01 Overview
CodeStudio ("we", "our", or "the Service") is a free, browser-based integrated development environment at codestudio-ide-17b87.web.app. This policy explains how we collect, use, store, and protect your information.
CodeStudio is built privacy-first: the core editor runs entirely in your browser. Most data never leaves your device unless you deliberately use cloud features — accounts, Google Drive sync, live collaboration, or the AI assistant.
By using CodeStudio, you agree to the practices described here. If you disagree with any part, please discontinue use.
02 Data we collect
What you provide
- Account details — name, email, and profile picture when you sign in with Google or create a local CodeStudio account.
- Code & projects — your code and file content when saved locally (browser only) or synced to the cloud.
- AI prompts — text messages and attached files you send to the Gemini AI assistant.
- Hub content — project titles, descriptions, tags, images, and comments you publish publicly.
- API keys — Gemini API keys you add in Settings. Stored in your browser only — never sent to our servers.
Collected automatically
- Usage analytics — via Firebase Analytics: page views, feature interactions, session duration, error events (anonymous).
- Device & browser info — browser type, OS, language, screen resolution (collected by Firebase and Google AdSense).
- IP address — collected by Firebase, Google AdSense, and PeerJS for connection routing. Not stored long-term by us.
- Advertising signals — by Google AdSense to serve and measure ads (see §11).
- Collaboration session data — editor operations transmitted via Yjs CRDT to real-time peers.
03 Local storage & browser data
CodeStudio stores the majority of your data locally in your browser
using localStorage and sessionStorage. This data never
leaves your device unless you explicitly sync it.
| Key | What it stores | Where |
|---|---|---|
cs_v9_db | All projects, code files, file structure | localStorage |
cs_v9_user | Signed-in user profile (name, email, avatar) | localStorage |
cs_accounts_v2 | Local CodeStudio accounts (password hash, not plaintext) | localStorage |
cs_v9_bps | Debugger breakpoints per project | localStorage |
cs_v9_courses | Custom Learning Center courses | localStorage |
cs_stat_* | Coding statistics (keystrokes, lines, sessions) | localStorage |
cs_theme_* | Selected theme and custom color preferences | localStorage |
cs_groq_key | Your personal API key for AI services | localStorage |
cs_v9_db_session | Temporary session backup of project data | sessionStorage |
Local accounts store passwords as a SHA-256 hash — plaintext is never stored anywhere. You can export an encrypted Account Token to restore your account on another device.
04 User accounts
Guest mode (no account)
Full editor access, no registration. All data stays in your browser. No personal information is collected or transmitted.
Local CodeStudio account
Username and password stored locally in your browser. Password is hashed with SHA-256 before storage. Credentials are not transmitted to any external server unless you use the Account Token export feature.
Google Sign-In (Firebase Auth)
When you sign in with Google, Firebase Authentication processes your Google OAuth token. We receive your display name, email address, and profile photo URL. This is stored in localStorage and synced to Firebase to enable cross-device workspace restoration and Hub participation.
Google Sign-In is governed by Google's Privacy Policy.
05 Firebase services
CodeStudio uses several Google Firebase services. Firebase may collect standard telemetry including IP addresses, device identifiers, and usage events per Firebase's Data Processing Terms.
| Service | Purpose | Data involved |
|---|---|---|
| Firebase Auth | Google Sign-In authentication | Name, email, Google UID, profile photo |
| Firebase Realtime DB | Room discovery, Hub feed, collaboration sessions | Room metadata, Hub projects, user profiles, session data |
| Firebase Storage | Hub project assets and cover images | Images and files you upload to the Hub |
| Firebase Hosting | Serving the CodeStudio application | Standard server logs (IP, user-agent, URL, timestamp) |
Firebase project ID: codestudio-ide-17b87. Your use of Firebase-powered features is also subject to Google's Privacy Policy.
06 Google Drive sync
Optional Google Drive integration lets you back up and restore your full project workspace. This requires explicit authorization via Google OAuth.
- We request limited Drive scope — access only to files created by CodeStudio, not your entire Drive.
