Privacy Policy

Last updated: February 20, 2026

1. Information We Collect

Account information: When you sign in with Google or GitHub, we receive your name, email address, and profile picture.

Usage data: We track your weekly AI compute usage (measured in cost) to enforce plan limits. This includes token counts and model used per request, but not the content of your queries or code. If you opt in to analytics (see section 9), we additionally record per-request metadata (model, provider, token breakdown, latency, tool call count) to improve service reliability. This metadata is pseudonymous — associated with your account but containing no personally identifiable content, code, or prompts.

Billing information: Payment processing is handled entirely by Polar. We store your Polar customer and subscription identifiers but do not have access to your payment card details.

No model training: Your inputs, code context, and conversation data are never used to train or improve AI models.

2. How We Use Your Information

  • To provide and maintain the Graphcoder service
  • To enforce usage limits based on your subscription tier
  • To process billing and manage subscriptions
  • To communicate with you about your account or service changes

3. Your Code

Your codebase remains on your machine. When you use AI features, conversation context and workspace metadata (such as directory structure and project files) are sent to our servers and forwarded to language model providers for processing. Your source code is never stored on our servers — all query context is used only in transit and discarded immediately after the response is generated.

Third-party language model providers may retain inputs temporarily in accordance with their own policies (for example, for abuse detection). We encourage you to review the privacy policies of the providers listed below.

4. Third-Party Services

We use the following third-party services:

  • Cloudflare: Hosting, CDN, and infrastructure
  • Polar: Subscription billing and payment processing
  • Google / GitHub: OAuth authentication
  • Anthropic, Google, OpenAI, xAI, AWS Bedrock, DeepInfra, Novita: Language model providers for AI features

5. Cookies

We use a session cookie to keep you signed in. We do not use tracking cookies or third-party advertising cookies.

6. International Data Transfers

Your data may be processed on servers located outside your country of residence, including in the United States, through our infrastructure provider Cloudflare. By using the service, you consent to this transfer. We ensure appropriate safeguards are in place in accordance with applicable data protection laws.

7. Data Retention

Account information is retained while your account is active. You may request account deletion by contacting us, and we will delete your personal data within 30 days. When your account is deleted, your analytics data is anonymised (user identifiers removed) within the same period. Aggregate analytics that can no longer be linked to you are retained for service improvement.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your data

To exercise these rights, contact us at support@acyclic.dev.

9. Usage Analytics

Free accounts: Pseudonymous usage analytics are collected as part of the free service under the legitimate interest basis (UK GDPR Article 6(1)(f)) to maintain and improve service quality. This data contains no personally identifiable content. When you upgrade to a paid plan, analytics collection stops until you explicitly opt in. If you object to this processing, contact support@acyclic.dev.

Paid accounts: Analytics are opt-in — not collected unless you explicitly enable them. You can change this anytime on the dashboard.

Usage metrics: Model name, provider, token counts (input, output, cache), request cost, latency, and tool call count.

Request traces: When analytics are enabled, we store the full content of your LLM requests and responses — including conversation context, system prompts, tool calls, and AI-generated output — in cloud storage (Cloudflare R2). This data is used for debugging and service quality monitoring. It is never used to train AI models. You can view and delete your own traces at any time.

Purpose: Improving service reliability, performance monitoring, debugging, and model selection.

Retention: Usage metrics are retained in aggregate for up to 90 days. Request traces are stored indefinitely until you delete them. You can view and delete your own traces at any time.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by posting the updated policy on this page. For material changes, we will provide at least 30 days' notice.

11. Contact

For questions about this privacy policy, contact us at support@acyclic.dev.