Effective Date: 1-Jan-2026 Version: 5.0
In this policy, the words “we”, “our”, and “us” refer to CORE.AI SCIENTIFIC TECHNOLOGIES PRIVATE LIMITED and the privacy mechanism outlined identifies personally identifiable or personal information that may be collected, how such information is used, and the choices you have regarding our use of this information.
This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use Phoenix Code and our websites/services.
By using the Product or our Site/Services, you acknowledge you have read and understood this Privacy Policy. Where required by law, we will ask for your consent (for example, for non-essential cookies or optional analytics).
For information about use by individuals under 18 years of age, including students in educational settings, please see Section 12 “Eligibility and Use by Minors” of this Privacy Policy.
Before using our Site and Services, please carefully read our Terms of Use and this Privacy Policy. In addition to the terms stated in Terms of Use Agreement provided under this Website, we are committed to protecting your privacy. Authorized representatives of CORE.AI SCIENTIFIC TECHNOLOGIES PRIVATE LIMITED on a need-to-know basis only use any information received from you. We constantly review our systems and data to secure your personal information.
We may modify this Privacy Policy at any time, without prior notice, and changes may apply to any Personal Information we hold about you, as well as any new Personal Information collected after the Privacy Policy is modified. If we make changes, a revised Privacy Policy will be posted to our Site; the last revision date is included at the top of the page. We will provide individuals who create an Account (“Members”) with advanced notice by email if we make any material changes to how we collect, use or disclose Members’ Personal Information or impact Members’ rights under this Privacy Policy. Members are responsible for ensuring we have an up-to-date active and deliverable email address to reach them. Your continued use or revisitation of the Site or the Services following the posting or notice of a revised Privacy Policy means that you accept and agree to the changes. You are expected to check this page from time to time to be aware of any changes, as they are binding on you.
We also may provide additional “just-in-time” disclosures or additional information about the data collection, use and sharing practices of specific Services. Such notices may supplement or clarify our privacy practices or provide you with additional choices about how we process your personal information.
We are registered under the Companies Act, 2013 as CORE.AI SCIENTIFIC TECHNOLOGIES PRIVATE LIMITED and refer to ourselves in the first person throughout this policy. Our registered office is No. 6/858-M, 2nd Floor, Suite No.695 Valamkottil Towers, Judgemukku, Kakkanad Ernakulam Ernakulam KL 682021 IN
We have appointed a Data Protection Officer to oversee data protection and privacy matters.
You can contact our Data Protection Officer by email at: privacy@core.ai
Contact for Children’s Privacy
Parents, guardians, or schools with questions regarding student data or children’s privacy may contact us at:
Email: privacy@core.ai
This Privacy Policy applies to:
Some data practices differ depending on whether you are using the website, the desktop app, the web app, or are signed in. We describe those differences below.
Important: Phoenix Code desktop and web apps operate as local-first applications. Your code, files, and projects remain on your device. We cannot access or read your content unless you explicitly choose to use a service that requires data transmission (such as publishing a preview or using AI features).
Personal information is that information that can be used to identify you directly or indirectly. It includes de-identified data that would enable us to identify you when linked to other information available to us. Personal data does not include data that has been irreversibly anonymised or aggregated so that we cannot identify you through it, even in conjunction with other information.
However, any data/ information relating to an individual that is freely available or accessible in the public domain shall not qualify as Sensitive Personal Data or Information.
By clicking “I accept” when downloading the App or proceeding to the Website and/or using our services, you represent that you voluntarily provide us with personal information, and consent to their collection, use and disclosure in accordance with this Privacy Policy. You also represent that you are duly authorised by any third party (including a child or an employer) whose information you share with us. We shall act as per your representation of authority and shall not make any independent enquiries to ascertain the veracity of your authorisation. If you do not have sufficient permission, you shall be solely responsible for your acts and omissions, including sharing of information with us by you and the consequential processing and actions taken by us in accordance with this Privacy Policy.