- Your code and projects are uploaded to your own Google Drive — not our servers.
- Revoke access anytime through your Google Account Permissions.
- Governed by the Google Privacy Policy and Google API Services User Data Policy.
07 AI assistant (Google Gemini)
CodeStudio's AI code assistant is powered by Google Gemini. When you use AI chat, fix-code, or explain-code:
- Your prompts, selected code, and attached files are sent directly to the Gemini API.
- Requests use a Gemini API key you provide, stored locally in your browser only.
- We do not proxy, log, or store your AI conversations on our servers.
- The AI Skills Manager stores custom instructions locally in your browser.
- AI usage statistics (token count per session) are tracked locally only.
Available models include Gemini 2.5 Flash, Gemini 2.5 Pro, Gemini 2.5 Flash-Lite, Gemini 2.0 Flash, and Gemma 3 27B. Model selection is stored locally.
08 Live collaboration
Real-time collaboration is powered by Yjs CRDT and PeerJS (WebRTC).
What's shared during a session
- Your display name and avatar are visible to all room participants.
- Your cursor position and selection are broadcast live.
- All keystrokes and code edits are transmitted in real time.
- Chat messages are visible to all room participants.
- Direct messages are peer-to-peer and not stored on our servers.
- Session recordings are saved locally as JSON — not stored by us.
Public vs. private rooms
- Public rooms are listed in Firebase and discoverable by any CodeStudio user.
- Private rooms require a password and are not listed publicly.
- Room metadata is stored temporarily in Firebase while the room is active.
Whiteboard
Whiteboard content is synchronized live across participants and not persistently stored on our servers.
09 Voice & video huddle (WebRTC)
Voice and Video Huddle uses WebRTC peer-to-peer connections via PeerJS. Audio and video streams flow directly between participants' browsers — not through our servers.
- We do not record, store, or process any voice or video streams.
- PeerJS's signaling server facilitates initial connection setup and may process connection metadata temporarily.
- Screen share data flows peer-to-peer via the same WebRTC channel and is not logged.
- Microphone and camera permissions are browser-controlled and can be revoked at any time.
10 CodeStudio Hub
The Hub is a public community platform for publishing and discovering projects. When you use it:
- Published projects are publicly visible — title, description, tags, cover image, and preview link.
- Your display name and avatar appear on your projects and developer profile.
- Comments and stars are associated with your account and are public.
- Follow relationships are stored in Firebase and visible on profile pages.
- Notifications (stars, comments, follows) are stored in Firebase Realtime Database.
- The report system submits project ID, reason, and your UID to Firebase for admin review.
11 Advertising (Google AdSense)
CodeStudio is a free service supported by advertising via
Google AdSense (Publisher ID: ca-pub-3791065367341476).
How ads appear
A non-intrusive ad overlay may appear after approximately 30 minutes of active coding time — measured by real keyboard/mouse activity while the tab is visible. The ad can be immediately closed. Background or idle tabs do not count toward the timer.
- Ad unit slot:
9965839130 - Ads only appear during genuine user engagement, per AdSense policy.
What AdSense collects
- Serves personalized ads based on browsing history and interests.
- Measures ad performance and prevents fraud.
- Limits how often you see a particular ad.
Your ad choices
- Opt out of personalized ads at Google Ad Settings.
- Also opt out via the Digital Advertising Alliance or Your Online Choices (EU).
- Browser ad blockers may prevent ads from loading.
ads.txt file authorizes only
google.com, pub-3791065367341476, DIRECT, f08c47fec0942fa0.
Only Google AdSense is authorized to sell advertising on our domains.
12 Cookies & tracking
CodeStudio itself does not set first-party cookies. Third-party services we integrate may set cookies:
| Service | Purpose | Type |
|---|---|---|
| Google AdSense | Ad targeting, frequency capping, fraud prevention | Third-party, persistent |
| Firebase Auth | Maintaining your signed-in session | Third-party, session/persistent |
| Firebase Analytics | Usage analytics and performance monitoring | Third-party, persistent |
| Google Drive API | OAuth authentication tokens | Third-party, session |
| Gemini API | API session authentication | Third-party, session |
You can manage and delete cookies through your browser settings. Disabling certain cookies may affect sign-in and cloud features.
