Privacy Policy

Last updated: March 2026

ICHI-CodAs is a research-oriented tool. We are committed to high standards of data protection and transparency. Following the principle of Data Minimization (GDPR), we process only the data strictly necessary to provide and improve the coding assistant.

User Responsibility: Please ensure your input is de-identified. Do not enter patient names, birth dates, or specific identifiers. This tool is designed for classification research only.

1. Hosting and Infrastructure

ICHI-CodAs uses a distributed architecture with components hosted by different providers:

  • Frontend (user interface): Hosted on Vercel, a global content delivery network. Static pages are served from the nearest edge location to the user.
  • Backend (coding logic): Hosted on Google Cloud Run in Frankfurt, Germany (EU). The CodAs backend logic runs within the European Union; from there, coding requests are forwarded to Anthropic (see below).
  • AI processing: Coding requests are forwarded to Anthropic (USA) for processing by Claude. This transmission is necessary to generate ICHI codes and is governed by Anthropic's own privacy policy.
  • Domain and verification tool: The domain ichi.codes is registered with Internex (Austria). The independent verification tool at verify.ichi.codes is hosted on an Austrian server.

The operator of ICHI-CodAs is based in Vienna, Austria (EU). All data processing decisions are subject to the General Data Protection Regulation (GDPR).

2. API Key Protection (Privacy by Design)

CodAs uses a Bring-Your-Own-Key model: you provide your own Anthropic API key to authenticate requests. Your key is handled as follows:

  • Depending on your choice, the key is stored either in your browser's session storage (deleted when the tab is closed) or local storage (persists until you clear it). It is never saved on any server.
  • When you submit a coding request, the key is transmitted to our backend solely to forward it to Anthropic for authentication. This is technically necessary and equivalent to entering a password on any website.
  • Your API key is never stored, logged, or retained on our servers. It exists in server memory only for the duration of the request and is discarded immediately after.
  • No part of your API key appears in any server log.

3. Optimization of the Assistant (Logging)

To improve the technical performance, mapping accuracy, and reliability of the ICHI-CodAs assistant, the text of your coding queries is logged on our server.

  • These logs allow us to identify cases where the assistant's interpretation of the ICHI framework needs refinement.
  • Logs are stored anonymously and are not associated with IP addresses or persistent user identifiers.
  • The data is used solely for the technical and scientific optimization of the ICHI-CodAs tool.

4. Analytics (Privacy-First)

We use Plausible.io for web analytics. Plausible is a privacy-focused tool that:

  • Does not use cookies.
  • Does not collect or store personal data. IP addresses and user-agent strings are processed transiently to generate anonymous, aggregate statistics (e.g. country of origin, device type) and are never stored in identifiable form.

5. Your Rights and Contact

Since we do not store personal identifiers (like IP addresses), we generally cannot link specific logs to individual users. However, you have the right to inquire about data processing at any time.

Responsible for Data Processing:
Manuel Roier
Vienna, Austria
Email: m.roier@kmlh.org