Skip to main content
YaliCode

Privacy Policy

Last updated: March 6, 2026

We collect the minimum we need to run the service. Nothing more. This policy explains exactly what that means.

1. Who We Are

YaliCode operates the yalicode.dev website and related services. When we say "we," "our," or "us" in this policy, we mean the YaliCode team. This Privacy Policy explains what information we collect when you use our platform, how we use it, and the choices you have.

2. Information We Collect

Account Information

When you create an account, we collect your email address, display name, username, and authentication data. If you sign in via Google or GitHub OAuth, we receive your name, email, and profile picture from the provider. That is it.

Code and Projects

We store the code and files you create on the platform so you can access them. Public projects are accessible to anyone with the URL. Private projects are only accessible to you.

Usage Data

We use Plausible Analytics, a privacy-focused, cookie-free analytics service. This gives us basic aggregate data like page views, referral sources, browser type, and country. No individual tracking, no user profiles, no fingerprinting. We do not use Google Analytics or any tracking scripts.

Execution Data

When you run code, we process it temporarily on our servers. Execution results may be cached (keyed by a hash of your code) for performance so repeated runs are faster. Cache entries expire after 1 hour. We do not keep execution logs permanently.

Payment Information

Payments are processed by Dodo Payments, our Merchant of Record. Your credit card numbers and payment details never touch our servers. Dodo Payments handles all of that in compliance with PCI DSS standards.

3. How We Use Your Information

We use your information to:

  • Provide and maintain the Service
  • Authenticate your identity and manage your account
  • Execute your code in sandboxed containers
  • Send transactional emails (account verification, password reset, billing receipts)
  • Improve the platform based on aggregate usage patterns
  • Detect and prevent abuse, fraud, and policy violations

That is the complete list. We do not use your information for advertising, profiling, or anything else.

4. What We Do NOT Do

This is the part we want you to actually read:

  • We do not sell your personal data. Not to third parties, not to data brokers, not to anyone. Ever.
  • We do not use your code to train AI models. Your code stays your code. It is never fed into any machine learning pipeline.
  • We do not share your code with advertisers. We do not even have advertisers.
  • We do not use tracking cookies or behavioral advertising. No retargeting, no ad networks, no pixel trackers.
  • We do not read your private projects unless we have a specific reason related to investigating abuse, and only when necessary.

5. Data Storage and Security

Your data is stored in Supabase (PostgreSQL) with row-level security policies. Authentication is handled by Supabase Auth. All data is encrypted in transit (TLS 1.3) and at rest. Our servers are hosted by Hetzner in the EU. Code execution containers are fully isolated with Docker and gVisor, with no network access, read-only filesystems, and strict resource limits.

6. Data Retention

We keep your account data for as long as your account is active. If you delete your account, all your data is permanently deleted within 30 days. Execution cache entries expire after 1 hour. Aggregate analytics data (which cannot identify you) is retained indefinitely.

7. Third-Party Services

We use a small number of third-party services to run YaliCode:

  • Supabase for authentication and database hosting
  • Dodo Payments for payment processing (Merchant of Record)
  • Plausible Analytics for privacy-focused analytics (no cookies, GDPR compliant)
  • Google OAuth / GitHub OAuth as optional sign-in providers
  • Let's Encrypt for SSL certificate provisioning

That is the full list. No hidden third parties, no ad networks, no data brokers.

8. Your Rights

You have the right to:

  • Access your personal data
  • Update or correct your profile information
  • Delete your account and all associated data
  • Export your projects and code
  • Withdraw consent for optional data processing

To exercise any of these rights, email us at support@yalicode.com. We respond to every request.

9. Cookies

Most platforms hit you with a cookie banner listing dozens of trackers. We do not. YaliCode uses only essential cookies required for authentication (Supabase auth session cookies). That is one cookie, for keeping you logged in. No advertising cookies, no tracking cookies, no third-party analytics cookies. Our analytics tool, Plausible, does not use cookies at all.

10. Children's Privacy

YaliCode is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify registered users by email. The date at the top of this page always reflects the most recent revision.

12. Contact

Questions about your data or this policy? Want to exercise your rights? Email us at support@yalicode.com. We are real people and we read every message.