CodeFly
Version 1.0 · Last updated May 5, 2026

CodeFly Privacy Policy

This Privacy Policy explains how Shenzhen Baba Technology Co., Ltd. ("CodeFly", "we", "us", or "our") handles data for CodeFly Host, CodeFly mobile apps, CodeFly Relay, the CodeFly website, documentation, support, and related services.

Summary

  • Direct Mode does not require OAuth sign-in and does not route session traffic through CodeFly Relay.
  • CodeFly Relay uses Relay entitlements and subscribed host seats. OAuth sign-in lets a user's entitlement work across their own devices.
  • CodeFly cannot access data transmitted between the phone and host, and does not record transmitted content.
  • Provider sessions remain on the user's host computer.
  • Users can delete OAuth-linked profile, Relay, and device data from inside the app, or contact support if they cannot access the app.

Product Surfaces Covered

This policy covers CodeFly Host, CodeFly mobile apps, CodeFly Relay, OAuth-linked user profile and billing systems, the CodeFly website, support, feedback, and operational systems. Provider tools such as Codex and Claude Code have their own privacy and data handling practices.

Data In Direct Mode

Direct Mode connects the mobile app directly to the host. CodeFly servers do not need to process Direct session traffic. If the user does not sign in with an OAuth provider, use Relay, submit feedback, or contact support, CodeFly may have no server-side user profile for that Direct-only use.

Direct Mode data may include host identity, mobile device identity, paired device public keys, Direct auth tokens, Direct auth token hashes, local host configuration, local app preferences, and cached UI state. This data is stored on user-controlled devices unless the user separately uses OAuth sign-in, support, diagnostics, or Relay features.

Data In CodeFly Relay

CodeFly Relay uses CodeFly infrastructure to route encrypted traffic between phone and host. Relay-side data may include OAuth-linked user identity, OAuth provider identifiers, subscription and host-seat records, host binding identifiers, host public keys and fingerprints, device identifiers and public keys used for routing, host online/offline presence, connection timestamps, operational logs, IP-derived network metadata, message sizes, push notification tokens, notification metadata, and billing provider references.

Relay-side data is used to provide OAuth sign-in, billing, host routing, notifications, abuse prevention, reliability, and support.

Data CodeFly Relay Does Not Store

CodeFly Relay does not store plaintext transmitted content such as prompts, assistant responses, source code sent through CodeFly frames, command output, approval prompt details, choice question details, diffs returned inside encrypted app frames, provider-native session databases, or provider account tokens stored by Codex or Claude Code on the user's computer.

Application payloads are encrypted between the phone and host. The Relay forwards encrypted frames and needs routing metadata to deliver them.

Data Stored On The Host And Phone

CodeFly Host may store host identity and secret key, paired device records, Relay binding records, Relay host credentials, host configuration, runtime configuration, and host-side certificate and key files. By default, CodeFly Host stores this data in ./data under the directory where codefly is launched. Users can change the location with HOST_CLIENT_DATA_DIR.

The mobile app may store device identity and secret key, paired host public keys and fingerprints, Direct auth tokens, OAuth session tokens used for Relay access, local app preferences, and cached UI state.

Billing, Diagnostics, And Support

Relay subscriptions require billing records such as plan name, subscribed host count, trial state, subscription status, billing provider references, and purchase or renewal metadata. Payment method details are handled by the applicable payment platform, not stored directly by CodeFly.

CodeFly may collect operational diagnostics needed for routing, abuse prevention, reliability, billing integrity, support, and security. Diagnostics should not include plaintext coding session content. Feedback submitted through the app or website may include contact information if the user chooses to provide it.

Data Deletion

Open CodeFly, go to Settings, then choose Delete My Data at the bottom of the Settings page. The app shows a timed warning and a final confirmation before deleting account data. Automated deletion requires a linked OAuth identity so CodeFly can verify which account owns the data.

The deletion flow removes or revokes OAuth-linked account links, Relay host bindings and occupied host seats, signed-in device links, active CodeFly API tokens, installation push-token/user linkage, and active subscription entitlement links. OAuth identity rows are anonymized so the original provider identity can no longer map back to the deleted CodeFly account.

CodeFly keeps non-identifying subscription and order history where needed for audit, billing integrity, service integrity, and abuse prevention. Deleting CodeFly data does not cancel App Store, Google Play, or other payment-platform auto-renewal. Cancel any active subscription in the relevant payment platform before deleting data if you do not want future renewals.

If you cannot access the app, visit Delete My Data, submit a request through Feedback, or contact codefly@babatech.cn.

Retention

CodeFly retains data only as long as reasonably needed for service operation, security, abuse prevention, billing integrity, legal compliance, support, and backup integrity. Plaintext session content should not be retained by CodeFly Relay because it should never be received in plaintext.

OAuth-linked account records are removed or anonymized when the in-app deletion flow succeeds. Active Relay bindings, signed-in devices, push token links, and entitlement links are removed when the account deletion flow succeeds. Operational logs, billing records, support records, and encrypted backups may be retained for limited periods as needed for reliability, security, dispute handling, store compliance, and service integrity.

Subprocessors

CodeFly may use third-party service providers for hosting, authentication, billing, app distribution, push notifications, crash reporting, support, analytics, diagnostics, and infrastructure operations. These providers process data only as needed to provide their services to CodeFly.

Contact And Changes

Users can contact CodeFly for privacy requests at codefly@babatech.cn. CodeFly may update this policy as the product, infrastructure, or legal requirements change.