Effective Date: December 24, 2025
Welcome to AI-ERD. This Privacy Policy explains how Codelive Inc. ("Company," "we," "us," or "our") collects, uses, discloses, and protects your information when you use our database diagram design tool with optional AI features via MCP integration at ai-erd.com ("Service").
We are committed to protecting your privacy and handling your data transparently. Please read this Privacy Policy carefully to understand our practices regarding your personal data.
Company Information:
Term | Definition |
"Customer Data" | Data, files, diagrams, schemas, and other content that you upload, create, or store through the Service |
"Other Information" | Information collected automatically or provided by you that is not Customer Data, including account information, usage data, and device information |
"Personal Data" | Any information relating to an identified or identifiable natural person, as defined under applicable data protection laws |
"Service" | The AI-ERD platform, including all features, tools, APIs, and related services provided through ai-erd.com |
"User," "you," or "your" | Any individual or entity that accesses or uses the Service |
"Third-Party Services" | External services, applications, or platforms that integrate with or are accessed through the Service |
This Privacy Policy applies to:
This Privacy Policy does not apply to:
For Customer Data (your diagrams, schemas, and files):
For Other Information (account data, usage analytics, etc.):
Customer Data is information you create or upload to the Service:
Data Type | Examples |
Diagrams and Schemas | ERD diagrams, database schemas, table structures |
Exported Files | SQL files, JSON exports, images (PNG, SVG) |
Project Information | Project names, descriptions, notes |
Important: We do not use Customer Data to train our own AI or machine learning models. If you choose to use AI features via MCP, your diagram data may be processed by third-party AI tools you connect (see Section 14.3).
We collect Other Information in the following ways:
Data Type | Examples |
Account Information | Name, email address (from OAuth provider or email sign-in) |
Profile Information | Display name, profile picture (if provided) |
Communications | Support requests, feedback, survey responses |
Data Type | Examples |
Usage Data | Features used, actions taken, timestamps |
Device Information | Browser type, operating system, device type |
Log Data | IP address, access times, pages viewed |
Cookies | Session identifiers, preferences |
Source | Data Type |
OAuth Providers | Basic profile information (name, email, profile picture) |
Analytics Services | Aggregated usage statistics |
We may introduce advertising on the free tier; however, we do not use Customer Data (such as your diagrams or schemas) to target or personalize ads.
We use Customer Data only to:
We do NOT use Customer Data to:
We use Other Information to:
Purpose | Description |
Service Provision | Create and manage your account, authenticate access |
Service Improvement | Measure and understand how the Service is used (subject to cookie consent where required by law) to improve features and performance |
Communication | Send service announcements, respond to inquiries |
Security | Detect and prevent fraud, abuse, and security threats |
Legal Compliance | Comply with applicable laws and regulations |
Advertising (if introduced for free tier) | Display ads, measure ad performance, and prevent ad fraud (subject to cookie consent where required by law) |
If you are in the European Economic Area (EEA), United Kingdom, or other jurisdictions requiring a legal basis for processing, we rely on the following:
Legal Basis | Applies To |
Contract Performance | Processing necessary to provide the Service you requested (account creation, diagram storage, exports) |
Legitimate Interests | Service improvement, security, and fraud prevention; and limited measurement/analytics that does not require consent under applicable law. |
Consent | Analytics cookies and similar technologies (and any advertising-related cookies/IDs), where consent is required by law. |
Legal Obligation | Compliance with applicable laws, responding to legal requests |
You may withdraw consent at any time by contacting us or adjusting your settings.
For analytics cookies and similar technologies, we rely on consent where required by law.
We do not sell personal information as that term is defined under applicable law.