Individual user accounts are optional and are not required for educational use. Information associated with user accounts is collected only when a user voluntarily creates an account outside of a school-managed, account-less deployment.
Account deletion: We delete account-linked personal data within a reasonable period, except where retention is required for legal/tax/security/fraud purposes.
Important exceptions: Invoices and tax records may be retained as required by law. Limited security/abuse-prevention logs may be retained for a limited period even after account deletion.
Sharing: We use service providers (hosting, payment processors, analytics/CDN where used, and optional AI providers) to operate these features. For details, see Section 7 (Disclosure and Transfer) and Section 10.1 (Subprocessors) below.
Retention: We retain data only as long as needed for the purposes above, legal obligations, and security. Preview artifacts expire automatically; certain logs may be retained for a limited period. For specific retention periods, see Section 6 (How Long We Retain Your Data) below.
For details about cookies and similar technologies used on phcode.io (including how to control them), see Section 13 (Cookie Policy).
If you sign up for phcode.io subscription, we process your payment information through third-party payment processors. We do not have direct access to your payment information.
Information from business partners, suppliers, and subcontractors
Advertising networks and information providers: We work closely with advertising networks, analytics and search information providers, and we sometimes receive information about you from them.
Information from other websites and services we operate and provide: Where this happens, we will let you know about sharing the data internally or combining it with the Website.
We use your Personal Information for purposes that include the following:
We use personal information only as needed to operate Phoenix Code, our websites, and related services. This includes:
Desktop App and Web App: We do not show third-party targeted advertising in the Phoenix Code desktop application or the Phoenix Code web app. Phoenix Code operates as a local-first application — your code, files, and projects remain on your device, and we cannot access or read your content. No data leaves your device unless you explicitly choose to use a specific service (for example, publishing a website via temporary preview links or using AI code assistance), and even then, only the data necessary for that specific service is transmitted.
Website (phcode.io, core.ai): We may use limited marketing/analytics cookies to understand site performance. If we introduce advertising (including interest-based advertising) on our website in the future, we will update this Privacy Policy and, where required by law, request your consent and provide opt-out controls.
We retain personal information only as long as needed to provide Services, meet legal obligations, resolve disputes, and enforce agreements.
Typical retention periods (may vary by law and operational needs):
Health Reports and Crash Reports: Health Reports consist of anonymized statistics and crash reports that are stripped of personally identifiable information. These are not covered under personal data retention requirements and may be held indefinitely for product improvement purposes. We cannot identify individuals from this data, and therefore cannot locate or delete specific reports. See Section 8.1 for more details.
We may retain de-identified/aggregated data for longer periods where it cannot reasonably be used to identify you.
We may disclose personal information only as described below and only to the extent necessary to operate Phoenix Code, provide the Site/Services you request, comply with law, and protect our users and systems. Some service providers may process data outside India.
Service Providers (Subprocessors): We may share personal information with companies that provide services on our behalf (for example, hosting, content delivery, authentication, email delivery, customer support tooling, payment processing, and error reporting), only to the extent necessary to operate the Site/Services and provide the features you request. For details, see Section 10.1 (Subprocessors and Service Providers).
Business Transfers: If we are involved in a merger, acquisition, reorganization, asset sale, or similar transaction, personal information may be transferred as part of that transaction, subject to applicable law and appropriate confidentiality protections.
Legal and Safety: We may disclose information to comply with applicable law, lawful requests, court orders, or to protect the rights, safety, and security of the Company, our users, or others (including to prevent fraud, abuse, or security incidents).
Aggregated / De-identified Information: We may share aggregated or de-identified information that cannot reasonably be used to identify you, for example for analytics, research, or reporting.
We are committed to maintaining the privacy of the information uploaded by you on the website and comply with the industry-standard security safeguards to secure the website and the information provided/uploaded by you.
