Codag
Sign in

privacy

What we collect
What we don't

Codag is a developer tool that compresses infrastructure log data into structured incident summaries for use with LLM agents. This policy explains the data we touch and how we handle it.

Last updated · May 2026

What we collect

  • Account data. Name, email, organization. Used to authenticate and bill.
  • API keys. Issued by us, scoped to your account, hashed at rest.
  • Log payloads you submit. Raw log lines, traces, spans, metrics, and related diagnostic data sent to the API. Raw payloads are processed transiently and redacted before storage (see below).
  • Resulting capsules. The schema-valid JSON we return.
  • Usage and product telemetry. Request counts, line/span/event counts, token counts, latencies, cache hit rates, feature usage, service counts, quota usage, errors, client and SDK versions, plan and billing events, and coarse cost metrics. This does not include raw log content.

How we redact log payloads

Before any submitted diagnostic payload is stored, it passes through a scrubber that replaces high-risk identifiers with neutral placeholder tokens. The scrubber is designed to redact:

  • JWTs, OAuth bearer tokens, AWS / GCP credentials
  • Email addresses
  • IPv4 and IPv6 addresses
  • UUIDs and other long hashes
  • Fully-qualified domain names
  • Phone numbers
  • Long base64-style secrets

What remains is a structurally-shaped diagnostic record (template + non-sensitive values) with common sensitive identifiers removed. Redaction is best-effort, so customers should not intentionally submit secrets, regulated health data, payment card data, or other sensitive personal data unless covered by a written agreement with Codag. We store only the redacted form.

How we use it

  • Run inference on the lines you submit and return structured capsules in real time.
  • Build and maintain a per-customer template cache so subsequent requests hit the cache instead of the model. This is what makes the service fast and cheap.
  • Improve and train Codag's own models (the templater and classifier) using a de-identified, PII-scrubbed copy of submitted logs — stripped of the identifiers listed above before it is used.
  • Aggregate usage, reliability, and cost metrics to diagnose service issues, prevent abuse, plan capacity, guide product improvements, and make pricing and packaging decisions.

We train only our own models, and only on the de-identified form of your data; we never send your logs to third-party LLM providers such as OpenAI or Anthropic. We do not share or sell your data. The template cache is per-customer and isolated by organization; it is not pooled across customers.

Telemetry choices

Codag collects service telemetry by default because it is required to operate, secure, meter, debug, and improve the Service. Workspace owners may opt out of non-essential product analytics by contacting [email protected]. Essential service telemetry, security logs, billing records, and quota records cannot be disabled while you use the hosted Service.

Data retention

Redacted payloads, the resulting capsules, and the per-customer template cache are retained as long as your account is active so the warm path keeps working, unless your plan or written agreement says otherwise. If you delete your account, or request deletion in writing, we purge all per-customer data within 30 days. Aggregated or de-identified service metrics, and the de-identified training data described above (stripped of identifiers and no longer tied to your account), may be retained beyond that for service-quality, capacity, security, model-improvement, and pricing analysis.

Free / no-account tier

You can use Codag without an account through the free tier (for example, codag wrap in the CLI without signing in). For these requests we may retain the submission in encrypted form for up to 30 days to operate the service, prevent abuse, and improve quality, then delete it. You can disable this raw retention per request — pass X-Codag-Retention: off (or the equivalent CLI flag) and we keep only metadata, not your log content.

Storage and security

Account data and redacted payloads are stored in an encrypted PostgreSQL database hosted on US-based cloud infrastructure. All traffic is TLS-encrypted in transit. Inference runs on Codag's own fine-tuned models hosted on managed GPU infrastructure (see sub-processors). Your log payloads are not sent to third-party LLM providers such as OpenAI or Anthropic.

Sub-processors

  • Google OAuth. Console sign-in. We receive name and email from your Google account.
  • Stripe. Payment processing and subscription management. Handles card data; we do not store full card numbers.
  • Modal. Managed GPU infrastructure that runs Codag's own fine-tuned inference models.
  • Railway. US-based cloud hosting for the API and database.
  • Vercel. Hosting for the web console.
  • Resend. Transactional email delivery (such as organization invites).
  • PostHog. Product analytics, website analytics, feature usage, and opt-out state for non-essential analytics.

These providers process data only as needed for their service and are bound by their own agreements. We will update this list before adding any new sub-processor.

Data sharing

We do not sell or rent your data. We do not share it with third parties for marketing. We disclose data only when required by law.

Your rights

  • Access, correct, or delete your account data.
  • Export your usage records and stored capsules.
  • Request full deletion of all per-customer data by emailing [email protected]. We honor requests within 30 days.

EU and UK residents have additional rights under GDPR; California residents have additional rights under CPRA. Contact us to exercise them.

Changes

Updates to this policy will be posted here with a new date. Material changes will be announced by email to account owners. Continued use of the service after changes take effect constitutes acceptance.

Contact

Questions or deletion requests? Email [email protected].