Kosuke

Privacy Policy

Kosuke is a B2B AI coding platform. Organizations connect GitHub repositories, collaborate through chat, and use AI-assisted workflows to generate, review, and ship code changes. This Privacy Policy explains how Kosuke, Inc. ("Kosuke", "we", "our", or "us") collects, uses, stores, and shares personal data when you use kosuke.ai, app.kosuke.ai, preview environments we create for you, and related services.

1. Who We Are

Kosuke, Inc.
1111B S Governors Ave # 54640, Dover, DE 19904
privacy@kosuke.ai

2. Scope

This policy covers both our public website and the Kosuke product. Because Kosuke is a repository-connected AI coding platform, the data we process can include account data, organization data, repository information, prompts, generated output, previews, attachments, and operational telemetry.

3. Our Role

When we process customer workspace content such as repositories, prompts, code, attachments, and project data in order to provide the service, we act as a service provider or processor on behalf of the customer organization.

When we process website usage data, account and authentication data, security and fraud-prevention data, support communications, and our own operational or business records, we act as a controller.

4. Data We Process

We may process the following categories of personal data and customer content:

  • Account and authentication data, such as name, email address, profile details, authentication identifiers, and session information.
  • Workspace and organization data, such as organization name, membership, roles, invitations, and administrative settings.
  • GitHub and project data, such as connected repository details, repository metadata, webhook events, branch and pull request information, and related project configuration.
  • Repository contents and code processed in the service, including source code and related files processed in sandbox or preview environments in order to provide the service.
  • Chat and generated-output data, such as prompts, instructions, assistant responses, generated code, diffs, and conversation history.
  • Uploaded files and attachments, including files, images, and documents submitted through the product.
  • Preview, sandbox, and deployment data, such as preview environment identifiers, runtime state, logs, and deployment-related metadata.
  • AI-provider configuration and credentials, such as selected provider settings and encrypted API credentials where an organization chooses to store them with Kosuke.
  • Usage, diagnostics, and analytics data, such as IP address, browser and device information, feature usage, crash data, logs, telemetry, and error-monitoring data.
  • Website and communications data, such as demo requests, waitlist submissions, newsletter signups, and support communications.

5. How We Use Data

We use personal data to:

  • authenticate users and manage accounts, workspaces, and permissions;
  • connect repositories and operate repository, sandbox, preview, and AI-assisted product workflows;
  • store chat history, attachments, generated output, and related project state so users can continue working across sessions;
  • process prompts, repository context, and attachments with AI providers and related systems used to operate the service;
  • monitor performance, investigate incidents, prevent abuse, troubleshoot issues, and improve the service;
  • communicate with users about the service, onboarding, demos, support, and updates; and
  • comply with legal obligations, enforce our terms, and protect our users, systems, and rights.

6. AI Processing and Model Providers

Kosuke does not use customer workspace content such as repositories, prompts, code, attachments, and project data to train its own general-purpose AI models.

When we send prompts, repository context, attachments, or related output to third-party AI providers in order to provide AI features, those providers process that data under their own terms and technical controls. Where Kosuke controls the provider relationship, we seek to use business or API offerings and available settings intended to limit provider use of submitted content for model training. Provider-specific data use practices, retention periods, and available opt-out or zero-retention controls can vary by provider and by configuration.

If your organization configures its own AI provider credentials, your organization is responsible for reviewing the provider's terms, retention practices, and any available data-use controls. Kosuke does not currently offer a single in-product switch that overrides every provider's own retention or model-training policy.

7. Legal Bases for Processing

We rely on one or more of the following legal bases:

  • Contract: when processing is necessary to provide the service or respond to requests.
  • Legitimate interests: when we secure the platform, prevent abuse, investigate incidents, maintain logs, and improve reliability and product quality.
  • Consent: when we rely on cookie consent for optional analytics, diagnostics, or marketing technologies, or where you opt into certain communications.
  • Legal obligation: when we must retain or disclose data to comply with applicable law.

8. Service Providers and Third-Party Platforms

We use third-party platforms in different roles depending on the service involved. The categories below are intended to explain the main kinds of providers we use and the kinds of data they typically handle. Specific providers may change over time as the service evolves.

