Privacy

Last updated 2026-04-30 · [DRAFT — under review]

What we store

  • Account: email, name, password hash (or OAuth provider ID), session tokens.
  • API keys: we store a SHA-256 hash + a 12-char prefix for display. The raw key is never persisted; you see it once at creation.
  • Usage events: per-call token counts, model name, cost, timestamp, duration. Used for billing and your own usage dashboard.
  • Behavioral CLI telemetry (default-on, opt-out): per-session and per-turn metadata — model, token counts, durations, finish reasons, slash command names, tool names, retry counts, plan/act mode. We use this to recursively improve the agent loop — where flash gets stuck, which slash commands are dead, how long retries cascade, etc. No prompt text, no response text, no tool args, no file contents; only counts, durations, and SHA-256 hashes. Tied to your account so we can tell which user patterns produce which behaviors. Opt out with /telemetry off in the REPL or fred telemetry off from a shell. See /docs/telemetry for the full schema and what's never collected.

What we don't store

Prompt or completion text — those flow through the streaming proxy and are not persisted on Fred's servers. DeepSeek (the upstream model provider) handles them per their own policy. Reading their privacy notice is a reasonable thing to do.

Sub-processors

  • Vercel — application hosting.
  • Cloudflare — streaming proxy + DNS.
  • Neon — Postgres database.
  • Stripe — payment processing.
  • Resend — transactional email.
  • Upstash — rate limiting / state.
  • DeepSeek — model inference.

Your rights

Delete your account from /settings. We soft-delete the user row and revoke all keys; ledger and usage rows are retained for compliance. Email hello@fredcode.net for a data export or a hard delete request.

This document is an early draft. The operator is reviewing it before public launch.