as it is needed to fulfill the purposes outlined in this Privacy Policy, and in any case for as long as you maintain an account in the Codeshift AI Community. Specifically:
Account Data: Profile information and content you have posted are stored until you delete them or request deletion of your account. If you choose to delete certain content (for example, removing a post) that content will no longer be visible to other users, and we will delete or anonymize it in our databases according to Circle’s functionality and our retention practices. If you delete your entire account (or request us to do so), we will remove or anonymize personal data associated with your profile (name, email, etc.) so that you can no longer be identified on the platform. Some residual data (e.g. posts you made) might be retained in an anonymized form (for instance, an old discussion post might show as from "Deleted User" without your personal details).
Inactive Accounts: If your account is inactive for an extended period, we may contact you to ask if you wish to maintain it. We generally do not purge accounts for inactivity alone, but we reserve the right to delete inactive accounts after a very long period (in such case, we would provide notice via email to the address on file).
Transaction Records: Payment and transaction data is retained as long as required by finance and tax regulations. For example, in Poland we may need to keep invoices or payment records for a certain number of years (often 5 years or more) for auditing purposes. Even if you delete your account, we might need to retain invoice records that include your name or email as part of our legal obligations. However, we will not retain more information than necessary for these purposes.
Analytics Data: Data collected via Google Analytics is stored by Google in aggregate form. We have set our Google Analytics data retention to a reasonable period (e.g. 14 months) after which Google automatically deletes the older analytics data. We do not store identifiable analytics logs on our own systems; any raw web server logs on Circle or our systems that contain IP addresses are typically rotated and deleted within a short timeframe (usually within a few weeks).
Backup Copies: Our systems and Circle’s platform may create backup copies of data for reliability. These backups are securely stored and are typically overwritten after a certain period. If you delete data or your account, that deletion will propagate to active systems immediately or within a short window. However, it’s possible that copies might remain in encrypted backups for a short duration until those backups cycle out. During that period, we will ensure your data remains secure and is not restored or used except if needed for disaster recovery (in which case, if used, we would re-delete the data as appropriate).
Legal Holds: If we are in the middle of a legal dispute or investigation that requires us to retain data (e.g. a litigation hold), we will retain the data as needed despite a deletion request, but only for as long as required to resolve the issue. We will promptly delete the data once it is lawful to do so.
After the applicable retention periods or upon fulfilling the purposes, we will either securely erase your personal data or irreversibly anonymize it so that you are no longer identifiable. If you request it, we will provide confirmation once your personal data has been deleted or anonymized from our systems.
Data Security
We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. Some of the security practices we follow include:
Encryption: All communications with the Community platform are encrypted via HTTPS/TLS. In other words, data in transit between your device and our servers (including Circle’s servers, Supabase, etc.) is encrypted. Additionally, our databases (e.g. Supabase) and Circle’s databases encrypt personal data at rest on their servers.
Access Controls: Access to personal data is restricted strictly to authorized persons who need it to operate or support the service. For example, our Community administrators can access profile information and content in order to moderate content or assist users, but only after authentication. We ensure that login credentials and API keys for our subprocessors (n8n, Supabase, etc.) are kept secure and only accessible to necessary staff. We also use two-factor authentication and other best practices for any administrative access when available.
Vendor Security: We choose reputable, security-focused vendors. Circle, Supabase, Bubble, OpenAI, Stripe, and Google each have robust security measures and undergo independent audits/certifications (for example, many are SOC 2 certified, ISO27001 certified, etc.). We rely on their security features (such as Stripe’s PCI-compliant infrastructure for payments, or OpenAI’s secure cloud environment) to protect your data in those systems. We also have Data Processing Agreements ensuring they must protect your data.
No Unnecessary Data Exposure: By design, we minimize the personal data that is publicly visible. Within the Community, other members can generally see your profile name and any info you choose to share, as well as your posts. But your email address and other sensitive account details are not visible to other users. We do not publish any member lists or personal data publicly outside the community. Also, our staff will never ask you for your password, and you should keep your login credentials confidential.
Training and Policies: We have internal policies to safeguard data. Our team is trained on data protection principles and how to handle user data safely. We also have procedures in place to handle any suspected security incidents swiftly and effectively.
Data Breach Response: Despite all precautions, no system can be 100% secure. In the unlikely event of a data breach that affects your personal data, we will notify you and the relevant authorities as required by GDPR. We have a plan in place to investigate and remediate any security incidents.
We continually review and update our security measures to adapt to new threats and best practices. You also play a role in security: please use a strong, unique password for the Community and notify us immediately if you suspect any unauthorized use of your account.
