---
title: "privacy policy - codefmt"
url: https://codefmt.dev/privacy
sources:
  - https://codefmt.dev/privacy
licence: "© codefmt. Cite with attribution to https://codefmt.dev."
---

# privacy policy

last updated: june 12, 2026

codefmt is designed to be privacy-first. this policy covers both the website at codefmt.dev and the codefmt browser extension for chrome and firefox.

## what we collect

code content: when you format code using the browser extension, your code is sent over https to codefmt.dev/api/format for processing. during the request, the code is held in short-lived in-memory buffers and written to an ephemeral per-request temporary file so the formatter and linter tools (biome, oxlint, ruff) can read it; these tools require files on disk and do not accept stdin. the temporary file lives in an isolated directory named with a random uuid and is deleted before the api response returns, regardless of whether formatting succeeded or failed. the code is never persisted to any database, never written to long-term storage, never logged, and never shared with third parties.

website formatting: when you format code on codefmt.dev, formatting runs entirely in your browser via webassembly. your code never leaves your device. javascript lint diagnostics are processed server-side via the same ephemeral-file, no-persistence path described above.

settings: your formatting preferences are stored in your browser's localStorage. the browser extension can read these settings via the sync feature. no settings data is sent to any server.

shared snippets: if you click "share" on a formatted snippet, the original input and formatted output are sent to codefmt.dev/api/share and stored in a server-side in-memory cache for up to 30 days, then automatically deleted. the server returns a short id, and anyone with the resulting /s/\[id\] url can view that snippet. shared snippets are not encrypted and are not protected by any authentication; treat the share link like a public paste. no shared snippet data is written to a database or persistent disk, and it is lost whenever the server instance restarts. if you did not explicitly click "share", no snippet is ever created.

ip address (rate limiting only): the /api/format and /api/share endpoints read the ip address that vercel attaches to each request (`x-real-ip`) and hold it in a short-lived in-memory counter for up to 60 seconds, only to enforce per-ip rate limits. the counter is never persisted. if a request exceeds the rate limit, the ip is written to a single runtime log line (visible only to the site operator via vercel logs) so abuse can be investigated; these log lines roll off with vercel's default log retention and are never sold, shared, or correlated with any user identity.

api & agent endpoint counts: requests to the api and agent endpoints (format, mcp, a2a, ask, llms.txt) are counted in aggregate through umami: endpoint, platform, and outcome only. submitted code and queries are processed in memory and never stored or sent to analytics. these counts carry no ip address, no raw user agent, and no identifier of any kind, and requests that send the dnt or gpc signal are not counted at all.

## what we don't collect

* \-no accounts or registration
* \-no cookies
* \-no personal information (name, email, etc.)
* \-no browsing history or cross-site activity tracking
* \-no code written to a database or persistent disk; only the opt-in share feature holds code in a volatile in-memory cache for up to 30 days
* \-no code is ever logged, regardless of request outcome
* \-no data is sold or shared with third parties

## third-party services

vercel: hosts the website and api. vercel collects anonymous, aggregated analytics (page views, web vitals) with no personal identifiers. see [vercel's privacy policy](https://vercel.com/legal/privacy-policy).

sentry: monitors application errors on the website so we can find and fix crashes and bugs you hit, often before anyone reports them, which keeps the formatter reliable. sentry receives error stack traces and browser metadata only. our sentry configuration does not enable request body capture, personally identifiable information capture (`sendDefaultPii`), or session replay, so user code content is never sent to sentry. see [sentry's privacy policy](https://sentry.io/privacy/).

umami: privacy-friendly website analytics. umami records anonymous, aggregated page views and events with no cookies, no cross-site tracking, and no personal data, and never receives your code. see [umami's privacy policy](https://umami.is/privacy).

## privacy signals (gpc & dnt)

global privacy control (gpc): gpc is a browser signal (the `Sec-GPC: 1` request header and `navigator.globalPrivacyControl`) that tells a site you opt out of having your personal data sold or shared. codefmt does not sell or share anyone's personal data, for any visitor, with or without the signal, so the outcome gpc asks for is already codefmt's default. there is nothing to opt out of. see the [global privacy control specification](https://globalprivacycontrol.github.io/gpc-spec/).

do not track (dnt): codefmt's analytics (umami) is configured with `data-do-not-track`, so if your browser sends the dnt signal, umami records nothing: no page view, no event.

## browser extension

the codefmt browser extension (chrome and firefox) operates only on supported automation platform websites: zapier, n8n (n8n.io and n8n.cloud), pipedream, make (make.com), and hubspot (including hubspot design manager for hubl templates). it does not run on any other website.

the extension reads code from the platform's editor, sends it over https to codefmt.dev/api/format for formatting, and writes the formatted result back to the editor. the same ephemeral-processing policy described in "what we collect" applies: the code is held in short-lived buffers and an ephemeral per-request temporary file that is deleted before the api response returns, and it is never persisted, logged, or shared.

the extension stores your formatting preferences locally using chrome.storage.local (or the firefox equivalent). this data never leaves your browser.

## contact

questions about this policy? reach out at [support@codefmt.dev](mailto:support@codefmt.dev?subject=codefmt privacy question).