Legal

Privacy Policy

Last updated: April 2026

Not legal advice. This is a reasonable starting point. Consult a lawyer before relying on it for a real business.

What We Collect

  • Account info — your email address and a secure password hash (handled by Supabase auth).
  • Subscription data — Stripe customer ID, subscription tier (free/pro/team), billing events. Card details never touch our servers.
  • Usage events — which commands you run, which providers you use, login and logout events, errors. Stored in our Supabase instance.
  • Error reports — if something crashes, we capture the stack trace via Sentry. No personal data by default.

What We Don’t Collect

  • Your AI conversations. When ShipCode talks to an AI provider (Anthropic, OpenAI, Groq, etc.), the request goes directly from your machine to that provider. We never see it.
  • Your API keys. Your AI provider keys stay on your machine, in ~/.shipcode/keys.json or your OS keychain. They are never transmitted to our servers.
  • Your source code. ShipCode sends code context to AI providers you've configured. It does not send your code to us.

How We Use Your Data

  • To operate the Service — authenticate you, process payments, gate features by subscription tier.
  • To improve the product — we look at which features are used, which fail, which providers are popular.
  • For billing and fraud prevention — Stripe requires certain data to process payments safely.
  • For customer support — if you email us, we may look at your account to help debug.

Third Parties

We rely on:
  • Stripe — payments. Privacy policy.
  • Supabase — authentication + database. Privacy policy.
  • Sentry — error reporting. Privacy policy.
  • Vercel — web hosting. Privacy policy.
  • AI providers (Anthropic, OpenAI, Groq, Google, OpenRouter) — you configure these yourself; your data with them is governed by their policies.

Data Retention

Account and usage data is kept while your account is active. If you delete your account, we delete your account data within 90 days, except where we're required to keep billing records for tax and accounting purposes (typically 7 years under US law).

Your Rights

You can:
  • Access — request a copy of all data we have about you.
  • Export — get your account and usage data in JSON format.
  • Delete — delete your account and have associated data removed.
  • Correct — update incorrect account information at any time.
Email hello@makeshiphappen.tech to exercise any of these rights. We respond within 30 days.

Cookies

We use session cookies required for authentication. We do not use tracking cookies or third-party analytics cookies. The website works without cookies enabled, except for pages that require a login.

Children

The Service is not for children under 13. If you believe a child under 13 has created an account, email us and we'll delete the account.

Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we'll notify you by email at least 14 days before the changes take effect.

Contact

Privacy questions? Email hello@makeshiphappen.tech.