International Data Transfers
We are based in the European Union (Poland), and our policy is to process and store personal data within the EU whenever possible. In general, your data is stored on servers located in the EU. For example, our Supabase database and our self-hosted n8n instance are in EU data centers. However, some of our subprocessors or services may operate outside the EU or involve data transfers to other jurisdictions only as needed to provide the services:
Circle: The Circle.so platform may use servers or support staff outside the EU (Circle is a U.S.-based company). However, Circle has committed to GDPR compliance and we have measures in place (via our DPA) to ensure any transfers are legally protected.
OpenAI: When you use the OpenAI-powered AI features, your query content is sent to OpenAI’s servers in the United States for processing. This constitutes a transfer of personal data outside the EU. To protect such transfers, we have signed Standard Contractual Clauses (SCCs) with OpenAI as part of our Data Processing Addendum, which are the European Commission-approved safeguards for data exported from the EU. Additionally, OpenAI has privacy and security commitments to handle data lawfully and securely.
Bubble and Stripe: These services are based in the US but have EU operations. Stripe, for instance, routes European user data through its European entity and infrastructure where possible. Any transfer of personal data from Stripe’s EU entity to its US entity is protected by SCCs and Stripe’s Binding Corporate Rules. Bubble likely relies on similar mechanisms or cloud infrastructure in the EU. We ensure that any such transfers are covered by appropriate safeguards in accordance with GDPR Chapter V (e.g. SCCs or an adequacy decision if applicable).
Google Analytics: Google may process analytics data on servers in the United States or other countries. IP anonymization and aggregate data reduce the impact, but it is still a data transfer. Google has committed to complying with EU Standard Contractual Clauses for Analytics data. We have also configured settings to enhance privacy (for example, not sharing data with other Google services).
We want to emphasize that other than the cases above, we do not transfer or store personal data outside the EU. In fact, our primary user data (profile info, posts, etc.) is mainly hosted by Circle, which we understand stores data on AWS servers that can include EU regions – and we have instructed that EU users’ data be stored in EU data centers whenever that option is available. All our own systems (like our databases and automation) are EU-hosted.
If in the future we need to transfer personal data to any other country outside the European Economic Area (EEA), we will ensure a similar degree of protection is afforded by implementing at least one of these safeguards: (i) transferring to countries that the European Commission has deemed to have an adequate level of data protection, or (ii) using Standard Contractual Clauses or other approved transfer mechanisms, and (iii) where needed, implementing supplemental technical measures (like encryption) to protect data. You can contact us if you have questions about international data transfers or want to obtain a copy of the relevant safeguards in place.
Your Rights Under GDPR
As a user of the Codeshift AI Community and a data subject under GDPR, you have a number of important rights regarding your personal data. We respect and uphold these rights. In summary, you have the right to:
Right to Be Informed: To receive clear and transparent information about how we collect and use your personal data (which is the purpose of this Privacy Policy).
Right of Access: To ask us for a copy of the personal data we hold about you, and to obtain information about how it is processed. We will provide you with a copy of your data in a commonly used format, usually within one month of your request (unless a request is complex, in which case we may extend by up to two further months, but we will inform you if so).
Right to Rectification: To request that we correct or update any inaccurate or incomplete personal data we have about you. You can also update most of your profile information directly through your account settings on Circle, but if something is not editable by you or you need assistance, you can contact us to rectify it.
Right to Erasure: To request deletion of your personal data (the "right to be forgotten"). You can delete certain data on your own (e.g. remove profile fields or posts). Additionally, you may request that we delete your entire account and associated data. We will honor such requests provided that we do not have a legal obligation or overriding legitimate interest to retain the data. Once your data is deleted, we will also instruct our processors to delete your data from their systems where applicable.
Right to Restrict Processing: To ask us to limit the processing of your data in certain circumstances. For example, if you contest the accuracy of your data or object to our processing, you can request a restriction while the issue is being resolved. During restriction, we will store your data securely but not actively use it.
Right to Data Portability: To receive the personal data you provided to us in a structured, commonly used, machine-readable format, and to have that data transmitted to another controller where technically feasible. In practice, this could mean if you want to switch to a different service, we can provide you with an export of your profile and content data (where applicable) so you can import it elsewhere. This right applies when processing is based on consent or contract and carried out by automated means.
Right to Object: To object to certain types of processing of your personal data. You have an absolute right to object to direct marketing (though as noted, we do not do any direct marketing). You can also object to any processing based on our legitimate interests (e.g. analytics or security processing) if you believe it impacts your rights. If you raise an objection, we will consider whether our legitimate grounds for processing outweigh your privacy rights; if not, we will stop the processing in question.
Right Not to be Subject to Automated Decisions: To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significant effects on you. As noted earlier, we do not engage in such automated decision-making. The AI features we offer do not make binding decisions about you; they are interactive tools you use, with no legal or significant effect on your status.
Additionally, you have the right to withdraw consent at any time if we are processing your data based on consent. However, note that we are not currently processing any data based purely on consent (other than perhaps optional features like the AI usage which you control). If in the future we ask for consent (for example, for a new newsletter), you can always opt-out later.