We use reasonable technical, administrative, and physical security measures to safeguard all data you share with us. We also have comprehensive internal policies in place to prevent unauthorised access to your data. We take adequate steps to ensure that third parties we share data with also adopt a reasonable level of security practices and procedures to ensure the privacy and security of your information.
However, we are not responsible for any loss, unauthorised access, safety issue or any harm caused to you by any misuse of your personal information unless it is a direct and foreseeable consequence of negligence and non-compliance on our part only. You hereby acknowledge that we are not responsible for any third-party action or action on your part leading to loss, damage or harm to you or any other person.
For any data loss or theft due to unauthorised access to your electronic devices through which you avail our Services, Company shall not be held liable for any loss whatsoever incurred by you. Further, you are liable to indemnify the Company as per the Terms of Use.
Phoenix Code may collect optional Health Reports consisting of anonymous usage statistics and error/diagnostic reports to help us improve stability, usability, and prioritize fixes.
Controls: You can enable/disable Health Reports and preview what would be sent in the Product (for example, Help > Health Report).
Phoenix Code may offer optional AI features. If you use AI features:
You control whether to use AI features. If you do not use AI features, AI providers do not receive your prompts/content through Phoenix Code.
We take reasonable steps to ensure that your personal information is accurate, complete, and up to date. However, you have the sole responsibility of ensuring that you review the accuracy of information provided by you and contact us in case of discrepancies, or in case you wish to discontinue the use of our services. You have the following rights regarding your personal information:
You have the right to access your personal information, and request correction and deletion. If your personal information changes, you may correct, delete inaccuracies, or amend information by making the change on our member information page or by contacting us at contact-us@core.ai. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable. If you provide any information that is untrue, inaccurate, out of date or incomplete (or subsequently becomes untrue, inaccurate, out of date or incomplete), or we have reasonable grounds to suspect that the information provided by you is untrue, inaccurate, out of date or incomplete, we may, at our sole discretion, discontinue the provision of the Services to you. There may be circumstances where we will not correct, delete, or update your Personal Information, including (a) where the Personal Information is opinion data that is kept solely for evaluative purpose; and (b) the Personal Information is in documents related to a prosecution if all proceedings relating to the prosecution have not been completed.
For accounts belonging to minors, requests to access, correct, or delete personal information may be made by the parent, legal guardian, or the authorized educational institution acting on the minor’s behalf.
For account-less educational use, requests relating to data access, correction, or deletion should be directed to the educational institution, as Phoenix Code does not maintain individual student accounts in this mode. Where we do control or store limited operational data, the institution/parent/guardian may contact us at contact-us@core.ai.
Email: contact-us@core.ai
We will respond to your request within a reasonable time.
We use trusted service providers (“subprocessors”) to operate the Site and Services (for example: hosting, content delivery/CDN, authentication, error reporting, email delivery, customer support, and payment processing). We require subprocessors to protect information through contractual obligations and appropriate security and confidentiality measures.
What we share with subprocessors: We share personal information with subprocessors only to the extent necessary to provide the Site/Services and the specific features you request (for example, processing payments, delivering account emails, operating sign-in, providing customer support, or securing our infrastructure). Where possible, we minimize what we share and prefer pseudonymous or minimized technical data. Some technical data (such as IP address) may still be considered personal information under certain laws. Subprocessors are permitted to process personal information only on our instructions and for the purposes described in this Privacy Policy.
Note on scope: The table below lists subprocessors that may process personally identifiable information (PII) (for example, email address, account identifiers, billing metadata, or other personal information). Providers that do not process PII for Phoenix Code (for example, services used only for anonymous telemetry or fully de-identified data) are not listed here.
| Subprocessor | Purpose |
|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure |
| Postmark | Transactional email delivery |
| Stripe | Billing / payment processing |
| Google (Sign in with Google) | Authentication |
Payment processing: If you purchase a subscription, payments are processed by third-party payment processors. We do not store your full payment card details. We receive limited billing metadata (such as plan status and invoice records) to manage your subscription and comply with legal/tax requirements.
