Privacy Policy
Last updated: December 31, 2025
1. Introduction
Thank you for using Qoder!
Before using Qoder, please read this Qoder Privacy Policy carefully to learn how we, BRIGHT ZENITH PRIVATE LIMITED, a Singapore registered entity (“BRIGHT ZENITH”), collect, use, disclose, and protect your personal data. This Qoder Privacy Policy will also provide you with more information about the bases upon which BRIGHT ZENITH may lawfully collect, use, and/or disclose your personal data, where permitted by applicable law.
This Qoder Privacy Policy (“Privacy Policy”) applies to your access and/or use of Qoder IDE, websites, software, and related services (collectively, the “Services”) provided by us. By accessing and/or using any Service, or clicking “Agree” on the account registration screen, you agree and consent to BRIGHT ZENITH and its related companies (collectively, the “Companies”) as well as their respective representatives and agents (the “Representatives”) (the Companies and the Representatives collectively referred to as “we”, “us”, “our” or “Qoder” hereinafter) collecting, using, disclosing, and/or sharing your personal data, and disclosing your personal data to our authorised service providers and relevant third parties in the manner and for any of the purposes set forth in this Privacy Policy, subject to any separate consent we need to collect from you under applicable data protection laws. If you do not agree with the terms of this Privacy Policy, you must not access or use any Service.
Unless otherwise specified, this Privacy Policy does not apply to any products and/or services provided by any third party independently through our Services. We are not responsible for the privacy practices of third parties. If you access or use any third party products or services, you should check the applicable third party privacy policy to determine how they will handle any personal data you provide to them or which they collect from you. We are not responsible for any third party’s improper use or disclosure of any personal data.
2. What Information We Collect
For the purposes of the Privacy Policy, “personal data” refers to any information relating to an identified or identifiable natural person. We collect personal data for more efficient operation and to provide you with best usage experience. The ways in which we collect personal data include: (a) where you provide personal data to us; (b) where you access or use the Services; and/or (c) where we obtain personal data from third parties.
Information Provided by You
- Account Information. We collect your personal data, including your name, email address, a display name of your choice, when you sign up for a Qoder account, and where you otherwise provide us with your personal data (such as to receive information on our Services).
- Feedback. We appreciate feedback, including ideas and suggestions for improvement or rating an Output in response to an Input. If you rate an Output in response to an Input—for example, by using the thumbs up/thumbs down icon—we will store the related conversation as part of your feedback.
- Payment Information. When you seek to access any paid Service, we collect information related to your purchase, including payment details such as your payment method, payment instrument number, billing address, and transaction history.
- Communication Information. If you communicate with us, including via email or our pages on social media sites, we will collect personal data, including your name, contact information, and the contents of the messages you send.
- Other Information You Provide. We may collect other information you may provide to us, such as when you use our beta products or services, participate in our responsible disclosure program or interact with us online or offline. Some of these services may have additional terms.
Automatically Collected Information
- Device and Log Information. When you access and use the Service, we automatically collect certain device and network information, including your operating system, Internet Protocol (IP) address, service-related diagnostic and performance data, as well as the user ID automatically assigned to you.
- Usage Information. We collect information about your use of the Service, including the dates and times of access, browsing history, search, information about the links you click, pages you view, and other information about how you use the Service, and technology on the devices you use to access the Service.
- Cookies & Similar Technologies. We and our service providers utilize cookies or similar technologies to operate and manage the Service and improve your experience. These technologies help us to recognize you, customize or personalize your experience, market additional products or services to you, and analyze and optimize your use of the Service. To learn more about our use of cookies and other tracking technologies, and how to manage your website privacy settings, please see Section 10 on “How Do We Use Cookies and Similar Technologies” below.
Information From Other Sources
- Third Party SNS Account Information. We may offer you an option to log in using your existing account with certain third-party social networking sites (“SNSs”), including Google and GitHub. If you elect to do so, we may obtain your personal data from the SNS pursuant to your agreement with that SNS including your email, SNS ID, avatar url. The personal data we collect may depend on the privacy settings you have set with the SNS. We suggest that you check the privacy and data policies and practices of the SNS to learn how they handle personal data.
- Payment and Transaction Fulfillment Information. We receive information about you from payment and transaction fulfillment providers, including payment confirmation details, and information about the Service you purchase.
If you provide us with any personal data relating to a third party (e.g. your spouse, children, parents, and/or friends), by submitting such personal data to us, you represent to us that you have obtained the consent of such third party to you providing us with their personal data, and for the collection, use and disclosure of their personal data for all purposes set out herein and by or for the benefit of the persons referenced herein.
