Use App

Privacy Policy

Version 1.0 · Last updated: 2026-03-23
View previous versions

Who We Are

Ceetrix is a specification management tool for software development teams. When we say "Ceetrix", "we", "us", or "our", we mean the Ceetrix service operated at ceetrix.com.

For privacy inquiries, contact us at privacy@ceetrix.com.

What Data We Collect

Account Information

When you sign up via GitHub OAuth, we receive and store:

  • Your GitHub username and user ID
  • Your email address (as provided by GitHub)
  • A session token for keeping you logged in

Specification and Code Data

When you use Ceetrix, you create and manage specifications including:

  • Product requirements (PRDs)
  • Technical designs
  • Stories, tasks, and epics
  • Code diffs submitted as task completion evidence

This is your data. We process it solely to provide the service to you.

Usage Data

We collect analytics data to understand how the product is used:

  • Pages visited and features used
  • Session recordings (with input masking)
  • Browser type and operating system
  • Approximate location (country/region level)

CLI Data

The Ceetrix CLI (npx ceetrix) detects your installed coding agents and configures them locally. The CLI does not send telemetry. The only data sent externally is your GitHub authentication token during setup and subsequent MCP requests via your API key.

How We Use Your Data

Data Purpose Legal Basis (GDPR)
Account info Authentication, user identity Contract performance
Specifications and code Service delivery, quality gates Contract performance
Usage analytics Product improvement, debugging Legitimate interest
Payment info Billing (processed by Stripe) Contract performance

AI Processing — Google Gemini

Ceetrix uses Google Gemini to power AI features including content quality validation, QA assessments, and specification analysis.

When these features run, the following data may be sent to Google Gemini:

  • Specification text (PRD sections, design sections, task descriptions)
  • Code diffs submitted as task evidence
  • Coverage mapping data between documents

Google processes this data under their API terms of service. Ceetrix API data sent via the Gemini API is not used by Google to train their models.

Product Improvement and Training

We may use anonymised, aggregated patterns from how the product is used to improve Ceetrix. We will never use your specification content or code for training purposes without your explicit, informed consent.

If we introduce a feature that uses your data for training or improvement, we will ask for your opt-in consent before any such processing begins. You can withdraw consent at any time.

Third Parties Who Receive Your Data

Provider Purpose Data Shared
Google (Gemini API) AI-powered quality validation Specification text, code diffs
Cloudflare Hosting, database, CDN All service data (encrypted at rest and in transit)
GitHub Authentication, repository access OAuth tokens, repo metadata
PostHog Product analytics Usage events, session recordings
Stripe Payment processing Payment details (we never see your full card number)

Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account closure.
  • Specifications and code: Retained while your account is active. Exportable at any time. Deleted within 30 days of account closure.
  • Usage analytics: Retained for 12 months, then aggregated or deleted.
  • Consent records: Retained for 6 years (legal compliance).
  • AI processing logs: Retained for 6 months (EU AI Act requirement).

Your Rights

Under GDPR (EU/EEA residents)

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data in a portable format
  • Restrict or object to processing
  • Withdraw consent at any time (without affecting prior processing)
  • Lodge a complaint with your supervisory authority

Under CCPA/CPRA (California residents)

You have the right to:

  • Know what personal information we collect and why
  • Delete your personal information
  • Opt out of the sale or sharing of personal information (we do not sell your data)
  • Non-discrimination for exercising your rights

To exercise any of these rights, email privacy@ceetrix.com. We will respond within 30 days.

International Data Transfers

Ceetrix is hosted on Cloudflare's global edge network. Your data may be processed in jurisdictions outside your country of residence. Where data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions as the legal transfer mechanism.

Cookies

We use cookies for authentication (session cookies) and analytics (PostHog). Session cookies are strictly necessary for the service to function. See our cookie settings for more detail on analytics cookies.

Children

Ceetrix is not directed at children under 16 (GDPR) or 13 (COPPA). We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact privacy@ceetrix.com.

Changes to This Policy

We will notify you of material changes by email (at least 30 days before they take effect) and update the version number and date on this page. Previous versions remain accessible via the archive link above.