Privacy Policy
Last updated: April 20, 2026
What we collect
Account information
When you sign up for a team account, we collect:
- Email address — for login and support communication
- Password — stored as a salted hash by our auth provider (Supabase). We never see it.
- Team name — set by you when creating a team
Billing information
If you subscribe to a paid plan, Stripe collects and stores your payment information. We receive:
- Your Stripe customer ID
- Subscription status (active, past due, canceled)
- Current plan and user count
We do not see, store, or handle your credit card number.
Coordination metadata (the heart of the service)
To coordinate AI coding sessions across team machines, we receive:
- HMAC-hashed file paths (not plaintext) — the coordinator sees
h:a3f9b2c1d4e5, neversrc/auth/login.ts - Machine IDs (random UUIDs, not hostnames)
- Agent session IDs (from your AI tool)
- Lease timestamps (acquired, expires, last heartbeat)
- Optionally, AES-encrypted display hints if you’ve enabled them — these let your dashboard show real file names but only browsers with your team’s HMAC key can decrypt them. We can’t.
Analytics
We use PostHog to track product usage (page views, signup funnel, feature clicks) and Cloudflare Web Analytics for website traffic. These track:
- Page URLs you visit on our domains
- Browser type, viewport size, approximate country
- User actions you take (signup, link team, etc.) keyed to your user ID
We do not collect:
- Your code, file contents, commit messages, or anything proprietary
- Your IP address (Cloudflare Web Analytics doesn’t log it; PostHog drops it at ingest)
- Keystrokes, mouse movements, or session replays
How we use it
We use what we collect to:
- Run the coordination service (the whole point)
- Send billing receipts and service notifications
- Improve the product by seeing which features get used
- Respond to your support requests
- Detect and prevent abuse
Who we share with
We only share data with service providers we need to run the service:
- Supabase (authentication) — stores your email and hashed password
- Stripe (payments) — handles billing
- Cloudflare (hosting) — runs the coordinator, dashboard, docs, and marketing sites
- PostHog (analytics) — product usage metrics
We never sell your data. We don’t run ads. We don’t share your data with third parties for their marketing purposes.
We may disclose data if required by law (subpoena, court order) or to protect our rights. If this happens, we’ll notify you unless legally prohibited.
How long we keep it
- Account info: until you delete your account
- Billing records: per tax law (typically 7 years in the US)
- Lease state: garbage-collected automatically 30 seconds after your daemon stops pushing
- Audit log: until the team is deleted
- Coordination events (for team analytics): up to 90 days
- Analytics data: up to 12 months, aggregated
Your rights
You can, at any time:
- Access your data — everything we have is visible in your dashboard
- Export your data — contact support for a copy
- Delete your data — Settings → Danger Zone → Delete Account. This removes your Supabase account, all team links, and wipes your local session. Team data (other members) is preserved. Billing records are retained per tax law.
- Opt out of analytics — use a browser with Do Not Track enabled, or install a blocker like uBlock Origin
If you’re in the EU/UK, you have additional rights under GDPR including the right to object to processing and to lodge a complaint with a supervisory authority.
Security
We take security seriously:
- All traffic to our services uses HTTPS
- Passwords are hashed by Supabase (bcrypt)
- Team tokens are SHA-256 hashed at rest. The raw token never touches our database.
- File paths are HMAC-hashed on your machine before transmission
- Display hints use AES-256-GCM encryption with keys that never leave your machine/browser
- The coordinator source code is public on GitHub — anyone can audit it
If you discover a security vulnerability, please email hello@agentcollision.com (or file a private advisory on GitHub) rather than posting publicly.
Contact
Questions about privacy? Reach us at hello@agentcollision.com or open a GitHub issue.
Changes to this policy
If we make significant changes to how we handle your data, we’ll notify you by email before the changes take effect.