Email delivery providers: If you create an account or subscribe, we may send you service-related emails (for example, verification, security notices, billing receipts, and account updates). To deliver these emails, we use third-party email delivery providers that process your email address and message metadata (and the email content needed to deliver the message). You can opt out of marketing emails at any time, but we may still send essential service-related messages.
Login providers (optional): If you choose to sign in using a third-party login provider (for example, a “Sign in with …” option), that provider will process your login information under its own privacy policy and will know you used that provider to sign in to Phoenix Code. We receive limited information from the provider (such as a stable account identifier and email address) to create or link your Phoenix Code account and authenticate you. You can choose a different sign-in method (where available) or stop using a login provider at any time.
Changes: We may change or replace subprocessors over time as we operate and improve the Site/Services. If we make a material change to how we share personal information with subprocessors, we will update this Privacy Policy.
We may periodically revise or update this Privacy Policy. Your continued use of our products and services after the Privacy Policy’s effective date means that you accept the revised Privacy Policy. If you do not agree with any such revised terms, please refrain from using our Services and contact us to close any account you may have created.
Phoenix Code is a professional and educational code editor that may be used by individuals under the age of 18, including students, without creating a user account, when deployed or licensed by a school or educational institution.
For educational use, Phoenix Code is commonly provided under institution-managed educational licensing, where:
By deploying or permitting use of Phoenix Code by students, the educational institution represents that it has obtained any required parental or guardian consent under applicable laws.
When Phoenix Code is used in account-less mode under an educational license:
Any technical data processed in this mode (such as device information, crash logs, or license validation signals) is:
Phoenix Code may provide a limited, time-restricted preview feature that generates temporary links so instructors/evaluators can review work.
What data is processed: To generate a preview, Phoenix Code may upload a limited preview artifact (for example, a static export or snapshot) to our hosting infrastructure.
Access logs: We may collect minimal access logs (such as IP address, timestamp, and request IDs) to operate the service, prevent abuse, and troubleshoot.
Retention: Preview artifacts are automatically deleted after the preview period. Access/security logs are retained for a limited period consistent with our retention section.
Responsibility for supervising use and distribution of preview links rests with the educational institution, instructor, or supervising adult. For removal requests, contact: contact-us@core.ai.
Phoenix Code is designed to support educational use and complies with applicable child privacy laws, including the U.S. Children’s Online Privacy Protection Act (COPPA), when used in schools.
Where Phoenix Code is made available by a school or educational institution, the institution acts as the authorized party providing consent for the collection and use of any limited data necessary to operate the software for educational purposes.
We do not knowingly collect personal information directly from children outside of a school-authorized or parent-authorized context.
Phoenix Code is intended for development and learning purposes and does not include social networking, communication, or public content sharing features.
This Cookie Policy (“Cookie Policy”) is part of and incorporated into this Privacy Policy (“Policy”) and should be read together with our Terms of Service.
Cookies and similar technologies are small files or data stored on your browser or device to help websites and applications function properly.
We may use:
Where required by law, we will request consent before using non-essential cookies (such as advertising cookies). You can control cookies through your browser settings and, where available, our cookie preference controls.
We do not and will not use advertising cookies, tracking pixels, or third-party marketing SDKs in the installed Phoenix Code desktop applications or in the Phoenix Code web app at phcode.dev.
Our public customer-facing websites (such as phcode.io) may use non-essential cookies (including advertising cookies) where needed, subject to applicable consent requirements.
We use cookies and similar technologies to operate our websites and services, remember preferences, maintain security, and (where enabled) measure and improve website performance, subject to applicable consent requirements.
You can control cookies through your browser settings (for example, by blocking or deleting cookies).
If you disable cookies, some website features may not work as intended (for example, keeping you signed in or remembering preferences).