Privacy Policy
Last updated: June 2026 · https://discode.ai
🇩🇪 Deutsche Version (Datenschutzerklärung)
1. Controller
Laboratoire M GmbH
Obere Donaustraße 45a/18, 1020 Vienna, Austria
E-Mail: datenschutz@discode.ai
Commercial register: FN 511608 s, Commercial Court Vienna
Managing Director: Moriz Piffl-Percevic
2. Data We Collect
- Account data: Name, e-mail address (via Clerk OAuth)
- Usage data: Chat histories, model selection, slider settings, eco-tracking values
- Technical data: IP address (rate-limiting only, not stored long-term), browser type, device class
- Sentry Session Replay (on errors): If an error occurs during your browser session, an anonymised session recording is sent to Sentry in 1% of error cases. All text is masked (
maskAllText) and all media is blocked (blockAllMedia), so no plain-text content or personal data is captured. The recording is used solely for error reproduction. - Referral fraud prevention: When you redeem a referral code, a one-way hash (SHA-256) of your IP address is stored to prevent duplicate abuse. The original IP address is not retained — only the irreversible hash.
- Payment data: Processed via Stripe — we store no credit card data
3. Purpose of Processing
- Provision of the Multi-LLM routing service
- Usage limits and credit management
- Error analysis and monitoring (Sentry)
- Contract fulfilment (Stripe payments)
- Referral fraud prevention (IP hash for duplicate detection)
4. Legal Basis
Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(c) GDPR (legal obligation, e.g. tax retention), Art. 6(1)(f) GDPR (legitimate interest in error analysis and security).
5. PII Anonymisation
discode.ai offers an optional anonymisation feature that runs entirely in your browser. When enabled, personal data in your input is detected and replaced with placeholders on your device — using a rule-based pattern layer plus an on-device machine-learning model (executed via WebAssembly), before anything is sent.
No input is sent to our servers for this step: only the anonymised text is transmitted to our servers and the selected AI model, the mapping between placeholders and your original values stays on your device, and the model's response is re-personalised locally in your browser. You review the detected items before sending.
It detects categories such as names, e-mail addresses, phone numbers, postal addresses, organisations, IBAN/credit-card numbers, dates of birth and national ID/passport/tax numbers. The machine-learning layer is currently optimised for English, German, Italian and French.
The on-device model is downloaded once from a third-party provider (Hugging Face, USA) and then cached in your browser. This download transfers only the model files — none of your input — but, as with any web request, your IP address is visible to that provider.
Note: Anonymisation is a best-effort measure and does not provide absolute protection — detection is heuristic and may miss data in unusual formats. We recommend not entering highly sensitive personal data in AI queries.
6. Auto-Memory (Automatic Fact Extraction)
If you enable the Auto-Memory feature in your settings, an AI model (Groq/Llama) automatically analyses your conversations for stable personal facts (e.g. name, profession, preferred programming language). Recognised facts are stored in your database and included as context in future conversations.
- Legal basis: Art. 6(1)(a) GDPR (consent). The feature is disabled by default and requires your explicit activation (opt-in).
- Categories: Personal data (fact), preferences (preference), project context (context).
- Storage: Up to 20 facts per user, each max. 1,000 characters. Stored in Supabase (EU, Frankfurt), user-isolated (Row Level Security).
- Retention:As long as your account exists or until you manually delete the facts. You can remove individual facts at any time via the settings or by chat command (“forget …”).
- Sub-processor: For extraction, your query is sent to Groq (USA, SCC). See section 7 for details.
- Revocation: You can disable Auto-Memory at any time. Previously stored facts are retained until you delete them manually.
