SeeCodes Privacy Policy

How eprojac collects, uses, and protects personal data.

This Privacy Policy explains how eprojac processes personal data in connection with the SeeCodes website, Jira Cloud App, VS Code/Cursor extensions, and related backend services.
Effective April 3, 2026Business usersController + processor roles
Review securityTerms of serviceData Processing Addendum

1. Scope and Roles

This policy distinguishes between eprojac’s role as controller and processor.

Important context

SeeCodes is offered for business and professional use. Depending on the context, eprojac may act either as a controller of personal data or as a processor acting on behalf of a customer.

When eprojac is the controller

eprojac acts as a controller for personal data relating to the website, account administration, billing, support, security, and service analytics, where eprojac determines the purposes and means of processing.

When eprojac is the processor

eprojac generally acts as a processor for customer content submitted to the service by or on behalf of customers, such as Jira content, selected code context, prompts, and generated outputs, where that processing is carried out on the customer’s instructions.

2. Who We Are

Controller identity and contact details.

The controller for the personal data described in this Privacy Policy, unless stated otherwise, is eprojac, based in London, England, United Kingdom.

Privacy contact: Director officer, via our contact form

Postal address: 17 Drakes Close, Esher, Surrey, United Kingdom, KT10 8PQ

If eprojac is required to appoint a data protection officer or an EU representative, the relevant contact details will be listed here.

3. Data We Collect as Controller

Personal data eprojac collects for its own business operations.

A. Account and workspace data

  • Administrator name and work email address
  • Organisation or workspace name
  • Jira Cloud site or workspace identifiers
  • Plan, seat, and subscription records

B. Billing and support data

  • Billing contact details
  • Payment and invoice metadata received from payment processors
  • Support requests, messages, and troubleshooting records

C. Technical and service data

  • Authentication and access logs
  • Service event logs and error records
  • Usage metrics and service analytics
  • Device, browser, IDE, and integration metadata relevant to service reliability and security

4. Customer Data We Process as Processor

Customer-controlled content processed through the service.

Customers may submit or make available content through the service, including Jira issue content, selected source code files, prompts, instructions, generated diffs, output metadata, and related project data.

For that customer-controlled content, eprojac generally acts as a processor on behalf of the customer. The customer is responsible for determining whether and how personal data is included in that content and for ensuring it has an appropriate legal basis to use the service.

If personal data is processed by eprojac on behalf of a customer and is subject to the UK GDPR, EU GDPR, or similar law, the Data Processing Addendum applies where relevant.

5. Purposes and Lawful Bases

How controller-side personal data is used.

Provide and administer the service

We use account, workspace, authentication, and technical data to set up accounts, authenticate users, manage subscriptions, provide requested features, and maintain service functionality.

Lawful basis: performance of a contract, or legitimate interests where the processing is directed to business users and service administration.

Billing, invoicing, and fraud prevention

We use billing and transaction-related data to manage payments, invoices, subscription records, tax handling, account verification, and fraud prevention.

Lawful basis: performance of a contract, legal obligation, and legitimate interests in preventing abuse and non-payment.

Support, security, and reliability

We use logs, support messages, and technical metadata to investigate incidents, respond to support requests, maintain system integrity, detect abuse, and secure the service.

Lawful basis: legitimate interests and, where applicable, legal obligations.

Service improvement

We use service analytics, performance data, and product feedback to improve stability, usability, and feature quality.

Lawful basis: legitimate interests in operating and improving a secure B2B software service.

Marketing communications

Where we send product updates, newsletters, or similar communications, we do so in accordance with applicable law.

Lawful basis: consent where required, or legitimate interests where permitted for relevant business communications.

6. Sharing and Subprocessors

Who personal data may be shared with.

We share personal data only where reasonably necessary to operate the service, comply with law, protect rights and security, or carry out customer instructions.

  • Infrastructure and hosting providers
  • Authentication, monitoring, logging, and support tooling providers
  • Payment processors and invoicing tools
  • AI model or inference providers used to deliver requested service functionality
  • Professional advisers, auditors, or acquirers where necessary and subject to appropriate protections
  • Authorities or other third parties where required by law or necessary to establish, exercise, or defend legal claims

Current subprocessors and key service providers should be listed on a dedicated Subprocessors page.

7. International Transfers

How cross-border transfers are handled.

Personal data may be processed in the United Kingdom, the European Economic Area, the United States, and other countries where eprojac or its service providers operate.

Where personal data is transferred internationally, eprojac will use transfer mechanisms and safeguards required by applicable law, which may include adequacy regulations, standard contractual clauses, the UK International Data Transfer Agreement or Addendum, or other lawful transfer mechanisms.

Where regional processing options are offered, they describe preferred service configuration and routing and do not by themselves guarantee that every support, security, logging, or subprocessor operation takes place exclusively in a single country or region unless explicitly stated in writing.

8. Retention

How long personal data is kept.

We retain personal data for as long as needed for the purposes described in this policy, including to provide the service, maintain security, comply with legal obligations, resolve disputes, and enforce our agreements.

Retention periods vary depending on the category of data. For example, account, billing, and audit records may be retained for longer than transient technical logs or short-lived task-processing data.

Where we offer customer-controlled deletion or workspace teardown, data is deleted or anonymised in accordance with our documented retention and backup practices, subject to legal, security, and disaster-recovery requirements.

9. Security

Technical and organisational measures.

Security controls

We use reasonable and appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

AI and customer content

We do not use customer-submitted code, prompts, or Jira content to train public AI models. AI-generated outputs should be independently reviewed and validated by customers before use.

10. Your Rights

Privacy rights and how to exercise them.
  • Request access to personal data we hold about you
  • Request correction of inaccurate or incomplete personal data
  • Request deletion of personal data where applicable
  • Request restriction of processing where applicable
  • Object to processing based on legitimate interests where applicable
  • Request portability of personal data where applicable
  • Withdraw consent where processing is based on consent

Some rights are subject to conditions and exceptions under applicable law. If eprojac acts only as a processor for the relevant data, we may direct your request to the relevant customer controller.

11. Cookies and Website Technologies

How the website uses cookies and similar technologies.

The SeeCodes website may use cookies and similar technologies for essential site operation, security, preferences, and analytics.

Where consent is provided, analytics may include Google Analytics for aggregate website measurement such as page visits, navigation flow, and traffic source reporting. We do not load the Google Analytics tag until consent is granted.

Where required by applicable law, we will request consent before using non-essential cookies or similar technologies. More details should be provided in a dedicated Cookie Notice.

12. Changes to this Policy

We may update this Privacy Policy from time to time.
  • We may update this policy to reflect changes to the service, legal requirements, or our data practices.
  • The updated version will be posted on this page with a revised effective date.
  • If changes are material, we may also provide notice through the service, by email, or through administrator-facing channels where appropriate.

13. Contact and Complaints

How to contact eprojac about privacy questions or complaints.

For privacy questions, rights requests, or complaints, use the contact form.

If you are in the UK, you may have the right to complain to the UK Information Commissioner’s Office. If EU GDPR applies to your personal data, you may also have the right to lodge a complaint with the supervisory authority in the EU or EEA country where you live, work, or where the alleged infringement took place.