Privacy Policy

Last updated July 16, 2026 · Beta policy

What we store

  • Account data — your email, password hash (email sign-ins), and the identity your OAuth provider shares (GitHub, Google, or Linear login and email).
  • Organization data — members, roles, invites, connector configuration, and encrypted per-org secrets.
  • Run data — tasks, runs, phase transcripts, events, check output, and published artifacts, so you can review them later. Runs work on git branches in your repositories; we don't keep a copy of your codebase.
  • Session cookies — one HttpOnly cookie that keeps you signed in. No advertising trackers, no third-party analytics scripts.

What we don't do

  • We don't sell your data or share it with advertisers.
  • We don't train models on your code or transcripts.
  • We don't read your repositories beyond what a run you started needs.

Third parties

Runs call the model provider you configured (e.g. Anthropic) with the prompts your workflow builds — their terms govern that traffic. Tracker and notifier connectors exchange data with the services you connect (GitHub, Linear, Jira, GitLab, Notion, Slack, …) on your org's behalf.

Deletion

Ask and your account and its organizations' data are deleted. Contact us via GitHub while in-product deletion is being built.