You should ensure that all personal data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with any Services you have requested.
3. How We Use Your Information
We use, process, and/or disclose your personal data for the following purposes:
| Purpose / Activity | Types of personal data | Retention |
|---|---|---|
| To create, manage, and administer your account | - Account Information - Third Party SNS Account Information - Communication Information - Payment Information - Payment and Transaction Fulfillment Information - Device and Log Information | For as long as you have an account with us. |
| To facilitate Organization features (including without limitation to allow Administrators to manage your account and/or allow you to share data and materials within your Organization) | - Account Information - Third Party SNS Account Information - Communication Information - Feedback - Device and Log Information - Usage Information - Cookies | For as long as you have an account with us. |
| To facilitate payment transactions and respond to your payment-related inquiries. | - Account Information - Third Party SNS Account Information - Payment Information - Payment and Transaction Fulfillment Information - Communication Information - Device and Log Information | For as long as you have an account with us. |
| To provide and maintain the Services, including its core functionalities as well as any optional features or enhancements made available thereto. | - Account Information - Third Party SNS Account Information - Feedback - Communication Information - Device and Log Information - Usage Information - Cookies | For as long as you have an account with us. |
| To debug and repair errors affecting functionality. | - Account Information - Third Party SNS Account Information - Device and Log Information | For as long as you have an account with us. |
| To communicate with you and provide user support in order to maintain and enhance our Services, including notifying you of any modifications to the Service or to our Terms and policies, addressing your queries, requests, complaints, and feedback, and conducting surveys. | - Account Information - Third Party SNS Account Information - Feedback - Communication Information - Device and Log Information - Usage Information - Cookies | For as long as you have an account with us. |
| To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, us, or third parties. | - Account Information - Third Party SNS Account Information - Payment Information - Payment and Transaction Fulfillment Information - Feedback - Communication Information - Device and Log Information - Usage Information - Cookies | For as long as you have an account with us and as required by applicable laws. |
| To investigate and/or prevent fraud, illegal activity, or misuses of our Services, violation of these Terms and/or applicable law, and/or to protect the security of our systems and Services. | - Account Information - Third Party SNS Account Information - Payment Information - Payment and Transaction Fulfillment Information - Device and Log Information - Usage Information - Cookies | For as long as you have an account with us and as required by applicable laws. |
| To prevent fraud, illegal activity, or misuses of our Services, and to protect the security of our systems and Services. | - Account Information - Third Party SNS Account Information - Device and Log Information - Usage Information | For as long as you have an account with us. |
We may also use your information for any other purposes disclosed to you at the time we collect your information, with your consent, or as otherwise permitted by applicable laws.
4. How We Share Your Information
We may share your personal data with the recipients or in the scenarios listed below, for the purposes described in this Privacy Policy.
- Your Organization. If you are a member of an Organization under an Enterprise or Team Plan, we may share your personal data with your Organization, Administrators of your Organization, and/or other users (if applicable) in your Organization.
- Service Providers. We may share your personal data with service providers we engage from time to time to provide various services, including cloud infrastructure to host our Services, large language models to support your coding experience and help generate Outputs, as well as codebase data storage and web search providers that help us provide and deliver the Service.
- Third Parties. We may share your personal data, including Log Information, with third parties whose platforms or services are integrated with the Service. For example, if you log in using your existing account with third-party SNSs, including Google and Github, we will share certain Log Information to facilitate account registration or log in.
- Our Corporate Group. Certain entities within our corporate group ("Corporate Group") receive and process personal data to support the provision of the Services. These entities process Information Provided By You, Automatically Collected Information, and Information From Other Sources for us, as necessary to provide functions such as storage, operation and maintenance of Service, security, research and development, analytics, online payments, customer and technical support.
- Corporate Transactions. Your personal data may, to the extent permitted by applicable laws and subject to your consent when required, be disclosed to third parties: In the event that we discuss or negotiate the sale or sell any business or assets, in which case we may disclose your information to the prospective buyer of such business or assets; or in connection with a corporate transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control, or acquisition of all or a portion of our business including asset sales, consolidations or in the unlikely event of bankruptcy.
