Privacy Policy

Last Updated: December 1, 2024

Apilium Corp OU ("Apilium", "we", "us", or "our"), a company registered in Tallinn, Estonia, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use Apilium Forge IDE and our related AI-powered development tools and services.

1. Information We Collect

We collect information in the following categories:

Information You Provide Directly

  • Account information (name, email address, password)
  • Payment and billing information processed through Stripe
  • Profile information and preferences
  • Communications with our support team
  • Feedback, bug reports, and survey responses

Information Collected Automatically

  • Device information (IP address, browser type, operating system)
  • IDE usage data (features used, editor actions, time spent)
  • Log data (API calls, errors, performance metrics)
  • Cookies and similar tracking technologies
  • Geographic location data (based on IP address)

Code and Development Data

When you use Apilium Forge IDE, the following code-related data may be processed:

  • Code snippets and prompts you provide to our AI models
  • Generated code suggestions and AI outputs
  • Editor actions, viewed files, and conversation history (for context)
  • Codebase structure and file metadata (for indexing features)
  • Project configuration and dependency information

Your code is processed to provide AI-powered features. With Privacy Mode enabled, your code is never stored by our AI model providers or used for training.

Information We Do NOT Collect

We do not knowingly collect sensitive or special category personal information such as biometric data, genetic information, health information, or data from individuals under 18 years of age.

2. Privacy Mode

Apilium Forge offers a Privacy Mode feature that provides enhanced data protection:

Privacy Mode is enabled by default for all new accounts. You can toggle this setting in your account preferences.

When Privacy Mode is Enabled

  • Zero data retention is enabled for all AI model providers
  • Your code is never stored on our servers beyond the immediate request
  • Your code is never used for training AI models
  • All requests include privacy headers enforcing zero-retention policies

When Privacy Mode is Disabled

  • Code data may be temporarily cached for performance optimization
  • Anonymized usage patterns may be used to improve AI features
  • You may opt-in to contribute data for model improvement

3. How We Use Your Information

  • Provide AI-powered code completion, analysis, and generation features
  • Process your transactions and manage your subscription
  • Personalize your IDE experience and provide relevant suggestions
  • Send technical notices, security alerts, and support messages
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage trends to improve our services
  • Detect, prevent, and address security threats and abuse
  • Comply with legal obligations and enforce our agreements

AI Model Training Policy

We do NOT use your Inputs or Suggestions to train our AI models unless:

  • Content is flagged for security review by our automated systems
  • You explicitly report feedback through our feedback mechanism
  • You have given specific, explicit consent for data usage

This policy applies regardless of your Privacy Mode settings. We never sell your code data to third parties.

4. How We Share Your Information

We do not sell your personal information or code data to third parties for advertising or marketing purposes.

AI Model Providers

When you use AI features, your prompts and code context are sent to third-party AI model providers (such as Anthropic, OpenAI, or similar). With Privacy Mode enabled, these providers have zero data retention agreements and do not store or use your data for training.

Infrastructure Providers

We use cloud infrastructure providers (AWS, Google Cloud, Azure) to host our services. These providers may process your data in accordance with their security certifications and our data processing agreements.

Service Providers

We share data with third-party service providers who perform services on our behalf, including payment processing (Stripe), analytics, and customer support tools.

Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or when necessary to protect our rights, users, property, or safety.

Business Transfers

In connection with any merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity with the same privacy protections.

5. Codebase Indexing

Apilium Forge offers optional codebase indexing to provide better AI suggestions:

  • File hashes are computed to create a Merkle tree structure of your codebase
  • Code embeddings are generated and stored with obfuscated file paths
  • With Privacy Mode enabled, no plaintext code is stored on our servers
  • You can exclude specific files or directories using .apiliumignore configuration

Codebase indexing is optional and can be disabled at any time in your settings.

6. Data Retention

We retain your personal information for as long as necessary to provide our services:

  • Account data: Retained while your account is active and for 30 days after deletion request
  • Code data (with Privacy Mode): Not retained beyond immediate request processing
  • Code data (without Privacy Mode): Temporarily cached, deleted within 24 hours
  • Usage logs: Retained for up to 2 years for security and analytics
  • Payment records: Retained for 7 years as required by tax regulations

You can request complete account deletion at any time. We guarantee removal of all your data within 30 days of request.

7. Data Security

We implement commercially reasonable technical and organizational measures to protect your information:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • SOC 2 Type II compliant security practices (certification in progress)
  • Regular third-party security audits and penetration testing
  • Role-based access controls and multi-factor authentication
  • 24/7 security monitoring and incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we commit to promptly notifying you of any breach affecting your data.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information and account
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing of your information
  • Restriction: Request limitation of processing
  • Withdraw Consent: Withdraw consent for data processing at any time

To exercise these rights, contact us at [email protected] or use the self-service options in your account settings.

Cookie Preferences

You can control cookies through your browser settings or our cookie preference center. Disabling non-essential cookies will not affect core IDE functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, primarily the United States and European Union. When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately and we will delete such information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on our website, sending an email notification, and updating the 'Last Updated' date. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Company: Apilium Corp OU

Address: Tallinn, Estonia

Privacy inquiries: [email protected]

Data Protection Officer: [email protected]

General support: [email protected]