Privacy Policy for CodexAPI.pro

Effective Date: June 5, 2026
Website: https://codexapi.pro
Contact: privacy@codexapi.pro

This notice explains how CodexAPI.pro handles personal data when you visit the website, create an account, use the dashboard, buy Token Wallet or Cash Wallet credit, use Codex CLI, Claude Code, codexclaude, support, referral, 2FA, email, desktop, or admin-related services. It is written to support GDPR transparency requirements and equivalent privacy laws.

1. Controller and Scope

CodexAPI.pro Operations is the controller for account, dashboard, billing, website, support, referral, email, security, and service usage records processed through CodexAPI.pro and related customer surfaces. Some infrastructure, payment, authentication, email, and model providers act as processors or independent controllers for their own services. Questions and data-rights requests can be sent to privacy@codexapi.pro.

2. Data We Process

Account data: name, email, dashboard username, hashed password, API username/token records, 2FA status, country or contact details when provided, device and login metadata.
Wallet and billing data: Token Wallet and Cash Wallet balances, purchases, subscriptions, invoices, Stripe customer/payment references, Gumroad or marketplace order references, refunds, top-ups, auto top-up settings, and referral commissions.
Service usage metadata: request time, endpoint, model/provider label, token counts, cache billing fields, status, latency, billing mode, wallet charge, IP address, user agent, region, and troubleshooting identifiers.
Customer content: prompts, code, files, tool outputs, and responses are transmitted to provide the requested CLI/API function. We do not intentionally store source code or coding payloads as a general product feature, but transient processing, provider-side processing, abuse/security logs, or support diagnostics may occur where necessary to deliver and secure the service.
Support and communications: support messages, admin/customer messages, email delivery records, Telegram or desktop app notices, and replies to operational emails.
Website and device data: pages visited, referral codes, local storage values, cookie/consent choices, browser and device metadata, and optional analytics/conversion events if you accept analytics.

3. Why We Process Data and Legal Bases

Contract: account creation, authentication, API token setup, wallet billing, top-ups, subscriptions, referrals, support, and delivering Codex/Claude API services.
Legitimate interests: service security, fraud prevention, rate limiting, abuse detection, debugging, reliability monitoring, product improvement using non-content operational metadata, and protecting our infrastructure and customers.
Legal obligation: tax, accounting, payment, chargeback, sanctions, fraud, and legal compliance records.
Consent: optional advertising/analytics cookies, pixels, conversion events, and non-essential browser storage. You can reject or withdraw this consent without losing access to necessary service features.

4. Cookies, Local Storage, and Analytics

Necessary storage is used for login state, dashboard operation, security, wallet checkout, referral attribution, setup instructions, consent records, and fraud prevention. Optional analytics and advertising measurement, including Reddit Pixel and related conversion reporting, is disabled until you choose Accept analytics. You can reopen the privacy control from the floating Privacy button and change your choice at any time.

5. Sharing and Processors

We share data only where needed to operate the service, process payments, deliver email or support, prevent abuse, comply with law, or route model/API requests. Provider categories include hosting and infrastructure, payment processors such as Stripe, email delivery providers, fraud and security tooling, model/API providers, analytics/advertising providers when consented, desktop update/distribution services, and professional advisers. We do not sell personal data.

6. International Transfers

CodexAPI.pro serves customers internationally. Your data may be processed in the United States, South Africa, the European Economic Area, or other countries where our infrastructure, processors, payment providers, email providers, and model/API providers operate. Where GDPR transfer rules apply, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, processor terms, or another lawful transfer mechanism.

7. Retention

We keep account and wallet records while your account is active. Billing, tax, fraud, chargeback, and accounting records are retained as required by law and legitimate business needs. Security and usage metadata is retained only as long as needed for billing, dispute handling, troubleshooting, abuse prevention, and service reliability. Optional analytics consent records are retained until you change them or clear browser storage. You may request deletion, subject to records we must keep.

8. Your Rights

Depending on your location, including if GDPR applies, you may request access, correction, deletion, restriction, portability, objection to legitimate-interest processing, and withdrawal of consent. You may also object to direct marketing at any time. To exercise rights, email privacy@codexapi.pro. We may need to verify your identity before acting on a request. You also have the right to complain to your local data protection authority.

9. Security

We use TLS, hashed passwords, API token controls, 2FA support, admin access controls, service monitoring, and operational safeguards designed to protect personal data. No internet service is risk-free, so customers should keep dashboard credentials, API tokens, SSO links, and 2FA recovery access secure and rotate tokens if exposure is suspected.

10. Changes

We may update this notice when our services, providers, legal requirements, or processing practices change. The effective date above shows when this notice was last materially updated.