openkody
Legal

Privacy policy

Last updated June 1, 2026

This privacy policy explains how Openkody Inc. ("Openkody", "we", "our", "us") collects, uses, and protects personal data when you visit our website and use the Openkody software. We have written it in plain English on purpose. If anything below is unclear, write to privacy@openkody.dev and we will do our best to clarify.

Who we are

Openkody Inc. is a Delaware corporation based in the United States. We act as the data controller for personal data collected through our marketing website. The Openkody CLI runs on your own machine; we do not act as a processor for your source code, because your source code never reaches us.

The short version

  • The Openkody CLI is local-first. Your source code and your local index stay on your machine.
  • Model requests go directly from your machine to the model endpoint you configure. We are not in that path.
  • We collect only what we need to operate the website and respond to messages you send us. We do not sell personal data.

Categories of data we collect

1. Website analytics

We collect aggregate, privacy-respecting usage analytics for the website — page views, referrers, and approximate counts. These analytics are cookieless and are not tied to an individual.

2. Communications data

When you email us — support questions, security reports, general inquiries — we keep the thread and any attachments so we can respond and follow up.

3. Optional account data

If you sign up for a hosted plan, we collect your name, email address, a password hash, and billing details handled by our payment processor. We retain billing records as required by applicable tax law.

What the CLI keeps local

The Openkody CLI indexes your repository locally and stores embeddings under .openkody/ in your working tree. When you ask a question or request a fix, the relevant context is sent to the model endpoint you configured — and only to that endpoint. You hold the keys, and you choose whether that endpoint is a hosted provider or a model running on your own hardware.

Why we process this data

  • Legitimate interests — operating a stable, secure website and responding to inquiries.
  • Performance of a contract — account and billing data for hosted plans.
  • Legal obligation — financial recordkeeping under applicable law.

Who we share data with

We share personal data only with the vendors that help us run the website and hosted plans — hosting, a payment processor, and an email provider. Each is bound by a contract to handle data only on our instructions. We do not sell personal data, and we do not run advertising trackers on our site.

How long we keep data

  • Website analytics — aggregate only, retained in summary form
  • Communications — for as long as needed to support you, then deleted
  • Account data — for the lifetime of your account plus 30 days
  • Billing records — as required by applicable tax law

Your rights

You have the right to access, correct, export, and delete the personal data we hold about you, and to object to or restrict certain processing. To exercise any of these rights, write to privacy@openkody.dev. We verify identity before acting on a request and aim to respond promptly.

Cookies

We use a single first-party session cookie where needed for hosted plans. We do not use third-party cookies or cross-site tracking, and our website analytics are cookieless.

Security

Data is encrypted in transit with TLS and at rest. Access to systems that hold personal data is limited to the people who need it and is protected by strong authentication.

Children

Openkody is not intended for children under 16, and we do not knowingly collect personal data from children.

Changes to this policy

We may update this policy as the product and the law evolve. Material changes are posted here before they take effect.

How to reach us

Email privacy@openkody.dev, or write to Openkody Inc., Delaware, United States.