We use the following service providers to operate our Service:
Provider | Purpose | Data Shared | Location |
Cafe24 (Hosting) | Cloud infrastructure, hosting | Customer Data, Account Data | Korea |
Google Analytics | Usage analytics | Usage data (may include cookie/identifier data where applicable) | Global (as determined by Google) |
Sentry | Error & performance monitoring | Error/diagnostic data (e.g., stack traces, device/browser info, limited request context) | Global (as determined by Sentry) |
Payment Provider (if paid services are introduced) | Payment processing | Payment information | Korea/USA (as determined by provider) |
You may sign in using Google, GitHub, Microsoft, or email. These authentication providers process certain information (such as your name, email address, and profile information) under their own terms and privacy policies. We receive limited account information from them to authenticate you and operate the Service.
We may disclose your information:
Circumstance | Description |
With Your Consent | When you explicitly authorize sharing |
Service Providers | To vendors who assist in operating the Service, under confidentiality agreements |
Legal Requirements | To comply with laws, regulations, legal processes, or government requests |
Safety and Rights | To protect the rights, property, or safety of Codelive Inc., our users, or the public |
Business Transfers | In connection with a merger, acquisition, or sale of assets (with notice to you) |
We may introduce advertising on the free tier. If we do, we may use third-party advertising partners to display ads and measure performance. Depending on the configuration, this may involve sharing device and usage information (such as cookie/identifier data where applicable, IP address, and basic log/interaction data) for ad delivery, frequency capping, measurement, and fraud prevention.
We do not use Customer Data (your diagrams, schemas, and files) to serve targeted or personalized advertisements. Where required by law, we will obtain consent for advertising cookies or similar technologies and provide controls to opt out. If we introduce advertising, we will disclose whether ads are personalized and provide required choices/opt-outs (including where advertising cookies are used).
You may also contact us at [email protected] to submit opt-out requests where applicable.
Your data is primarily stored on servers located in the Republic of Korea.
Some service providers (including Google Analytics and Sentry) may process certain personal information outside the Republic of Korea depending on their global infrastructure.
Where required by applicable law, we use appropriate safeguards and lawful transfer mechanisms for cross-border transfers (which may include Standard Contractual Clauses (SCCs) and/or other recognized mechanisms). Korea is recognized by the European Commission as providing an adequate level of protection for EU/EEA data transfers.
For transfers from the UK, we rely on the UK Addendum to the EU SCCs, the UK IDTA, or another valid transfer mechanism as required by UK law.
International transfers may include usage and device information (e.g., cookie/identifier data where applicable, IP address, user agent, access logs) and error/diagnostic data (e.g., error events, stack traces, performance data) to support analytics, monitoring, and Service reliability. Transfers occur over encrypted networks when you use the Service and when analytics/monitoring events are generated.
You can control non-essential analytics via our cookie consent settings (where available) and may contact us at [email protected] to exercise applicable privacy rights. Retention follows provider settings and our retention policy, and we keep information only as long as necessary unless a longer period is required by law.
Upon request, we will provide available details about the recipient and transfer safeguards.
If you are in the EEA, UK, or other jurisdictions with data transfer restrictions, you have the right to request information about the safeguards we use for international transfers.
Cookie Type | Purpose | Duration |
Essential Cookies | Authentication, security, basic functionality | Session / Persistent (depending on purpose) |
Analytics Cookies | Understanding how users interact with the Service | Up to 26 months (depending on your consent settings and provider configuration) |
We currently do not respond to "Do Not Track" browser signals. However, we honor Global Privacy Control (GPC) signals where required by law and technically feasible.
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy.
Data Type | Retention Period | Notes |
Customer Data | Until you delete it + 30 days | 30-day grace period for recovery |
Account Information | Duration of account + 30 days | Deleted after account termination |
Transaction Records | if applicable 5 years | Legal/tax requirements |
Server Logs | 3 months | Security and debugging |
Analytics Data | 26 months | Aggregated and/or de-identified where feasible |
Backup Data | 30 days | Rotating backup cycle |
We may retain data longer if required by law, legal proceedings, or to protect our legal rights.
