privacy policy

code content — when you format code using the browser extension, your code is sent over https to codefmt.dev/api/format for processing. during the request, the code is held in short-lived in-memory buffers and written to an ephemeral per-request temporary file so the formatter and linter tools (biome, oxlint, ruff) can read it — these tools require files on disk and do not accept stdin. the temporary file lives in an isolated directory named with a random uuid and is deleted before the api response returns, regardless of whether formatting succeeded or failed. the code is never persisted to any database, never written to long-term storage, never logged, and never shared with third parties.

website formatting — when you format code on codefmt.dev, formatting runs entirely in your browser via webassembly. your code never leaves your device. javascript lint diagnostics are processed server-side via the same ephemeral-file, no-persistence path described above.

settings — your formatting preferences are stored in your browser's localStorage. the browser extension can read these settings via the sync feature. no settings data is sent to any server.

shared snippets — if you click "share" on a formatted snippet, the original input and formatted output are sent to codefmt.dev/api/share and stored in a server-side in-memory cache for up to 30 days, then automatically deleted. the server returns a short id, and anyone with the resulting /s/[id] url can view that snippet. shared snippets are not encrypted and are not protected by any authentication — treat the share link like a public paste. no shared snippet data is written to a database or persistent disk, and it is lost whenever the server instance restarts. if you did not explicitly click "share", no snippet is ever created.

ip address (rate limiting only) — the /api/format and /api/share endpoints read the ip address that vercel attaches to each request (x-real-ip) and hold it in a short-lived in-memory counter for up to 60 seconds purely to enforce per-ip rate limits. the counter is never persisted. if a request exceeds the rate limit, the ip is written to a single runtime log line (visible only to the site operator via vercel logs) so abuse can be investigated; these log lines roll off with vercel's default log retention and are never sold, shared, or correlated with any user identity.

vercel — hosts the website and api. vercel collects anonymous, aggregated analytics (page views, web vitals) with no personal identifiers. see vercel's privacy policy.

sentry — monitors application errors on the website. sentry receives error stack traces and browser metadata only. our sentry configuration does not enable request body capture, personally identifiable information capture (sendDefaultPii), or session replay, so user code content is never sent to sentry. see sentry's privacy policy.

the codefmt browser extension (chrome and firefox) operates only on supported automation platform websites: zapier, n8n (n8n.io and n8n.cloud), pipedream, make (both make.com and the legacy integromat.com domain), and hubspot (including hubspot design manager for hubl templates). it does not run on any other website.

the extension reads code from the platform's editor, sends it over https to codefmt.dev/api/format for formatting, and writes the formatted result back to the editor. the same ephemeral-processing policy described in "what we collect" applies: the code is held in short-lived buffers and an ephemeral per-request temporary file that is deleted before the api response returns, and it is never persisted, logged, or shared.

the extension stores your formatting preferences locally using chrome.storage.local (or the firefox equivalent). this data never leaves your browser.