Privacy Policy

Account information. When you create an account, we collect your name, email address, and profile picture (if you sign in with Google). We also store your hashed password if you use email/password authentication.

Usage data. We collect anonymized usage data including pages visited, features used, and session duration. This helps us understand how people use Aclude and where we can improve.

API keys. If you connect an AI provider key, it is encrypted immediately upon submission and stored in encrypted form. We never have access to your key in plaintext after encryption.

Project data. Code, prompts, and project files you create within Aclude are stored to provide the service. You can export or delete your projects at any time.

We use the information we collect to provide, maintain, and improve the Aclude platform. Specifically, we use your data to:

• Authenticate you and manage your account
• Process your AI requests using your provided API key
• Host and serve your project previews and deployments
• Send service-related communications (e.g., password resets, billing receipts)
• Analyze aggregated usage patterns to improve performance and reliability
• Detect and prevent abuse or unauthorized access

We do not sell your personal information to third parties. We do not use your projects or prompts to train AI models.

Aclude is built on a BYOAI architecture. This means your AI API keys are encrypted at rest using AES-256 and are only decrypted in memory during active sessions. Keys are never logged, cached to disk, or exposed in error reports.

All data transmitted to and from Aclude is encrypted in transit using TLS 1.3. Database backups are encrypted and stored in geographically redundant locations. Each preview environment runs in an isolated Firecracker microVM to prevent cross-tenant data access.

Generated code is stored temporarily to provide the editing and preview experience. We do not permanently store generated code on our servers beyond what is needed for active projects. When you delete a project, all associated data is removed within 30 days.

Aclude relies on the following third-party services to operate. Each has its own privacy policy:

• Supabase — Authentication, database, and file storage
• Cloudflare — App deployment, custom domains, and CDN
• Stripe — Payment processing and subscription management
• Fly.io — Preview environments and microVM hosting

We share only the minimum data necessary with each provider. Payment information is handled entirely by Stripe and never touches our servers.

You have the right to:

• Access your personal data and request a copy of it
• Correct inaccurate information in your account settings
• Delete your account and all associated data
• Export your projects and data at any time
• Withdraw consent for analytics cookies via your browser settings

We will respond to all data requests within 30 days. To exercise any of these rights, contact us at the address below.