55dive

Privacy Policy

Last updated: May 7, 2026

1. Introduction

TD The Market Publishers Ltd., a private company registered in the Republic of Cyprus under registration number HE186602, with its registered office at Chrysanthou Mylona 1, 3030 Limassol, Cyprus, trading as "5dive" ("5dive", "we", "us", or "our"), provides software and managed infrastructure for operating AI coding agents and related development workflows. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you visit our websites, create an account, use our dashboard, provision servers, connect integrations, run agents, contact us, or otherwise use our services (collectively, the "Service").

For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the UK GDPR, and the Cyprus Law Providing for the Protection of Natural Persons with Regard to the Processing of Personal Data (Law 125(I)/2018), TD The Market Publishers Ltd. acts as the data controller for personal information we process for our own business purposes. When we process personal information contained in your projects, repositories, files, prompts, logs, agent messages, or other customer-controlled materials, we generally act as a data processor on your behalf under our agreement with you, and you are the controller.

2. Information We Collect

Information you provide

  • account information, such as name, email address, organization, role, and login details;
  • billing information, such as plan selection, payment status, invoices, tax details (including VAT identifiers where applicable), and transaction metadata;
  • support and sales communications, including messages, attachments, feedback, survey responses, and call notes;
  • server and integration settings, including domains, SSH keys, API keys, tokens, channel configuration, model provider choices, and repository permissions;
  • Customer Content, including code, repositories, prompts, files, project data, commands, logs, terminal output, agent messages, generated output, and configuration that you submit to or process through the Service.

Information collected automatically

  • usage data, such as pages viewed, features used, buttons clicked, agents created, commands run, session events, and workflow status;
  • device and log data, such as IP address, browser type, operating system, referring pages, request identifiers, access times, error logs, and diagnostic data;
  • infrastructure data, such as server identifiers, domains, health checks, resource usage, package or service status, backup or snapshot metadata, and audit logs;
  • cookies, local storage, pixels, analytics identifiers, and similar technologies (see Section 6).

Information from third parties

  • identity and authentication providers;
  • payment processors and billing platforms;
  • hosting, infrastructure, observability, analytics, and security providers;
  • model providers, messaging platforms, code hosts, package registries, and other integrations you connect;
  • public sources, referrals, partners, and lead providers where permitted by law.

3. How We Use Information

We use information to:

  • provide, operate, maintain, secure, troubleshoot, and improve the Service;
  • create and manage accounts, authenticate users, administer organizations, and enforce permissions;
  • provision, configure, monitor, update, back up, and support servers, agents, terminals, tools, and integrations;
  • process payments, invoices, renewals, taxes (including VAT), credits, disputes, and account notices;
  • respond to support, sales, security, legal, and operational requests;
  • send service notices, product updates, security alerts, administrative messages, and marketing communications where permitted;
  • detect, investigate, prevent, and respond to fraud, abuse, security incidents, unlawful activity, policy violations, and reliability problems;
  • analyze usage, measure performance, develop features, debug errors, and improve user experience;
  • comply with law, enforce agreements, resolve disputes, and protect the rights, property, and safety of 5dive, users, and others.

4. Customer Content, Code, and Agents

We treat Customer Content as confidential and use it to provide, secure, troubleshoot, and support the Service, comply with law, enforce our agreements, and protect users and infrastructure. Customer Content may be processed by agents, servers, logs, terminals, backups, snapshots, connected tools, and third-party services you enable.

We do not use your private Customer Content to train our own foundation models. Third-party model providers and agent tools may process prompts, files, outputs, logs, metadata, and other content according to their own terms and privacy policies when you connect or use them. You are responsible for deciding what Customer Content and credentials to provide to agents and integrations, and for ensuring you have the lawful basis and permissions required to do so.

5. How We Disclose Information

We do not sell personal information. We may disclose information in the following ways:

  • to vendors, sub-processors, and service providers that help us provide hosting, infrastructure, authentication, payments, analytics, email, support, security, observability, and other business functions, in each case under written contracts that impose data-protection obligations consistent with applicable law;
  • to third-party services, model providers, code hosts, messaging platforms, and integrations that you connect, authorize, or direct us to use;
  • to your organization, administrators, team members, and authorized users according to your account settings and permissions;
  • to comply with law, legal process, subpoenas, court orders, regulatory requests, sanctions, export controls, or government requests;
  • to investigate, prevent, or respond to fraud, abuse, security incidents, policy violations, technical issues, or harm to 5dive, users, or others;
  • in connection with a merger, financing, acquisition, bankruptcy, reorganization, sale of assets, or similar corporate transaction;
  • with your consent or at your direction.

6. Cookies and Analytics

We use cookies, local storage, analytics tools, and similar technologies to keep you signed in, remember preferences, protect accounts, measure traffic, understand product usage, debug errors, and improve the Service. In line with the EU ePrivacy Directive (2002/58/EC, as amended) and Cyprus Law 112(I)/2004, we set non-essential cookies (including analytics) only after we obtain your consent through our cookie banner. Strictly necessary cookies, which are required for the Service to function, are set without consent on the basis of our legitimate interests and the ePrivacy "strictly necessary" exception.

