Privacy & anti-surveillance

When you create an account or sign in — including with Google — we collect your name, email address, and profile image solely to create and identify your account and workspace, and to communicate with you about the service. Authentication is handled by our provider, Clerk; we do not receive or store your Google password. We do not sell your personal data or use it for advertising, and we request only the minimum profile scopes needed to sign you in.

Manager and org dashboards require an active cohort of at least the org's minimum size (default 5). There is no individual leaderboard, no per-developer cost ranking, and no drill-down from an aggregate to a person — except a developer viewing their own data.

By default the collector sends structured metadata only — never source code or message bodies. Collecting message bodies is an explicit org-level unlock: admin opt-in, developer-visible, with a redaction test report and a retention limit.

Every admin policy or config change is written to an immutable audit log. Exports apply the same suppression rules as the UI, so a cohort that's hidden on screen is hidden in the export too.