  • Authentication and workspace management: Clerk. This can include account identifiers, authentication data, session data, and workspace membership data.
  • Repository integration and developer workflow: GitHub. This can include connected repository metadata, webhook events, branch and pull request information, and customer-authorized repository access.
  • Storage, databases, and preview infrastructure: DigitalOcean Spaces, Neon, and Supabase. This can include attachments, project records, preview or sandbox metadata, and related service data needed to operate the platform.
  • Website publishing and consent management: Ghost and Cookiebot. This can include public-page content, website forms or signup records, and consent records.
  • Analytics, diagnostics, and observability: Plausible, PostHog, Sentry, Langfuse, and BetterStack. This can include usage events, crash or error diagnostics, logs, traces, and operational telemetry.
  • Communications and notifications: Slack. This can include limited operational alert content and internal notifications.
  • AI inference providers: Anthropic, AWS Bedrock, and Google Gemini. This can include prompts, repository context, attachments, and generated output processed as needed to provide AI features.
  • Public-site marketing and conversion measurement: Reddit, X, and Meta. This can include public-site marketing, attribution, and conversion-measurement data, subject to consent where applicable.

9. Cookies and Analytics

Cookiebot is the consent manager used on Kosuke properties where cookie consent is enabled.

  • On kosuke.ai, Cookiebot is used to manage consent for optional analytics and marketing technologies on the public site.
  • The public site currently includes Plausible and marketing pixels from Reddit, X, and Meta.
  • On app.kosuke.ai, client-side analytics and diagnostics tools are enabled only after the relevant consent is available through Cookiebot.
  • On app.kosuke.ai, signed-in users can manage, change, or withdraw consent through Cookiebot in the product, including from Settings > Security.
  • On kosuke.ai, visitors can manage, change, or withdraw consent at any time using the Cookiebot control available on the site, including the persistent cookie settings control shown on the page.

See our Cookies Policy for more detail.

10. Retention

We retain data for as long as reasonably necessary to provide the service, secure the platform, comply with legal obligations, resolve disputes, and enforce our agreements.

In general:

  • account and workspace data are retained while the relevant account or workspace remains active;
  • project data, chat history, attachments, generated output, and related records are retained while the related workspace and project remain active;
  • sandbox and preview resources are typically temporary and may be deleted under our normal retention and cleanup processes;
  • encrypted AI credentials are retained until removed by an administrator or until the related workspace is deleted; and
  • logs, analytics, diagnostics, and marketing-related records are retained according to operational needs and provider retention settings.

Limited copies of certain data may remain in backups, logs, or security records for a limited period after deletion.

11. Deletion Requests, Termination, and Privacy Rights

Depending on your location, you may have rights to access, correct, delete, port, restrict, or object to certain processing, and to withdraw consent for optional processing.

Kosuke currently supports deletion and privacy requests through product workflows and support processes, including:

  • account deletion requests;
  • workspace or organization deletion by authorized administrators;
  • removal of stored AI-provider credentials and related configuration; and
  • cleanup of related application and infrastructure resources where applicable.

When an account or workspace is deleted or a customer relationship ends, the following general lifecycle applies:

  • source repositories remain in the customer's GitHub account or other external systems under the customer's control;
  • branches, pull requests, commits, or other artifacts already created in customer-controlled repositories remain in those repositories until the customer deletes them;
  • chat history, attachments, generated output, project metadata, and other records stored in Kosuke production systems are deleted or deactivated under our normal retention and cleanup processes, subject to any required retention;
  • sandbox, preview, and related temporary resources are removed under our normal cleanup processes; and
  • limited copies may remain in backups, audit trails, and security logs for a limited period where needed for resilience, fraud prevention, legal compliance, or dispute resolution.

Customers should export or retain any data they need before requesting workspace deletion or termination. Export and retrieval options may vary by data type and workflow.

We may retain limited data after deletion where necessary for backups, security, fraud prevention, legal compliance, or dispute resolution.

To exercise privacy rights or request deletion assistance, email privacy@kosuke.ai.

12. Security

We use technical and organizational safeguards designed to protect personal data and customer content, including access controls, transport encryption, encrypted storage of supported credentials, and secured file storage.

13. International Transfers

Kosuke and our providers may process data in the United States, the European Union, and other jurisdictions where our providers operate. Where required, we rely on appropriate safeguards for international transfers.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes to the product, our providers, our legal obligations, or our operational practices. When we do, we will update the date associated with this policy.

15. Contact

For privacy questions, support, or deletion requests, contact privacy@kosuke.ai. You can also review our Terms and Conditions and Cookies Policy.