Shipwell | Full Codebase Autopilot

1. Introduction

This Privacy Policy describes how Shipwell ("the Service"), operated by Manas Dutta ("we", "us", "our"), collects, uses, and protects your information. We are committed to keeping your data safe and being transparent about our practices.

2. Information We Collect

Account Information

When you sign in with Google, we receive your name, email address, profile photo URL, and a unique identifier. This information is used solely for authentication and displaying your identity within the Service.

Code & Analysis Data

When you submit a repository for analysis, the code is processed in real-time and sent directly to the Anthropic API from our server. We do not store your code or analysis results on our servers. Temporary files created during processing are deleted immediately after the analysis completes.

API Keys

Your Anthropic API key is stored exclusively in your browser's local storage (web app) or in a local configuration file on your machine (CLI at ~/.shipwell/config.json). API keys are never transmitted to or stored on our servers.

3. How We Use Information

To authenticate you and provide access to the Service
To process your code analysis requests in real-time
To display your profile information within the application
To improve the Service based on usage patterns

4. Data We Do NOT Collect

✓We do not store your source code on our servers

✓We do not store your API keys

✓We do not store analysis results

✓We do not sell or share your data with third parties

✓We do not use your code for training AI models

✓We do not track you across other websites

5. Third-Party Services

The Service uses the following third-party services, each with their own privacy policies:

Anthropic — AI analysis engine. Your code is sent to the Anthropic API for processing. Privacy Policy
Google — Authentication provider. Privacy Policy
Firebase — Authentication infrastructure. Privacy Policy
Vercel — Hosting platform. Privacy Policy

6. Data Security

We implement appropriate security measures to protect your information. All communication with the Service is encrypted via HTTPS. API keys are stored with restricted file permissions (mode 0600) on the CLI. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

Account authentication data is retained as long as you maintain an active session. Code submitted for analysis is processed in real-time and not retained after the analysis completes. You can delete your local configuration and credentials at any time by running shipwell logout or clearing your browser data.

8. Your Rights

You have the right to:

Access the personal information we hold about you
Request deletion of your account and associated data
Opt out of the Service at any time by signing out
Delete your local API keys and configuration

9. Children's Privacy

The Service is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

11. Contact

If you have questions or concerns about this Privacy Policy, please reach out via GitHub Issues.