7. Sub-Processors
We engage the following sub-processors to deliver our service. For transfers to the USA we rely on the EU–US Data Privacy Framework (DPF) or Standard Contractual Clauses (SCC):
| Sub-Processor | Purpose | Location | Legal Basis |
|---|---|---|---|
| Clerk | Authentication | USA | DPF |
| Stripe | Payment processing | USA (EU data in EU) | DPF |
| Supabase | Database | EU (Frankfurt) | No transfer |
| Upstash | Redis Cache / Rate Limiting | EU (Frankfurt) | No transfer |
| Vercel | Hosting / Edge Functions | EU (Region Pinning) | DPF |
| Sentry | Error Monitoring, Session Replay (1% on errors, masked) | Germany | No transfer |
| Google Analytics (GA4) | Anonymous usage analysis (consent only) | USA | DPF |
| OpenRouter | LLM API Routing | USA | SCC |
| Exa | Web search — processes the search query when web search is active and the selected model has no built-in search (fallback in auto mode via OpenRouter) | USA | SCC |
| Hugging Face | One-time download of the model files for local, client-side anonymisation to your browser — only model files are transferred, no input or chat data (your IP address is visible as with any web request) | USA | SCC |
LLM inference sub-processors: Beyond the core infrastructure above, your prompts are routed via OpenRouter to AI models. Depending on the model and load, your request may be processed by any of the following inference providers. Transfers to third countries rely on Standard Contractual Clauses (SCC) or the EU–US Data Privacy Framework (DPF):
- AI21
- AionLabs
- AkashML
- Amazon Bedrock
- Ambient
- Anthropic
- Arcee AI
- AtlasCloud
- Azure
- BaseTen
- Cerebras
- Chutes
- Clarifai
- Cloudflare
- Cohere
- Darkbloom
- Decart
- DeepInfra
- DekaLLM
- DigitalOcean
- Fireworks
- Friendli
- GMICloud
- Google AI Studio
- Groq
- Inception
- Inceptron
- Infermatic
- Inflection
- Io Net
- Ionstream
- Liquid
- Mancer 2
- Mara
- Mistral
- ModelRun
- Morph
- Nebius
- NextBit
- Novita
- Nvidia
- OpenAI
- OpenInference
- Parasail
- Perceptron
- Perplexity
- Poolside
- Reka
- Relace
- SambaNova
- Stealth
- Switchpoint
- Together
- Upstage
- Venice
- Wafer
- WandB
- xAI
This list is generated automatically from the currently active model endpoints and may change. Providers based in the People's Republic of China are excluded here and covered separately in section 8.2.
8. Transfers to Third Countries
8.1 Transfers to the USA
For US-based providers we rely on EU Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR, or the EU–US Data Privacy Framework where applicable (Clerk, Stripe, Vercel, Sentry).
8.2 Transfers to China (explicit consent only)
Some AI models available on the platform are operated by providers based in the People's Republic of China. There is no EU adequacy decision for China.
Affected providers: Classification follows the data-processing provider, not the model author. The following providers are classified as China-controlled and are therefore used only with your consent:
Disabled by default: Chinese models are disabled in your settings and are not considered for automatic routing. Your queries are sent exclusively to models in the EU or USA.
Activation requires explicit consent:If you enable the "China toggle" in settings, you explicitly consent to the transfer of your query data to servers in China pursuant to Art. 49(1)(a) GDPR. You may revoke this consent at any time by disabling the toggle.
9. Data Retention
| Data category | Retention period | Deletion |
|---|---|---|
| Chat messages | Until deleted by user | 30 days after soft-delete |
| Account data | Until account deletion | Immediate cascade on deletion |
| Payment data | 7 years (Austrian tax law) | After expiry |
| Usage logs | 12 months | Automatic (daily cron) |
| Safety events | 12 months | Automatic (daily cron) |
| Bug reports | 6 months | Automatic (daily cron) |
| Referral IP hashes | Until referral programme ends or account deletion | Cascade on account deletion |
| Consent log | 3 years — including after account deletion (Art. 7(1) GDPR proof of consent; legal basis: Art. 6(1)(c) GDPR) | Automatic (daily cron) |
10. Your Rights
Under the GDPR you have the following rights:
- Access (Art. 15) — request a copy of your personal data
- Rectification (Art. 16) — correct inaccurate data
- Erasure (Art. 17) — delete your account and all associated data
- Restriction (Art. 18) — restrict processing
- Data portability (Art. 20) — export your data in machine-readable format
- Objection (Art. 21) — object to processing based on legitimate interest
Contact: datenschutz@discode.ai. You may also lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde), Barichgasse 40–42, 1030 Vienna, dsb@dsb.gv.at.
11. Cookies
11.1 Technically Necessary Cookies
We use technically necessary cookies (Clerk session token, CSRF protection). Local storage is used for UI preferences (theme, slider settings) — this data does not leave your browser.
11.2 Google Analytics 4 (consent only)
If you accept the cookie banner, Google Analytics 4 (GA4) is loaded. GA4 sets cookies to collect anonymous usage statistics (e.g. page views, sign-ups, first query, plan upgrades). Legal basis: Art. 6(1)(a) GDPR (consent).
- Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
- Data transfer: USA (DPF-certified)
- Retention: Up to 14 months (GA4 default)
- Tracked events: sign_up, first_query, upgrade, topup
- IP anonymisation: Enabled by default in GA4
- Revocation: You can revoke your consent at any time by clearing your browser cookies. GA4 will then no longer be loaded.
If you decline the cookie banner or close it without accepting, GA4 is not loaded and no analytics data is collected. We do not use marketing cookies.
12. Changes
This Privacy Policy may be updated. The current version is always available at discode.ai/privacy. For material changes we will notify you via e-mail or in-app notification.