Privacy
Policy.

When you create an account we collect the information you provide directly: your email address, chosen username, display name, and an optional profile picture. If you sign up through a third-party provider, we receive a basic identifier from that provider and nothing more.

Once inside the platform, we store the content you create — projects, comments, favorites, AI chat history — so we can show it back to you and, where you've made it public, to other users.

We also receive technical metadata your browser sends to any website: IP address, user agent, and approximate timestamps. We keep this strictly for security, abuse prevention, and basic uptime monitoring.

Your data powers the features you interact with: authentication, project storage, collaboration, the AI assistant, and notifications. Without it, the platform cannot function.

We aggregate anonymized usage signals to understand which features matter, fix bugs faster, and prioritize what comes next. These insights never identify individual users.

We will only send you product emails (release notes, account alerts, security notices). We do not run marketing campaigns and we do not pass your address to any advertiser.

Our primary database runs on NeonDB infrastructure located in the EU, with automated daily backups retained for 14 days. All traffic between your browser and our servers is encrypted via TLS 1.3.

Authentication secrets, API keys, and any sensitive credentials are encrypted at rest. Password hashes use industry-standard algorithms with per-user salts — your password is never stored in readable form.

If we ever detect a security incident affecting your data, we will notify you by email within 72 hours and report it to the relevant authority as required by GDPR.

We rely on a handful of carefully chosen subprocessors to run the platform. Each one is bound by a data processing agreement and processes data only on our instructions.

• Hosting & renderingVercel (EU regions)
• DatabaseNeonDB (EU)
• Transactional emailResend
• Product analyticsPostHog (EU cloud, IP anonymized)

We use a single session cookie to keep you authenticated, plus a small preference cookie that remembers your interface language. Both are first-party and essential — there is no banner because there is nothing to consent to beyond strictly necessary cookies.

We do not use Google Analytics, Facebook Pixel, or any cross-site tracking technology. Our product analytics tool is configured to anonymize IP addresses and ignore Do-Not-Track and ad-blocker rules.

European data protection law gives you a robust set of rights over your personal data, and we honor every single one — regardless of where you live in the world.

• AccessRequest a copy of everything we hold on you
• RectifyCorrect anything inaccurate or outdated
• EraseDelete your account and personal data permanently
• ExportDownload your projects and content in open formats
• ObjectOpt out of any non-essential processing
• ComplainLodge a complaint with your national authority (CNIL in France)

While your account is active, we keep your data so the platform works. The moment you delete your account, we purge your personal information from our production systems within 30 days. Encrypted backups roll off our retention schedule within 90 days at the latest.

Limited records may be retained beyond this window only where required by law — for example, transactional logs needed for accounting compliance — and only for as long as the law mandates.

Material changes — anything that affects how we collect, use, or share your data — will trigger an email to every registered user at least 14 days before the new policy takes effect. Minor edits (typos, clarifications) are made silently with an updated revision date at the top of this page.

Previous versions are kept in version control and are available on request.