Privacy Policy

Controller and contact

MENTOR is operated by Gosu Choi, who is responsible for processing personal information used in the MENTOR website, VS Code extension, backend APIs, repository-analysis workflows, and account pages.

Privacy requests, deletion requests, and questions may be sent to contact@ai-code-mentor.com.

Account and authentication data

When you sign in with Google, MENTOR requests only the openid, email, and profile scopes, then receives and stores the Google subject identifier, verified email address, display name, and avatar URL when available. MENTOR does not receive your Google password.

MENTOR stores account state needed to operate access controls, including user ID, account status, remaining credits, credit transaction records, terms acceptance time, terms version, and related timestamps.

MENTOR stores session and token records needed for web and VS Code authentication, such as session token hashes, access token hashes, refresh token hashes, expiry times, revocation status, OAuth state, and temporary pending sign-up records.

Repository and service-use data

To provide repository-aware features, MENTOR may process repository IDs, remote fingerprints, display names, visibility status, public clone URLs, selected branches or comparison refs, file paths, diffs, extracted code regions, dependency or graph data, and language preferences.

MENTOR may also process user instructions, tour-generation requests, generated tour steps, step-level file references, follow-up questions, discussion history, answers, request IDs, error or refund states, and credit balance changes.

For supported repositories, MENTOR may keep server-side repository caches or analysis repositories. Public repositories may be synchronized from public clone URLs, and private repositories may be synchronized from Git objects or selected context sent by the VS Code extension.

Purpose of processing

MENTOR processes this data to authenticate users, create and manage accounts, enforce access and credit limits, connect the website with the VS Code extension, register repositories, generate tours and Q&A replies, show usage history, and provide support.

MENTOR also processes data to maintain service reliability, debug failures, restore credits when appropriate, prevent abuse, secure authentication flows, improve product quality, and comply with legal obligations.

AI providers and other processors

When AI features are used, MENTOR sends prompts, repository-derived code context, diffs, questions, history, and related metadata to configured AI providers, currently including OpenAI-backed services where configured by the operator.

MENTOR uses Google OAuth for sign-in and may use hosting, database, network, email, logging, or infrastructure providers to operate the service. These providers process data only as needed to provide their services to MENTOR.

Depending on the provider infrastructure, data may be processed in countries outside Korea. MENTOR does not sell personal information.

Cookies, local storage, and technical records

MENTOR uses cookies and similar identifiers for essential functions such as web sessions, OAuth state validation, pending sign-up, language preference, and safe navigation after sign-in.

The VS Code extension may store authentication tokens in the secure storage provided by VS Code. MENTOR systems may also process technical connection records, request metadata, and error information for security and operation.

Retention and deletion

MENTOR keeps account data while the account is active or as needed for service operation, legal compliance, dispute handling, security, and abuse prevention. Temporary pending Google sign-up records currently expire after 30 minutes and are deleted after expiration or completion.

Repository caches, generation logs, discussion logs, credit transaction records, and operational records may be retained as needed to provide history, debug the service, audit credit use, support users, and protect the service.

Users may request account or data deletion by contacting MENTOR. Some records may remain if retention is required by law, needed for security or dispute handling, or technically necessary in backups until they are rotated or deleted.

When data is deleted from active systems, MENTOR deletes electronic records, removes repository cache files where applicable, or renders data non-identifying when direct deletion is not technically practical.

User rights and choices

Subject to applicable law, you may request access, correction, deletion, suspension of processing, or withdrawal of consent for your personal information by contacting contact@ai-code-mentor.com.

Some requests may limit or prevent use of MENTOR because account identity, authentication state, repository context, and usage records are necessary for core service features.

Security

MENTOR uses safeguards such as hashed session and token storage, account-based access checks, repository ownership checks, database access controls, operational logging, and cache deletion controls where available.

No online service can guarantee perfect security. Users should avoid submitting secrets or sensitive personal data unless submission is authorized and necessary for the intended workflow.

Children and sensitive information

MENTOR is intended for developers and teams who can lawfully use development tools and submit repository context. The service is not directed to children under 14.

MENTOR does not intentionally request sensitive personal information. If repository content contains sensitive information, the user is responsible for confirming that processing through MENTOR is lawful and appropriate.

Changes to this policy

MENTOR may update this Privacy Policy as the service, data flows, providers, retention rules, or legal requirements change. The updated policy will be posted on the service with a revised effective date.

Material changes may be announced through reasonable service notices. Continued use of MENTOR after the effective date means the updated policy applies to your use of the service.