logo
Legal

Privacy Policy

Effective date: May 21, 2026  ·  Last updated: May 21, 2026

This Privacy Policy describes how CodeVRE ("we," "us," or "our") collects, uses, and shares information when you use the VRE browser runtime, our website at codevre.dev, and related services (the "Service"). By using the Service you agree to this policy.


01

Overview

VRE is a client-side browser runtime. The engine itself executes entirely in the end user's browser — we do not receive or process the HTML, CSS, JavaScript, or other files that you load into the runtime. Our data collection is limited to what is necessary to operate the access control system, manage accounts, and improve the Service.

02

Data we collect

Category What we collect How
Account data Email address, display name, authentication provider (Google, email/password), account creation date When you sign up via Firebase Auth
Usage & access data Runtime token exchange requests (origin domain, timestamp), API key usage counts, plan tier Automatically when the runtime calls our access endpoints
Billing data Payment method details (handled by our payment processor — we do not store raw card numbers), billing address, invoice history When you subscribe to a paid plan
Technical data IP address, browser type, referring URL, pages visited on codevre.dev, error logs Automatically via server logs and analytics
Support data Messages and information you provide when contacting us When you email us or use a contact form

We do not collect the content of virtual filesystems, preview code, or user interactions that occur within the runtime iframe — those execute entirely client-side.

03

How we use your data

We use the data we collect to:

  • Authenticate your account and manage access to the Service.
  • Validate runtime token exchange requests from your authorized domains.
  • Process payments and manage your subscription.
  • Monitor usage against plan limits and detect abuse.
  • Send transactional emails (account confirmations, invoices, security alerts).
  • Respond to support requests.
  • Improve the Service through aggregate, anonymized usage analysis.
  • Comply with legal obligations.

We do not use your data to train machine learning models, sell advertising, or share with data brokers.

04

Data sharing

We do not sell your personal data. We share data only in the following circumstances:

  • Service providers. We share data with trusted vendors who help us operate the Service, including Firebase (authentication and database), our payment processor, and hosting infrastructure providers. These parties are contractually bound to use data only as directed by us.
  • Legal compliance. We may disclose data when required by law, court order, or to protect the rights, property, or safety of CodeVRE, our users, or others.
  • Business transfers. If CodeVRE is acquired or merges with another entity, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.
05

The runtime & your end users

If you embed VRE in your own application and expose it to your end users, you are the data controller for your users' data. We act as a data processor only to the extent that the runtime's access token exchange involves an origin check.

You are responsible for obtaining appropriate consents from your end users, providing them with a privacy policy, and complying with applicable privacy laws in your jurisdiction.

The VRE runtime does not set cookies or collect analytics from within the preview iframe on your behalf.

06

Firebase & third-party services

We use Firebase (Google) for authentication and backend infrastructure. Your account data is stored in Firebase and subject to Google's privacy practices. Firebase is configured to store data in the United States.

We may also use:

  • A payment processor (e.g. Stripe) for billing — subject to their own privacy policy.
  • Basic server-side analytics for aggregate traffic monitoring.

We do not embed third-party advertising scripts or tracking pixels on codevre.dev.

07

Cookies & local storage

codevre.dev uses:

  • Authentication cookies/tokens set by Firebase Auth to keep you signed in.
  • Session storage for temporary UI state (e.g. dashboard preferences).

We do not use third-party advertising cookies. You can clear cookies at any time via your browser settings, though this will sign you out of the Service.

08

Data retention

We retain account data for as long as your account is active and for a reasonable period thereafter for legal and business purposes. Usage logs are retained for up to 90 days. Billing records are retained as required by applicable law (typically 7 years).

You may request deletion of your account and associated data at any time by contacting us at privacy@codevre.dev. We will process deletion requests within 30 days, subject to any legal retention obligations.

09

Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict processing of your data.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@codevre.dev. We will respond within 30 days. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

10

Security

We implement industry-standard technical and organizational measures to protect your data, including encrypted connections (HTTPS/TLS), server-side access controls, and Firebase's built-in security infrastructure. However, no system is completely secure. We encourage you to use a strong, unique password and to protect your API keys.

In the event of a data breach that affects your personal data, we will notify you as required by applicable law.

11

Children

The Service is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at privacy@codevre.dev and we will delete it promptly.

12

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by prominent notice on the site. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

13

Contact

For privacy questions, data requests, or concerns:

CodeVRE — Privacy
Email: privacy@codevre.dev
Website: codevre.dev