You also have the right to lodge a complaint with a data protection supervisory authority if you believe we have infringed your privacy rights (see "Complaints" section below). We encourage you to contact us first so we can address your concerns directly.
We will not discriminate against you for exercising any of these rights. These rights can be exercised free of charge (except in rare cases of excessive or unfounded requests, where the law allows charging a reasonable fee or refusing).
Managing Your Data and Exercising Your Rights
Accessing and Updating Your Profile: You can directly access, edit, or update most of your personal profile data by logging into the Codeshift AI Community and visiting your account settings. For example, you can update your name, email, avatar, and other profile details. If you encounter any issues or need to change information that is not editable by you (such as a wrong email address that prevents login), you can contact us for assistance.
Deleting Your Account: If you wish to delete your Community account and remove your personal data from our platform, you have a couple of options:
Self-Service Deletion: Within the Circle platform, you may have the option to deactivate or delete your account via the settings. (Note: This feature may depend on Circle’s current functionality. If available, using it will mark your account for removal.)
Requesting Deletion: You can also request account deletion by contacting us via email (see Contact Us section below). Please state that you wish to have your Codeshift AI Community account deleted, and include your name and the email associated with the account. For security, we may need to verify your identity before completing the deletion (for example, by contacting you through the email on record). We will respond promptly and delete your data within a maximum of 30 days (typically much sooner). We will also inform Circle (the platform provider) and any other processors so they can erase your data from their systems as well.
When your account is deleted, we will remove personal identifiers from the Community. As mentioned in Data Retention, content you posted may either be deleted or rendered anonymous (e.g. posts remain but attributed to an anonymous user). We will also delete any associated data in our auxiliary systems (Supabase, n8n workflows, etc.) and ensure Stripe cancels any active subscriptions. If you have made payments, we might retain transactional records as required by law, but these records will be kept only for that purpose and not used otherwise.
Other Rights Requests: If you want to exercise any other rights (access, rectification, restriction, objection, portability, etc.), please contact us with your request. You can email us with the specifics of what you want to do (for example, "I would like a copy of all my personal data that you have," or "I object to you processing my data for analytics"). For access requests, we will provide you a summary of the data and/or a full export in a common format (likely JSON or CSV files). For portability requests, we can provide the data in a structured CSV or JSON that you could import into another service. For objections or restrictions, we will evaluate and comply as required by law.
We will respond to rights requests as soon as possible, and in any case within one month. If we need an extension, we will inform you of the reason and the extended deadline (which will not exceed an additional two months). If we decide not to act on your request (which can happen only in limited circumstances, such as a request that is manifestly unfounded or excessive), we will inform you of the reason and your options (including the ability to complain to the supervisory authority).
For your security and privacy, we may ask you to verify your identity before fulfilling a request for access, deletion, etc. For example, we might require you to send the request from the email associated with your account or ask you to confirm some information we have on file. This is to prevent someone else from impersonating you.
Supervisory Authority and Complaints
If you have any concerns or complaints about how we handle your personal data, we hope you will reach out to us first so we can address the issue. However, you also have the right to lodge a complaint with a data protection supervisory authority. We are regulated by the Polish supervisory authority:
President of the Personal Data Protection Office (UODO) – Poland
Address: ul. Stawki 2, 00-193 Warsaw, Poland
Telephone: +48 22 531 03 00
Email: kancelaria@uodo.gov.pl
The UODO is the Polish data protection authority (www.uodo.gov.pl). You can contact them or file a complaint if you believe your data has been processed unlawfully or if we haven’t adequately addressed your concerns. If you reside or work in another European Economic Area country, you may instead contact your local supervisory authority. A list of national data protection authorities is available on the European Data Protection Board’s website.
Contact Us (Data Controller Contact Information)
If you have questions about this Privacy Policy, or wish to contact us for any reason related to your personal data, please do not hesitate to reach out:
Data Controller: MOVEMEANT PRODUCTIONS sp. z o.o.
Registered Address: ul. Macieja Dębskiego 39 lok. 8, 30-499 Kraków, Poland
Company Registration: (KRS: 0001130999, registered in Poland)
Email: hello@codeshift.works
When contacting us, please provide enough information for us to assist you (for example, your username or the email you used to sign up, and the specific request or question you have). We will do our best to respond quickly – typically within a few business days.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make material changes, we will notify members by posting the updated policy on our site and updating the "Last Updated" date at the top. In case of significant changes (for example, if we start collecting new types of data or introduce a new purpose), we might also provide a more prominent notice or ask for your consent if required by law.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Continuing to use the Community after a change to the policy will signify your acceptance of the updated terms.
Thank you for being a part of the Codeshift AI Community and for reading our Privacy Policy. We are dedicated to creating a safe and respectful environment for all members, and that includes respecting your data privacy. If you have any questions or suggestions regarding privacy, please contact us. Your trust is important to us, and we will always strive to protect it.