- Legal Obligations and Rights. We may, to the extent permitted by applicable laws, access, preserve, and share the information described in "What Information We Collect" with any competent law enforcement body, regulatory or government agency, court, public authority, or other third party if we have good faith belief that it is necessary to:
- Comply with applicable laws, regulations, codes of practice, legal process, or governmental guidance or requests as consistent with internationally recognised standards;
- Protect the rights, property, and safety of our users and others as required or permitted by law;
- Exercise or defend any legal claims, including to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims, or government inquiries;
- Investigate potential violations of and enforce our Terms of Service, or any other applicable terms, policies, or standards; or
- Detect, investigate, prevent, or otherwise address misleading or illegal activities.
- With Your Consent. We may share your information for other purposes pursuant to your consent or at your direction.
5. Your Rights and Choices
Depending on where you reside, you may have certain rights and choices when it comes to your information. Depending on where you live, your rights under applicable laws may include the right to access, delete, transfer, or correct your personal data; to be informed of the ways in which we process your personal data; to object to certain processing activities; to file complaints with authorities; and more. Some of your rights apply generally, while others will only apply in certain circumstances. Depending on the scenario, these rights may be subject to some limitations by law.
For detailed information about the specific rights available to you in your region, please see the Jurisdiction Specific Addendum below. For information about your cookie-related privacy choices, please see Section 10 on “How Do We Use Cookies and Similar Technologies” below.
If you have questions or would like to exercise any of your personal data rights, please contact us at intldpo@qoder.com or see the Jurisdiction Specific Addendum below, in case a local contact is available in your region. There may be situations where we cannot grant your request. For example, if you make a request and we cannot verify your identity, we will not be able to comply with the request. We may be unable to comply with your request if we are required to retain your information due to legal or regulatory obligations, such as when the information is necessary to complete a transaction, when fulfilling the request would compromise the privacy of others, or when it would be impractical to do so.
6. Data Security
Security of your information is important to us. We use appropriate technical and organizational measures to protect the personal data that we collect, use, disclose, and process. These measures are designed to provide a level of security appropriate to the risk of processing. Specific measures we use include encrypting your personal data in transit and at rest; developing and implementing an Information Security Programme in accordance with a standard industry framework; employing advance malware protections; implementation of other reasonable security defences (including vulnerability management, access management and recovery/resilience measures).
The Service may, from time to time, contain links to policies, functionality, or content maintained by third parties we do not control. We are not responsible for, and make no representations regarding, such third party policies and practices.
7. Data Retention
We retain information for as long as necessary to provide the Service and for the other purposes set out in this Privacy Policy. We also retain information when necessary to comply with our contractual and legal obligations, when we have a legitimate business interest to do so (such as improving and developing the Service, and enhancing its safety, security, and stability), and for the exercise or defense of legal claims.
The retention periods will be different depending on the type of information and the purposes for which we use the information. For example, we retain your Account Information for as long as you have an account. If you violate our Terms of Service, we may immediately remove your access to the Service but retain your information as necessary to investigate the violation, to the extent permitted by applicable laws.
When we have no further legitimate need or legal reason to retain your personal data, we will either delete it in a secure manner or deidentify it such that can no longer be associated with you.
8. International Data Transfers
Depending on where you are located and the features of our Services which you access or use, your personal data may be transferred out of and processed on a server located outside of your country of residence. We process and store the information we collect in secure servers located in the United States, and Singapore. We may also, and to the extent permitted by applicable laws, transfer your personal data internationally for one or more of the purposes described in this Privacy Policy. Please note that the data protection laws in the locations where we transfer or process data may differ from those in your area. We take appropriate safeguards to ensure that your personal data will remain protected in accordance with this Privacy Policy and applicable laws and we only transfer your data overseas in accordance with applicable law and legally valid transfer mechanisms.
9. Minimum Age and Minors
Our Service is not directed at, and shall not be used by, minors under the age of 18. Additionally, all users are strictly prohibited from uploading, transmitting, emailing, or otherwise making personal data from children under the age of 18 available to us or other users or using them for any of our Services. If you believe that we have collected personal data from or about a minor under the minimum age, please contact us at intldpo@qoder.com.
