Legal

Privacy Policy

We collect what is necessary to run the service. We don't sell your data, train models on your workflows, or collect more than we need.

Effective date: May 2026  ·  Questions: privacy@patchr.co

No model training

Your workflow data is never used to train AI models — ours or anyone else's.

No data sales

We do not sell, rent, or share your personal data with advertising networks.

Masked analytics

Product analytics use PostHog with maskAllInputs: true — no raw input content.

1. What we collect

When you use Patchr, we collect the following categories of information: OAuth profile data — your name, email address, and avatar image as provided by your identity provider (Google, GitHub, or Microsoft Entra) at the time you sign in. We receive this via read-only OAuth scopes; we do not receive your password. API usage logs — request timestamps, endpoint paths, HTTP status codes, latency, and the API token identifier (not the token value) associated with each request. These logs are used for billing, rate-limit enforcement, and debugging. Workflow traces — the inputs, outputs, and intermediate steps of workflows you execute through the Patchr API. This includes agent conversation turns, terminal events, domain events, and proof artifacts. Traces are stored to produce proof packs and to power the proof viewer. Analytics events — product interaction events collected via PostHog with maskAllInputs: true. Raw PII is not included in analytics events; all inputs are masked before transmission. Events cover page views, feature interactions, and funnel steps. Billing information — handled by our payment processor (Stripe). Patchr receives a customer ID, subscription status, and last-four digits of the card on file. We do not store full card numbers.

2. What we don't collect

We do not collect: • Message content beyond what you explicitly submit as a workflow input — we do not read email, scan files outside a workflow run, or access third-party accounts beyond the OAuth scopes you grant. • Sensitive identity attributes (race, religion, health data, biometrics) — these are not fields in our data model and we have no mechanism to collect them. • Your data for model training — Patchr does not use your workflow traces, proof artifacts, or usage data to train machine-learning or AI models, whether in-house or via third-party providers.

3. How we use your information

We use collected data to: • Provide the service — authenticate your session, execute workflows, generate proof artifacts, and display results in the dashboard and proof viewer. • Generate proof artifacts — workflow traces are the source material for proof cards and proof packs. Without traces, proof cannot be produced. • Analytics and product improvement — aggregated, masked analytics events help us understand which features are used, where users encounter friction, and how to improve the product. We do not build individual behavioral profiles. • Billing — usage logs power metered billing on the Builder plan and allow us to enforce plan-level rate limits. • Communications — we may send transactional emails (account creation, billing receipts, security alerts) and, with your consent, product update emails. You can unsubscribe from product updates at any time.

4. How we share your information

We share data only in the following limited circumstances: OAuth providers — during authentication, a read-only token exchange occurs with your identity provider. We do not send your data to OAuth providers after sign-in. Stripe — your billing information is processed by Stripe under their own privacy policy and security certifications (PCI DSS Level 1). We pass your email and plan details to Stripe to create and manage subscriptions. PostHog — masked analytics events are transmitted to PostHog for product analytics. maskAllInputs: true is enforced; no raw form or input content is sent. Legal compliance — we may disclose data to comply with a valid legal process (subpoena, court order) or to protect the safety and security of users and the service. We do not sell, rent, or trade your personal data to third parties for advertising or any other commercial purpose.

5. Data retention

Active account data — OAuth profile, API tokens, workflow traces, and proof artifacts are retained while your account is active. Account deletion — when you request deletion of your account, active data is removed within 30 days. You can initiate a deletion request from the dashboard or by emailing privacy@patchr.co. Proof pack grace period — proof packs may be referenced by external systems via cite refs (e.g. Decionis-compatible decision ledger entries). To avoid breaking valid in-flight references, proof packs are retained for 90 days after your account deletion request before being purged. Billing records — transaction records may be retained for up to 7 years to satisfy tax and accounting obligations, even after account deletion.

6. Your rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data: • Access — request a copy of the personal data we hold about you. • Export — download your workflow traces and proof artifacts in machine-readable format via the dashboard or the API. • Correction — update inaccurate profile data via the dashboard. • Deletion — request deletion of your account and associated personal data (see retention policy above). • Objection — object to processing based on legitimate interests, where applicable. To exercise any of these rights, email privacy@patchr.co. We will respond within 30 days. Where we need to verify your identity before fulfilling a request, we may ask you to authenticate via your OAuth provider.

7. Cookies

Patchr uses a minimal set of cookies: Session cookie — set at sign-in to maintain your authenticated session. This cookie is strictly necessary for the service to function. It is a secure, HttpOnly, SameSite=Lax cookie and expires when you sign out or after a rolling inactivity window. PostHog analytics cookie — used to distinguish unique visitors and track session interactions for product analytics. maskAllInputs: true is set, so no raw input content is captured. You can opt out of analytics via the cookie preference in the footer. We do not use advertising cookies, third-party tracking pixels, or fingerprinting techniques.

8. Children

Patchr is a developer-oriented service intended for adults and professional operators. It is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child under 16 has created an account, contact privacy@patchr.co and we will delete the account promptly.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy at patchr.co/privacy and, where required by law, notify you by email. The effective date at the top of the policy reflects the date of the most recent revision. Continued use of the service after the effective date constitutes acceptance of the revised policy.

Questions about your data?

You can export or delete your data at any time from the dashboard, or email us at privacy@patchr.co. We respond within 30 days.

Go to dashboard