Codexex
Privacy Policy
The Codexex app does not collect analytics, advertising identifiers, or behavioural-tracking data. Codexex stores its state locally on your device and only reaches out to OpenAI for sign-in and quota lookups, and to Apple for platform services.
Data Controller
MAGRATHEAN UK LTD., a company registered in England and Wales (Company No. 16955343) with registered office at 16 Caledonian Court West Street, Watford, England, WD17 1RY, is the controller of any personal data processed in connection with the App. References to "we", "us", and "our" mean MAGRATHEAN UK LTD. Questions and data-rights requests for Codexex should be sent to [email protected].
Data Stored On Device
Codexex stores account state, OAuth tokens, usage history, preview-mode settings, onboarding state, and window preferences locally on your device. OAuth tokens are stored in the Apple Keychain, protected by the platform's hardware-backed security. Usage history is stored in the App's sandboxed data container.
Authentication
If you sign in with ChatGPT, Codexex uses OpenAI's supported device-code flow. We do not capture, log, or transmit your OpenAI password to any system; the device-code flow exchanges credentials directly with OpenAI's servers and returns an access and refresh token to your device. We retain only the tokens needed for the App to function on your device.
Network Communication
The App initiates network calls only to: (a) OpenAI servers for authentication, quota lookup, and refresh-token exchange; and (b) Apple platform services required for App Store distribution, updates, crash reporting where handled by the operating system, and platform operation. No data is transmitted to MAGRATHEAN UK LTD. servers. We do not run analytics SDKs, advertising SDKs, or behavioural-tracking SDKs in the App.
Legal Bases for Processing
Where any limited processing of personal data does occur (for example, account state and tokens stored locally on your device), we rely on the legitimate interests basis under Article 6(1)(f) of the UK GDPR for the purpose of providing the functionality you have requested. Where you sign in with ChatGPT, you separately enter into a relationship with OpenAI under OpenAI's terms and privacy policy; we are not a party to that relationship and do not act as a controller of your OpenAI account data.
International Transfers
Sign-in and quota-lookup calls made through the App reach OpenAI infrastructure, which may process data in the United States or other jurisdictions. These calls are made directly from your device to OpenAI; we do not act as an intermediary. OpenAI's own privacy policy and international-transfer mechanisms apply to that processing. Apple platform calls reach Apple infrastructure under Apple's published terms and transfer mechanisms.
App Tracking Transparency
Codexex does not engage in tracking as defined by Apple's App Tracking Transparency framework. The App does not track your activity across other companies' apps and websites and does not request the App Tracking Transparency permission.
Children
The App is not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us so we can take appropriate action.
Data Retention
Local data (tokens, usage history, preview-mode settings, preferences) remains on your device until you sign out, clear App data, or uninstall the App. Because we do not collect personal data on our servers, we have no server-side retention obligation in respect of App data.
Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction, including transport encryption (TLS) for any network calls and use of platform-secured storage (Apple Keychain) for credentials. No method of transmission or storage is completely secure; we will notify affected individuals and the ICO without undue delay in the event of a personal data breach as required by law.
Your Rights Under UK GDPR
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the right to: (a) request access to personal data we hold about you; (b) request rectification of inaccurate data; (c) request erasure where there is no compelling reason for continued processing; (d) request restriction of processing in certain circumstances; (e) object to processing based on our legitimate interests; (f) request data portability where applicable; and (g) withdraw consent where processing is based on consent. To exercise any of these rights, contact us at the email address listed at the end of this policy. We will respond within one calendar month and may ask you to verify your identity before acting on a request.
Complaints
If you are not satisfied with our handling of your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint. We would, however, appreciate the opportunity to address your concerns directly first.
Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the current version took effect. Material changes will be highlighted within the App or on the Magrathean website. Continued use of the App after a revision takes effect constitutes acceptance of the updated policy.
Contact
Questions? Email [email protected].