We implement appropriate technical and organizational measures to protect your data:
Measure | Description |
Encryption in Transit | TLS 1.2+ for all data transmission |
Encryption at Rest | Encryption at rest where supported by our hosting and storage systems (e.g., AES-256) |
Access Control | Role-based access, principle of least privilege |
Authentication | OAuth 2.0 via trusted providers and/or email-based authentication (as applicable) |
Monitoring | Security logging and anomaly detection |
Employee Training | Regular security awareness training |
While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
Regardless of your location, you have the right to:
Right | Description |
Access | Request a copy of your personal data |
Correction | Request correction of inaccurate data |
Deletion | Request deletion of your data |
Export | Export your diagrams in standard formats |
Withdraw Consent | Withdraw consent for optional processing |
Brazil (LGPD). If you are located in Brazil, you may have rights under Brazil’s LGPD, including confirmation of processing, access, correction, anonymization/deletion, portability, information about shared recipients, and the right to revoke consent. You can exercise these rights by contacting us as described in Section 13.4. We process personal data in Brazil based on the legal bases available under the LGPD (such as consent, contract performance, legal obligation, or legitimate interests, as applicable). You may also lodge a complaint with the Brazilian National Data Protection Authority (ANPD).
Under GDPR and equivalent laws, you also have the right to:
Right | Description |
Restriction | Request restriction of processing |
Portability | Receive your data in a machine-readable format |
Object | Object to processing based on legitimate interests |
Automated Decisions | Not be subject to solely automated decision-making with legal effects |
Lodge Complaint | File a complaint with your local supervisory authority |
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Category | Examples | Collected |
Identifiers | Name, email, IP address | Yes |
Commercial Information | Transaction history (future) | Future |
Internet Activity | Browsing history, interactions with Service | Yes |
Geolocation | General location from IP address | Yes |
Professional Information | Company name (if provided) | Optional |
Inferences | Preferences derived from usage | Limited |
Right | Description |
Right to Know | Request disclosure of personal information collected, used, and disclosed |
Right to Delete | Request deletion of personal information |
Right to Correct | Request correction of inaccurate personal information |
Right to Opt-Out | Opt out of the sale or sharing of personal information |
Right to Non-Discrimination | Not receive discriminatory treatment for exercising your rights |
You may also submit opt-out requests by email as described in Section 13.4.
If we introduce advertising, certain disclosures or data sharing may be considered a “sale” or “sharing” under applicable law (including CPRA). Where required, we will provide opt-out mechanisms (e.g., cookie preferences, GPC, and/or in-Service controls).
We may also provide an online request form or in-Service controls (when available).
You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authorization.
To exercise any of these rights, please contact us at:
We will respond to your request within the timeframe required by applicable law (generally 30 days for GDPR, 45 days for CCPA).
You can update your account information by accessing your account settings or contacting us.
You can opt out of promotional emails by:
Note: You cannot opt out of transactional emails (e.g., security alerts, service announcements).
If you choose to use AI features via MCP, you may connect AI-ERD to third-party AI tools such as Claude Code. In this setup, Claude Code may request and receive your diagram data from AI-ERD through our MCP endpoint (e.g., create/get/list/update diagram tools) in order to generate suggestions or apply updates you request.
Any processing performed by the third-party AI tool (including how it uses the diagram data within that tool) is governed by that provider’s terms and privacy policy. The Company does not control the third-party AI tool’s processing and is not acting as a processor/subprocessor for that third-party AI tool in this user-managed integration.
You can choose not to use MCP-based AI features at any time.
You can manage cookies through:
Where required by law, we will not set non-essential cookies unless you consent.
The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. In some jurisdictions, different age thresholds may apply. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.
If you believe we have inadvertently collected information from a child under 16, please contact us immediately at [email protected].
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access.
If you are in the EEA or UK and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.
Korean residents may file complaints with:
We may update this Privacy Policy from time to time. We will notify you of material changes by:
The "Effective Date" at the top of this Privacy Policy indicates when it was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Codelive Inc.
For privacy-specific inquiries, please use the subject line: "Privacy Inquiry"
Last Updated: December 24, 2025