2. How We Use Your Information

We use the information we collect to: provide, operate, and maintain the Service; process your queries and return AI-generated answers; index and analyze your code for search; manage your account and authenticate you; process payments and send transactional communications; improve our models and product; detect and prevent abuse; and comply with legal obligations.

We do not sell your personal information. We do not use your code or prompts to train general-purpose AI models. Your code is processed only to serve your requests within the Service.

3. Code & Repository Data

When you connect a GitHub repository, we index the source code (Python, XML, JavaScript, and other supported formats) to enable semantic search and AI-powered Q&A. Indexed data includes file contents, structure, and metadata. We store this data in isolated project-specific indexes; your code is not shared with other users or combined with other projects.

Code and prompts are sent to AI providers (e.g., Anthropic for language models, OpenAI for embeddings) solely to generate answers. These providers process data under agreements that prohibit using your data to train their general models. You can disconnect repositories at any time; we will delete indexed data in accordance with our retention policy.

4. Third-Party Services

We use the following third-party services. Each has its own privacy policy governing their handling of data:

• Stripe: Payment processing. Card details are handled by Stripe; we receive only transaction and customer identifiers.
• GitHub: OAuth authentication and repository access. We request only the scopes needed to read repository contents you authorize.
• Google: OAuth authentication. We receive your email and name for account creation.
• Anthropic: AI language model processing for generating answers. Data is processed per their API terms and data processing agreements.
• OpenAI: Embedding models for semantic search. Data is processed per their API terms and data processing agreements.

We select providers that commit to appropriate data handling practices. We do not control their policies; we encourage you to review them.

5. Data Retention

We retain your data for as long as your account is active and as needed to provide the Service. Indexed code is retained while repositories remain connected; when you disconnect a repository, we delete the associated indexed data within a reasonable period (typically 30 days). Account data is retained until you request deletion. We may retain certain data longer where required by law, for dispute resolution, or to enforce our agreements.

6. Your Rights (GDPR/CCPA)

If you are in the European Economic Area, United Kingdom, or California, you have additional rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Export: Request a portable copy of your data in a machine-readable format.
• Objection / Restriction: Object to processing or request restriction in certain circumstances.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact us at support@erpeek.com. You may also have the right to lodge a complaint with a supervisory authority. California residents may designate an authorized agent to make requests on their behalf.

7. Cookies & Tracking

We use session cookies and similar technologies necessary to operate the Service, such as maintaining your login state and preferences. We do not use third-party advertising cookies or tracking pixels. We do not sell or share your data for cross-context behavioral advertising.

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

8. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and secure development practices. Access to production data is restricted to authorized personnel on a need-to-know basis. We regularly assess and update our security practices.

While we strive to protect your data, no method of transmission or storage is completely secure. You are responsible for safeguarding your account credentials and for the security of repositories you authorize us to access.

9. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us at support@erpeek.com and we will take steps to delete it.

10. Changes & Contact

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of the Service after such changes constitutes acceptance of the revised policy.

For questions about this Privacy Policy or our data practices, contact us at support@erpeek.com.