Back to home

Privacy Policy

Last updated: March 20, 2026

1. Introduction

This Privacy Policy describes how a21e ('we', 'us', 'our') collects, uses, stores, and protects your personal data when you use our AI execution platform, API, CLI tools, IDE extensions, and related services (the 'Service'). We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Data We Collect

  • Account information: email address, name, and authentication credentials managed through our identity provider (Clerk).
  • Usage data: task execution logs, API call metadata, credit consumption, session identifiers, and feature usage patterns.
  • Task content: input text and generated output submitted through the Service, stored encrypted at rest.
  • Technical data: IP address, browser type, device information, and access timestamps.
  • Payment data: processed by our payment provider; we do not store full payment card details.
  • Provider API keys: encrypted with AES-256-GCM, decrypted only during execution, never logged.

3. How We Use Your Data

  • To provide and improve the Service, including intent analysis, model routing, prompt synthesis, and quality scoring.
  • To maintain your account, process credits, and provide customer support.
  • To enforce acceptable use policies and detect abuse.
  • To generate aggregated, anonymized analytics that improve platform performance.
  • To comply with legal obligations and respond to lawful requests.

4. Data Storage and Security

All data is encrypted at rest using AES-256-GCM and in transit using TLS 1.3. Provider API keys are decrypted only during task execution and are never written to logs. We maintain a full audit trail of all executions with user attribution and model details. Database access is restricted to authorized personnel and automated systems with role-based access controls.

5. Data Retention

Account data is retained for the duration of your account. Execution logs and task content are retained for 90 days by default, after which they are automatically purged. You may request earlier deletion at any time. Aggregated, anonymized data used for platform improvement may be retained indefinitely.

6. Your Rights (GDPR)

  • Right of access: request a copy of your personal data.
  • Right to rectification: correct inaccurate personal data.
  • Right to erasure: request deletion of your personal data ('right to be forgotten').
  • Right to restriction: request that we limit processing of your data.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests.
  • Right to withdraw consent: withdraw consent at any time where processing is based on consent.

7. Data Sharing

We do not sell your personal data. We share data only with: (a) LLM providers as necessary to execute your tasks — only the task content required for execution is transmitted; (b) infrastructure providers for hosting and security; (c) as required by law or to protect our rights. All third-party providers are bound by data processing agreements.

8. Cookies

We use essential cookies for authentication and session management. Optional analytics cookies are used only with your consent. You can manage your cookie preferences at any time from the Cookie Preferences page accessible in the site footer.

9. International Transfers

Your data may be processed in countries outside your jurisdiction. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

10. Children's Privacy

The Service is not directed at individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the email associated with your account at least 30 days before they take effect. The 'Last updated' date at the top of this page indicates when the policy was last revised.

12. Data Protection Officer

For privacy inquiries, data access requests, or to exercise your rights under GDPR, contact our Data Protection Officer at privacy@a21e.com. We will respond to all requests within 30 days.