Codag
Sign in Book a demo

Privacy

What we collect.
What we don't.

Codag is a developer tool that compresses infrastructure log data into structured incident summaries for use with LLM agents. This policy explains the data we touch and how we handle it.

Last updated · May 2026

What we collect

  • Account data. Name, email, organization. Used to authenticate and bill.
  • API keys. Issued by us, scoped to your account, hashed at rest.
  • Log payloads you submit. Raw log lines sent to the compression API. We anonymize these before storage (see below).
  • Resulting capsules. The schema-valid JSON we return.
  • Usage telemetry. Request counts, line counts, token counts, latencies, cache hit rates. No log content.

How we anonymize log payloads

Before any submitted log line is stored, it passes through a regex-based scrubber that replaces high-risk identifiers with neutral placeholder tokens. The scrubber redacts:

  • JWTs, OAuth bearer tokens, AWS / GCP credentials
  • Email addresses
  • IPv4 and IPv6 addresses
  • UUIDs and other long hashes
  • Fully-qualified domain names
  • Phone numbers
  • Long base64-style secrets

What remains is a structurally-shaped log line (template + values) with sensitive identifiers removed. We store only the anonymized form.

How we use it

  • Run inference on the lines you submit and return structured capsules in real time.
  • Build and maintain a per-customer template cache so subsequent requests hit the cache instead of the model. This is what makes the service fast and cheap.
  • Aggregate anonymized usage metrics to diagnose service issues, plan capacity, and guide product improvements.

We do not retrain or fine-tune the underlying language model on your data, and we do not share or sell your data. The anonymized template cache is per-customer and isolated by organization; it is not pooled across customers.

Data retention

Anonymized payloads, the resulting capsules, and the per-customer template cache are retained as long as your account is active so the warm path keeps working. If you delete your account, or request deletion in writing, we purge all per-customer data within 30 days. Aggregate, fully de-identified service metrics may be retained beyond that for service-quality analysis.

Storage and security

Account data and anonymized payloads are stored in an encrypted PostgreSQL database hosted on US-based cloud infrastructure. All traffic is TLS-encrypted in transit. Inference workloads run on owned hardware, so your log payloads never leave our infrastructure for third-party LLM APIs.

Sub-processors

  • Google OAuth. Console sign-in. We receive name and email from your Google account.
  • Railway. US-based cloud hosting for the API and database.

These providers process data only as needed for their service and are bound by their own agreements. We will update this list before adding any new sub-processor.

Data sharing

We do not sell or rent your data. We do not share it with third parties for marketing. We disclose data only when required by law.

Your rights

  • Access, correct, or delete your account data.
  • Export your usage records and stored capsules.
  • Request full deletion of all per-customer data by emailing support@codag.ai. We honor requests within 30 days.

EU and UK residents have additional rights under GDPR; California residents have additional rights under CPRA. Contact us to exercise them.

Changes

Updates to this policy will be posted here with a new date. Material changes will be announced by email to account owners. Continued use of the service after changes take effect constitutes acceptance.

Contact

Questions or deletion requests? Email support@codag.ai.