10. How Do We Use Cookies and Similar Technologies
a. Cookies and similar technologies we used
We may use cookies and similar technologies to gather information resulting from access and/or use of our Services. The technologies we use may include:
- Essential Cookies
These cookies are crucial for the core functions of the website and must be enabled to ensure the proper operation of the service:
| Cookie Name | Purpose | Category |
|---|---|---|
| qoder_session_cookie | Maintains user login status | Essential (Functionality) |
| qoder_csrf_token | Prevents Cross-Site Request Forgery (CSRF) attacks | Essential (Security) |
| acw_tc | Web Application Firewall (WAF) protection management | Essential (Security) |
| _c_WBKFRo | Alibaba Cloud Captcha 2.0 | Essential (Security) |
| _nb_ioWEgULi | Alibaba Cloud Captcha 2.0 | Essential (Security) |
- Preference Cookies
These cookies are used to store user personalisation settings and can be enabled or disabled at the user’s discretion:
| Cookie Name | Purpose | Category |
|---|---|---|
| qoder_locale | Records user language preferences | Non-essential (Preference) |
| qoder_theme | Records user theme preferences | Non-essential (Preference) |
- Third-Party Data Collection Explanation
Qoder services may include third-party tools, whose cookie policies comply with their respective data protection regulations:
Google Analytics
Used for anonymous analysis of website traffic and experience optimisation. Cookies set by Google include:
- Cookie Name: ga, ga* and others
- Purpose: To collect anonymous statistics (such as page views, traffic sources, device types, time spent on site, etc.
- Data Controller: Google (please refer to Google’s privacy policy)
b. More information about cookies
For more information about cookie and instructions on how to set up your browser to accept, delete or disable cookies, see www.allaboutcookies.org.
11. Privacy Policy Updates
We may amend or update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last Updated" date at the top of the new Privacy Policy, posting the new Privacy Policy, or by providing other notice as required by applicable laws. We recommend that you review the Privacy Policy from time to time to stay informed of our privacy practices.
12. Contact Us
If you have any questions about this Privacy Policy, or have any questions, complaints or requests regarding your personal data, you can contact our Data Protection Officer (DPO) via the contact details set out below:
- Attention: DPO
- Email address: intldpo@qoder.com
Please note that if your personal data has been provided to us by a third party, you should contact such party directly to make any queries, feedback, and access and correction requests to us on your behalf.
United States Addendum
This is an addendum to the Qoder Privacy Policy in relation to US data subjects (this “US Addendum”) and should be read in conjunction with the Privacy Policy.
Residents of certain US states have additional privacy rights disclosures regarding their personal data.
Additional Rights:
Depending on where you reside, US residents may have additional rights:
- Know the categories and/or specific pieces of personal data collected about you, including the categories from which the personal data is collected, the business purpose for collecting the personal data, whether your personal data was disclosed to third parties, the categories of personal data, if any, that we disclosed to third parties, the categories of and/or the third parties to whom your personal data was disclosed
- Access or obtain a copy of the specific pieces of personal data we retain about you
- Request deletion of your personal data
- Request correction of inaccurate personal data.
Authorized Agents. Your authorized agent may submit a request to exercise any of the above rights on your behalf. We may request additional information to verify their authority to act on your behalf before processing any requests.
Please submit requests by emailing intldpo@qoder.com.
No Sale of Personal data, Sharing for Cross-Context Behavioral Advertising, and Targeted Advertising
We do not “sell” or “share” personal data for cross-contextual behavioral advertising, and we do not process personal data for “targeted advertising” purposes (as those terms are defined under applicable US state privacy laws).
Do Not Track. Our websites and apps are not designed to respond to "do not track" requests from browsers.
Singapore Addendum
This is an addendum to the Qoder Privacy Policy in relation to Singapore data subjects (this “Singapore Addendum”) and should be read in conjunction with the Privacy Policy. This Singapore Addendum applies if you are based in Singapore during your interaction with us.
Consent to collection, use, disclosure and/or processing of personal data
By providing us with your personal data, you consent to us collecting, using, disclosing and/or processing your personal data as set out in this Privacy Policy, unless an exception under the law permits us to collect, use, disclose and/or process personal data without consent.
Transfer of personal data outside of Singapore
Where we transfer personal data outside of Singapore, we will do so in accordance with the Personal Data Protection Act 2012 (SG PDPA) and will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that provided under the SG PDPA.
Access and correction of personal data
You have the right to request access to your personal data held by us (or on our behalf) and to request for correction of such personal data.
Withdrawal of consent
You may withdraw consent and request that we stop using and/or disclosing your personal data for any of the purposes listed under Section 3 of the Privacy Policy by submitting your request in writing to the Data Protection Officer, in respect of personal data collected, used or disclosed in Singapore. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us.
In general, we shall seek to process your request as soon as possible and within a reasonable timeframe. While we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be able to to continue providing our goods and services to you and we shall, in such circumstance, notify you before completing the processing of your request. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under the SG PDPA.
Data Protection Officer
Any questions regarding this Privacy Policy may be directed to our Data Protection Officer at the contact details set out below:
- Email address: intldpo@qoder.com
This Privacy Policy will be effective from December 31, 2025
