Privacy

Security measures

We take your code seriously:

• Encryption at rest - sensitive data is encrypted using industry-standard encryption (AES-128-CBC with HMAC)
• Encryption in transit - all connections use TLS/SSL
• Access controls - your data is isolated per-account, accessible only with your API key
• Audit logging - all access to your data is logged for security
• No shared storage - each customer's code is stored in a separate collection

What we collect

• Email address - account management and transactional emails
• Code snippets - chunks of your codebase for semantic search (not full files)
• Usage statistics - request counts, tokens saved. Query content is not logged unless you purchase PyckLM Tuning ($199), which uses your query-result pairs to train a private model exclusively for you.
• IP addresses - hashed for security monitoring, not stored raw
• Anonymous pageview data - page visited and referral source, collected via first-party server-side analytics to understand how visitors find us. No cookies. No third-party tracking. No fingerprinting.

Third parties

We work with a small number of service providers:

• Lemon Squeezy - payment processing. They're our Merchant of Record and handle all payment data securely.
• Cloudflare - DNS, CDN, and DDoS protection. Cloudflare processes visitor IP addresses and metadata to serve and protect our site. See Cloudflare's privacy policy.
• Google Fonts - web font delivery. Font requests are sent to Google's servers. See Google's privacy policy.

No ad networks. No behavioral tracking. No data sold to third parties.

We never train on your code

Your code is never used to train our models or improve our service for other customers.

If you purchase PyckLM Tuning ($199), we create a private model using your codebase patterns. This model is exclusively yours — isolated from all other customers.

How PyckLM improves over time — Our embedding model is refined using Pyckle's own internal development activity: the operator's code searches, prompt-rule interactions, and query-result pairs generated while building and operating Pyckle. This is the operator's own data, not customer data. No customer queries or code are part of this loop.

If Pyckle ever collects aggregate interaction signals from cloud users to improve the model, we will require explicit opt-in consent and update this policy before any such collection begins. Cloud users' query content is not logged today.

Your rights

You have full control over your data:

• Right to access - export all your data via API: GET /account/export
• Right to deletion - delete everything instantly via API: DELETE /account
• Right to portability - your exported data is in standard JSON format

Data retention

• Active subscription - data kept while you're a customer
• After cancellation - data deleted within 30 days
• Immediate deletion - available anytime via dashboard or API
• Backups - purged within 90 days of deletion request

We don't sell your data

Ever. To anyone. Period.

Client-side storage

Our website uses browser local storage and session storage (not cookies) for:

• Session preferences — remembering UI state during your visit
• Authentication tokens — keeping you logged into your dashboard

This data stays in your browser and is never transmitted to third parties. You can clear it at any time through your browser settings.

Children's privacy

Pyckle is not intended for use by anyone under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact admin@pyckle.co and we will delete it promptly.

Security contact

Found a security issue? Email admin@pyckle.co

General questions? Email support@pyckle.co