Privacy Policy

Last Updated: April 7, 2026

This Privacy Policy explains how Afkode ("we," "us," or "our") collects and handles information when you use our desktop application, website, and related services (collectively, the "Service"). Your privacy matters to us, and we've designed our system to keep your data under your control.

1. How Afkode Works

Afkode is a desktop application that runs on your computer. It helps you plan and build software features by orchestrating AI coding tools (such as Claude, Codex, Gemini, and Kimi) on your behalf.

Your data — projects, planning documents, chat history, and credentials — lives in a local database on your machine. We do not sync your project data to our servers.

2. Information We Collect

a. Account Information

• Email address — collected when you sign up. Used to create your account, manage your subscription, and send essential service communications.
• Authentication tokens — generated during login via email/password or OAuth (Google). Stored locally on your machine and on our authentication provider.

b. AI Provider Credentials

• If you connect AI providers (Anthropic, OpenAI, Google, Kimi), your API keys or OAuth tokens are stored locally on your machine only. We never transmit or store your AI credentials on our servers.

c. Usage Analytics

• We collect anonymized usage events (e.g., feature used, session duration) to understand how people use the app and to improve it. Analytics data is sent to our server and processed through Mixpanel (EU data residency). You can opt out of analytics at any time in the app settings.
• We do not include file paths, code content, or personally identifiable information in analytics events.

d. Payment Information

• All payments are processed through Stripe. Your credit card details are entered directly on Stripe's hosted checkout page. We never see, receive, or store your payment card information.

3. How Your Code is Handled

This is important to understand:

• Your code stays on your machine. Afkode reads files from your local project directory to build context for AI prompts.
• Code context is sent to your configured AI provider (Claude, Codex, Gemini, or Kimi) as part of the prompts that drive planning and code generation. This is how the AI understands your project.
• We do not store your source code on our servers.
• AI-generated code is written directly to your local machine by the AI tool. We do not intercept, log, or store the generated output.

4. How We Use Your Information

• To provide the Service: To authenticate you, manage your subscription, and generate prompts for AI tools.
• To improve the Service: Anonymized analytics help us improve the quality of our planning workflows.
• For billing: To process payments and manage subscription status via Stripe.
• For security: Server logs (which may include IP addresses) are used to protect against abuse. PII in logs is automatically masked.

5. How We Share Your Information

We do not sell your personal information. We share the minimum necessary with:

• Stripe — for payment processing and subscription management.
• Supabase — for account data storage (email, subscription status).
• Mixpanel (EU) — for anonymized usage analytics (opt-out available).
• Your chosen AI providers — project context is sent to whichever AI provider you configure. We are not responsible for how third-party AI providers handle data sent to them. Please review their privacy policies.

6. Data Retention

• Local data: Stored on your machine for as long as you keep it. You can delete the local database at any time.
• Account data: Retained while your account is active. We will delete it upon request.
• Analytics: Anonymized and retained per Mixpanel's standard retention policies.

7. Auto-Updates

The desktop app checks for updates periodically and downloads them in the background. Update checks connect to our update server. No personal data is transmitted during this process.

8. Data Security

We use appropriate technical measures to protect your information, including encrypted connections (HTTPS), server-side PII masking in logs, and secure authentication. You are responsible for maintaining the security of your device and account credentials.

9. Your Data Rights

Depending on your location (e.g., under GDPR), you may have rights to access, correct, or delete your personal information. To exercise these rights, contact us at [email protected].

10. International Data Transfers

Your information may be transferred to and processed on servers located outside your jurisdiction. By using the Service, you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by other means.