You can withdraw consent at any time through the cookie banner or your browser settings. Blocking essential cookies may prevent parts of the Service from working.

7. Legal Bases for Processing (EU/EEA/UK)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

  • Performance of a contract (Art. 6(1)(b)) — to create and operate your account, deliver the Service, process payments, provide support, and perform our obligations under these terms;
  • Legitimate interests (Art. 6(1)(f)) — to secure, monitor, maintain, troubleshoot, and improve the Service; prevent and investigate fraud and abuse; conduct internal analytics and product development; communicate about our products and operations; and protect our legal rights. We balance these interests against your rights and freedoms;
  • Consent (Art. 6(1)(a)) — for non-essential cookies, certain marketing communications, and other activities where we ask for your permission. You may withdraw consent at any time;
  • Compliance with legal obligations (Art. 6(1)(c)) — to comply with tax, accounting, anti-fraud, sanctions, and other legal requirements;
  • Vital interests and public interest (Art. 6(1)(d)–(e)) — in rare cases, where processing is necessary to protect a person's life or for a task carried out in the public interest.

When we process Customer Content on behalf of a customer, the customer determines the appropriate legal basis for that processing.

8. Data Retention

We retain personal information for as long as needed to provide the Service, maintain accounts, meet legal, tax, and accounting obligations (typically up to seven years for invoicing and tax records under Cyprus law), resolve disputes, enforce agreements, preserve security, prevent abuse, and maintain backups and audit records. Retention periods vary based on the type of information, account status, plan, feature, legal requirements, and operational needs.

If you delete an account, server, project, or item of Customer Content, we will delete or de-identify related personal information within a reasonable period unless retention is needed for legal, security, backup, billing, dispute, or abuse-prevention reasons. Backup and snapshot copies may persist for a limited period before being overwritten or deleted.

9. Security

We implement appropriate technical and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction, in line with GDPR Article 32. These measures include access controls, encryption in transit, monitoring, logging, and operational security practices. No method of transmission, storage, or processing is fully secure, and we cannot guarantee absolute security.

You are responsible for securing your account, devices, repositories, servers, SSH keys, API keys, model provider accounts, channel tokens, secrets, agent permissions, deployment workflows, and integrations. Do not submit special-category data under Article 9 GDPR or other sensitive regulated data unless your written agreement with us expressly permits it.

10. International Transfers

We and our service providers may process personal information in the European Economic Area, the United Kingdom, the United States, and other countries where we or they operate. Some of these countries may not provide the same level of data protection as your country of residence.

When we transfer personal information out of the EEA or the UK to a country that has not been recognized as providing an adequate level of protection, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (Decision (EU) 2021/914) and the UK International Data Transfer Agreement or Addendum, supplemented where necessary by additional technical and organizational measures. You may request a copy of the safeguards we use by contacting us.

11. Your Rights (EU/EEA/UK)

If you are in the EU, EEA, or UK, you have the following rights in respect of your personal information, subject to the conditions and exceptions set out in the GDPR and UK GDPR:

  • access to your personal information and information about how it is processed;
  • rectification of inaccurate or incomplete personal information;
  • erasure (the "right to be forgotten") in certain circumstances;
  • restriction of processing in certain circumstances;
  • data portability, where processing is based on consent or contract and carried out by automated means;
  • objection to processing based on our legitimate interests, including direct marketing;
  • withdrawal of consent at any time, where processing is based on consent, without affecting the lawfulness of prior processing;
  • not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects.

To exercise these rights, contact us using the details in Section 15. We may need to verify your identity before responding. If your information is contained in Customer Content controlled by one of our customers, we may direct your request to that customer.

You also have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus (www.dataprotection.gov.cy), but you may also lodge a complaint with the supervisory authority in your country of residence, place of work, or place of the alleged infringement.

12. U.S. State Privacy Notices

The following applies to residents of U.S. states with comprehensive privacy laws, including California, Colorado, Connecticut, Virginia, Utah, Texas, and others as enacted. We collect the categories of personal information described in this Policy, use them for the purposes described above, and disclose them to the categories of recipients described above. We do not knowingly sell personal information for money. We do not knowingly collect, sell, or share personal information of minors under 16.

Certain analytics or advertising activities may be considered a "sale", "sharing", or targeted advertising under some state laws. Where required, you may opt out by contacting us or using controls we make available. Subject to applicable law, you may have rights to know, access, correct, delete, port, limit use of sensitive information, and appeal a privacy decision. We will not discriminate against you for exercising privacy rights.

13. Children's Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided personal information to us, contact us and we will take appropriate steps to delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated Policy on this page and update the "Last updated" date. If changes are material, we will take reasonable steps to notify you. Your continued use of the Service after changes take effect means you acknowledge the updated Policy.

15. Contact

To exercise privacy rights or ask questions about this Privacy Policy, contact us at privacy@5dive.com, or by post:

TD The Market Publishers Ltd.
Chrysanthou Mylona 1, 3030
Limassol, Cyprus
Registration number: HE186602