Back to Home

Privacy Policy

Last Updated: December 13, 2025

This Privacy Policy describes how we ("we", "us", or "our") collect, use, and share information when you use our AI-powered coding assistant service (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Password (stored securely using industry-standard hashing)
  • Account preferences and settings

1.2 Authentication Cookies

We use essential cookies for authentication purposes to:

  • Keep you logged in to your account
  • Maintain your session security
  • Enable core functionality of the Service

These cookies are strictly necessary for the operation of the Service and cannot be disabled.

1.3 Usage Data and Analytics

We use Umami, a privacy-focused, cookieless, self-hosted analytics solution that:

  • Does NOT use cookies
  • Does NOT track personal information
  • Does NOT share data with third parties
  • Collects only anonymized, aggregated metrics such as:
    • Page views
    • Referral sources
    • Browser and device type (anonymized)
    • Geographic region (country-level only)

Umami is GDPR-compliant and does not require cookie consent banners for analytics purposes.

1.4 Advertising and Marketing Data

We use Meta Ads (Facebook Pixel) for:

  • Measuring advertising campaign effectiveness
  • Retargeting and remarketing
  • Understanding user acquisition sources

The Meta Pixel may collect:

  • Page visits and interactions
  • Device information
  • IP address
  • Cookie identifiers

You can opt out of personalized advertising by:

For more information about Meta's data practices, see: https://www.facebook.com/privacy/policy

1.5 Code and Project Data

When you use the Service, we collect:

  • Code you write or upload to the Service
  • Project files and configurations
  • Chat conversations with the AI assistant
  • Commands and interactions with cloud sandboxes

Important: Your code and data are stored securely and used solely to provide the Service. We do not use your code to train AI models or share it with third parties except as described in Section 3.

1.6 AI Model Provider Data

When you interact with AI features, your inputs (prompts, code, messages) are processed by third-party AI model providers:

  • Anthropic (Claude models)
  • OpenAI (GPT models)
  • DeepSeek
  • Groq
  • OpenRouter

Each provider has its own data handling practices:

We recommend reviewing each provider's privacy policy. We select providers based on their commitment to data privacy and do not share your data beyond what is necessary to provide the AI features you request.

1.7 Cloud Infrastructure (MorphCloud)

We use MorphCloud (by Morph Labs, Inc.) to host virtual machines (VMs) for cloud sandbox environments. MorphCloud provides:

  • Instant VM snapshots and branching
  • Isolated development environments
  • Secure cloud compute resources

MorphCloud data practices:

  • Control-plane only access: MorphCloud operates primarily at the control-plane level and does not inspect the contents of your running environments (VM instances) in the ordinary course of operations.
  • Limited access: MorphCloud personnel may access VM contents only when:
    • You expressly request support and enable time-bound access
    • Required to investigate/mitigate a security incident
    • Required by law
  • Encryption: Your VM snapshots and data are encrypted at rest and in transit
  • Logging: Any support access is logged and limited to the minimum necessary

For complete details, see MorphCloud's Terms of Service: https://cloud.morph.so/web/legal/terms-of-service

2. How We Use Your Information

We use the collected information to:

2.1 Provide and Improve the Service

  • Process your code and AI requests
  • Maintain and operate cloud sandbox environments
  • Authenticate and authorize your account
  • Provide customer support
  • Debug and resolve technical issues
  • Improve Service performance and features

2.2 Communications

  • Send important Service announcements
  • Respond to your inquiries
  • Send marketing communications (you may opt out at any time)

2.3 Security and Compliance

  • Detect and prevent fraud, abuse, and security incidents
  • Enforce our Terms of Service
  • Comply with legal obligations

2.4 Analytics and Marketing

  • Understand how users interact with the Service
  • Measure advertising effectiveness
  • Improve user experience

3. How We Share Your Information

We do NOT sell your personal information. We may share information with:

3.1 Service Providers

We share data with trusted third-party service providers who assist us in operating the Service:

  • MorphCloud - VM hosting and cloud infrastructure
  • AI Model Providers - Anthropic, OpenAI, DeepSeek, Groq, OpenRouter (for AI features)
  • Database Hosting - PostgreSQL and Redis hosting providers
  • Meta - Advertising and analytics (via Meta Pixel)
  • Email Service Providers - For transactional and marketing emails

