CodeMote logoCodeMoteGet the app
← Back to CodeMote

Privacy Policy

Last updated: 30 June 2026

This policy explains what personal data CodeMote processes, why, and the rights you have. CodeMote is built so that your source code and development environment never pass through our servers.

1. Who we are (Data Controller)

This app, CodeMote(“the App”, “we”, “us”), is provided by:

Salvatore Castellitti
Via Sannio 1, 86024 Petrella Tifernina (CB), Italy
P.IVA / C.F.: 01945740700
Contact: s.castellitti.dev@gmail.com

We are the data controllerfor personal data processed in connection with the App, in accordance with Regulation (EU) 2016/679 (“GDPR”) and Italian Legislative Decree 196/2003 as amended (“Codice Privacy”).

2. Our privacy-first design

CodeMote is built so that your source code and the contents of your development environment never pass through our servers and are never stored by us.

  • The App establishes a direct, encrypted, one-to-one connection between your mobile device and your own computer.
  • We do not keep a cloud copy of your code, terminals, files or git data.
  • Pairing is done locally (e.g. via QR code) using revokable tokens that you control.

Because of this architecture, the categories of personal data we actually process are limited (see below).

When the app is open, all activity flows over the direct, encrypted connection and nothing transits our servers. When you enable notifications and the app is in the background or closed, a minimal message — the terminal’s status, its name, a few of its most recent output lines, and timestamps — is relayed through our notification service to Apple’s Push Notification service so we can update a Live Activity or send an alert. We do not store, log, or retain this content; the relay forwards it and discards it.

3. What data we process

3.1 Data we do not collect

  • The content of your code, files, terminal sessions, git repositories or commands.
  • The contents of the connection between your phone and your computer.

3.2 Data processed to provide subscriptions

Purchases and subscriptions are handled by Apple and by our subscription infrastructure provider RevenueCat. Through them we may receive:

  • A non-identifying app user ID / purchase token,
  • Subscription status (active, expired, trial, plan type, renewal or cancel events),
  • Coarse transaction metadata (country, currency, product purchased).

We do not receive your full name, address or payment card details. Apple processes payment directly and does not share card data with us.

3.3 Analytics and tracking

CodeMote does not use any third-party analytics, advertising or tracking SDKs. We do not embed Google Analytics, PostHog, Firebase, or any similar tool, and we do not build advertising profiles about you. The only third party that receives data tied to you is RevenueCat, solely to manage your subscription (Section 3.2).

If you have opted in to Apple’s system-level analytics on your device, Apple may share limited aggregated, non-identifying diagnostics with developers through App Store Connect. That data is processed by Apple under its own terms and is controlled entirely by your device settings.

3.4 Support communications

If you email us, we process the data you choose to send (e.g. your email address and the content of your message) to respond to you.

3.5 Notifications & Live Activities

  • Push tokens: to deliver notifications and Live Activity updates we use Apple-issued push tokens. These are held by your own computer (the CodeMote extension) and by Apple; our relay receives a token only to forward a single message and does not store it.
  • Notification content:terminal status (e.g. working / waiting / done), the terminal’s name, a short snippet of its most recent output lines, and timestamps. This is processed transiently to render the Live Activity or alert and is not persisted by us.
  • On-device widget & Live Activity: this status data is stored locally on your device (in an app group) to power the home/lock-screen widget and Live Activity. It does not leave your device except via the relay path described above.

4. Why we process it and on what legal basis (Art. 6 GDPR)

Providing the App and its core featuresPerformance of a contract (Art. 6(1)(b))
Managing subscriptions, renewals and entitlementsPerformance of a contract (Art. 6(1)(b))
Responding to support requestsLegitimate interest (Art. 6(1)(f))
Complying with legal and tax obligationsLegal obligation (Art. 6(1)(c))

Where we rely on consent, you may withdraw it at any time.

5. Third parties (data processors / sub-processors)

We share the limited data above only with providers that help us run the App:

  • Apple Inc.: app distribution, in-app purchases, payment processing.
  • RevenueCat, Inc.: subscription management and entitlement validation.
  • Microsoft: the App can use Microsoft’s devtunneltooling to establish the secure tunnel between your devices. The tunnel carries the encrypted connection; review Microsoft’s own terms and privacy notice for that service.
  • Apple Push Notification service (APNs): delivers notifications and Live Activity updates. Subject to Apple’s privacy policy.
  • Vercel Inc.: hosts our stateless notification relay (codemote.caste.work). The relay performs no storage or logging of notification content; data passes through in transit only. Vercel is located in the United States; that international transfer is covered by the EU Standard Contractual Clauses referenced below.

Each provider acts under its own privacy terms. Some are located outside the EU/EEA; where that is the case, transfers are covered by appropriate safeguards such as the EU Standard Contractual Clauses and/or adequacy decisions. We do not sell your personal data.

6. Data retention

  • Subscription and transaction records: kept for as long as needed to provide the service and to meet Italian tax and accounting obligations (generally up to 10 years for invoicing records).
  • Support emails: kept for as long as needed to handle your request and any follow-up.
  • Notification data: processed in transit only and not retained by us. Push token and notification handling on Apple’s side is subject to Apple’s retention practices.

7. Your rights (Art. 15-22 GDPR)

You have the right to: access your data, request rectification or erasure, restrict or object to processing, request data portability, and withdraw consent at any time. To exercise any right, contact us at s.castellitti.dev@gmail.com.

You also have the right to lodge a complaint with the Italian Data Protection Authority, the Garante per la protezione dei dati personali (www.garanteprivacy.it).

8. Children

The App is not directed to children under the age required by applicable law (generally 14 in Italy for consent to information-society services). We do not knowingly collect data from such children.

9. Security

We use technical and organisational measures appropriate to the risk, including encryption of the device-to-device connection. However, no method of transmission or storage is 100% secure, and you are responsible for keeping your own devices and pairing tokens secure.

Notifications and Live Activities require your explicit permission and can be disabled at any time in iOS Settings. Disabling them stops this data flow entirely.

10. Changes to this policy

We may update this policy from time to time. Material changes will be indicated by updating the “Last updated” date and, where appropriate, by an in-app notice.

11. Contact

Questions about privacy: s.castellitti.dev@gmail.com.