13 Third-party services
Each service is governed by its own privacy policy. We do not sell your personal information to any third party.
| Service | Purpose | Privacy policy |
|---|---|---|
| Google Firebase | Auth, database, hosting, storage | firebase.google.com/support/privacy |
| Google AdSense | Display advertising | policies.google.com/privacy |
| Google Drive API | Cloud project storage | policies.google.com/privacy |
| Google Gemini API | AI code assistant | ai.google.dev/terms |
| PeerJS / WebRTC | P2P voice, video, and collaboration | peerjs.com |
| Yjs | Real-time collaborative editing | Open-source; no data collection |
| Prism.js | Syntax highlighting | Open-source; no data collection |
| GitHub (CDN) | Delivering open-source library assets | GitHub Privacy |
14 Data retention
| Data type | Retention period | How to delete |
|---|---|---|
| Local projects & settings | Until you clear browser data | Clear site data in browser settings |
| Firebase account data | Until account deletion | Contact us to delete your Firebase account |
| Hub published projects | Until you delete them | Delete from Hub Settings in-app |
| Collaboration room data | Duration of active session only | Automatic on room closure |
| Firebase Hosting logs | Per Firebase retention policy | Governed by Firebase data retention terms |
| AdSense data | Per Google's advertising data policies | Google Ad Settings / opt-out |
| Gemini AI prompts | Per Google Gemini API data policy | Governed by Google AI terms |
15 Security
- HTTPS everywhere — all data transmitted between your browser and our services is TLS-encrypted.
- Password hashing — local account passwords are stored as SHA-256 hashes; plaintext is never stored or transmitted.
- Firebase Security Rules — our Realtime Database restricts read/write access to authorized users only.
- API keys are local — your Gemini API keys are stored only in localStorage, never transmitted to our servers.
- P2P architecture — voice, video, and collaboration data flows directly between peers, reducing attack surface.
16 Children's privacy
CodeStudio is not directed at children under 13 (or the minimum digital age of consent in your country). We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child has provided personal information, please contact us (§19). We will remove such information and terminate any related account.
Google AdSense is configured for general audiences. We do not configure ad targeting toward children.
17 Your rights
For all users
- Access: View all locally stored data by inspecting your browser's localStorage.
- Deletion: Clear browser site data to delete all local data. Contact us to delete Firebase account data.
- Portability: Export projects as ZIP files or use the Account Token export feature.
- Opt out of ads: Use Google Ad Settings or browser opt-out tools (§11).
- Revoke Google access: Remove authorization through your Google Account permissions.
EU / EEA residents (GDPR)
Under GDPR, you have rights to access, rectification, erasure, restriction of processing, objection, and data portability. You may also lodge a complaint with your local data protection authority.
Our legal bases: consent (optional cloud features and AI), legitimate interests (providing and improving the service), and contract performance (features you explicitly use).
California residents (CCPA/CPRA)
California residents have the right to know, delete, and opt out of the sale of personal information. We do not sell personal information. Contact us (§19) to exercise your rights.
Other jurisdictions
We respect applicable data protection laws globally. Contact us for requests related to LGPD, PIPEDA, PDPA, or any other applicable law.
18 Policy changes
We may update this policy to reflect changes in our practices, features, or legal requirements. When we make material changes:
- The "Last updated" date at the top of this page is revised.
- A notice may appear within the CodeStudio application (via the What's New modal).
- For significant changes affecting personal data handling, we provide more prominent notice.
Continued use of CodeStudio after changes are posted constitutes acceptance of the updated policy. We encourage periodic review.
19 Contact
Questions, concerns, or requests about this policy or how we handle your data:
CodeStudio
Developed by planetb00m
Bug reports & issues
github.com/asser20102040-png/CodeStudio-IDE/issues
Live IDE
codestudio-ide-17b87.web.app
Documentation
planetb00m.github.io/CodeStudio-IDE/docs.html
We aim to respond to all privacy-related inquiries within 30 days.