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Legal Requirements

We may disclose information if required by law, subpoena, court order, or governmental request, or to:

  • Comply with legal process
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our users or the public
  • Detect, prevent, or address fraud, security, or technical issues

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or a prominent notice on our Service of any change in ownership or use of your personal information.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account data: Retained until you delete your account
  • Code and project data: Retained until you delete projects or your account
  • Chat history: Retained until you delete conversations or your account
  • Analytics data: Anonymized and aggregated indefinitely (Umami)
  • Authentication logs: 90 days
  • AI provider processing: Varies by provider (see Section 1.6)
    • Anthropic: Typically 30 days for trust & safety, then deleted
    • OpenAI: Not used for training; retained per their API data usage policy
    • Other providers: See their respective privacy policies

When you delete your account, we will delete your personal data within 30 days, except where we must retain it for legal or security reasons.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest
  • Authentication: Passwords are hashed using bcrypt or similar algorithms
  • Access controls: Role-based access and principle of least privilege
  • Infrastructure security: Firewalls, intrusion detection, and monitoring
  • Regular security audits and vulnerability assessments
  • MorphCloud security: Multi-factor authentication for production access, network segmentation, audit logging, and incident response procedures

Despite these measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have the following rights:

6.1 Access and Portability

You may request a copy of your personal data in a machine-readable format.

6.2 Correction

You may update or correct your account information at any time through your account settings.

6.3 Deletion

You may request deletion of your account and associated data. Note that:

  • Deletion is permanent and cannot be undone
  • Some data may be retained for legal or security purposes
  • Anonymized analytics data may be retained indefinitely

6.4 Opt-Out of Marketing

You may opt out of marketing emails by:

  • Clicking "unsubscribe" in any marketing email
  • Adjusting your account notification preferences
  • Contacting us at the email below

6.5 Opt-Out of Advertising Tracking

You may:

  • Adjust Meta/Facebook ad preferences
  • Use browser privacy settings or extensions
  • Enable "Do Not Track" (though not all services honor this)

6.6 Data Processing Objection

You may object to certain types of data processing, such as marketing or profiling.

6.7 GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to restriction of processing
  • Right to data portability
  • Right to withdraw consent
  • Right to lodge a complaint with your data protection authority

6.8 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know whether your personal information is sold or disclosed
  • Right to opt out of sale (we do NOT sell personal information)
  • Right to request deletion
  • Right to non-discrimination for exercising your rights

To exercise your rights, contact us at: samo@vrablik.eu

7. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

8. International Data Transfers

The Service is operated in the United States. If you are located outside the U.S., your information will be transferred to and processed in the U.S. By using the Service, you consent to the transfer of your information to the U.S., which may have different data protection laws than your country.

For EEA users, we rely on:

  • Standard Contractual Clauses (SCCs) where applicable
  • Adequacy decisions by the European Commission
  • Consent where appropriate

9. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be effective when posted, with the "Last Updated" date revised. Material changes will be communicated via:

  • Email to your registered address
  • Prominent notice on the Service
  • In-app notification

Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: samo@vrablik.eu

Address: samko labs, s.r.o. Trnková 451/12 040 14 Košice - mestská časť Košická Nová Ves Slovakia

For data protection inquiries or to exercise your rights: Data Protection Officer: samo@vrablik.eu

Summary of Key Points

What we collect:

  • Account info, authentication cookies (essential only)
  • Code, projects, and chat data
  • Cookieless analytics via Umami (privacy-focused)
  • Meta Ads tracking (opt-out available)

How we use it:

  • Provide AI coding assistance
  • Operate cloud sandboxes (via MorphCloud)
  • Improve the Service
  • Marketing (opt-out available)

Third-party AI providers:

  • Anthropic, OpenAI, DeepSeek, Groq, OpenRouter
  • See their privacy policies for data handling details
  • Generally do NOT train on your data

Your rights:

  • Access, correct, delete your data
  • Opt out of marketing and ads
  • GDPR/CCPA protections where applicable

Security:

  • Encryption in transit and at rest
  • Industry-standard security practices
  • MorphCloud provides isolated, encrypted VMs

For questions: samo@vrablik.eu