EzVibe
/ Legal

Privacy Policy

Last updated: June 13, 2026 · EzVibe

We do not train AI on your code or conversations

EzVibe does not use your code, files, prompts, or agent conversations to train any AI models — ever. Data sent to Anthropic (our model provider) is processed solely to generate responses; under Anthropic’s API terms, it is not used to train their models. Your work stays yours.

1. What We Collect

We collect only what is necessary to provide the Service:

  • Account identity — email address and, if you sign in with GitHub, your GitHub username and avatar URL
  • Workspace files & metadata — the code and files you create in your sandboxes, plus file paths, sizes, and modification timestamps
  • Usage metering — sandbox CPU-seconds, AI token counts (input/output), and storage bytes consumed, used for billing and quota enforcement
  • Agent messages — your chat messages and the agent’s responses, stored per-workspace so the agent retains context across sessions (Project Brain)
  • Log & diagnostic data — request logs, error traces, and performance metrics used to operate and improve the Service; these are anonymised or aggregated wherever possible

2. How We Use It

Your data is used to: authenticate you, provision and manage your sandboxes, run the AI agent on your behalf, calculate usage costs and enforce plan quotas, send transactional emails (magic links, billing receipts), and debug issues that you report or that affect the Service. We do not sell your data or use it for advertising.

3. Third-Party Processors

We share data with the following sub-processors to operate the Service:

  • Supabase — database (Postgres + RLS), authentication, and file storage; data is stored in the region you select at workspace creation
  • Cloudflare — sandbox container runtime (Durable Object containers), R2 object storage for snapshots, edge network, and Workers runtime for the API
  • Anthropic — AI model inference; your prompts and agent messages are sent to Anthropic’s API to generate responses; Anthropic does not use API data for model training per their API usage policy
  • Stripe — payment processing and subscription management; we share only billing-relevant data (email, plan, usage totals)

4. Data Retention

Workspace files and agent memory are retained while your account is active. Usage events are retained for 13 months for billing accuracy. When you delete a workspace, its sandbox, snapshots, and agent memory are queued for permanent deletion within 30 days. When you delete your account, all associated data is deleted within 30 days, except where retention is required by law (e.g. invoices).

5. Your Rights

You may request an export of all data we hold about you, or request deletion of your account and data, by emailing privacy@ezvibe.app. We will respond within 30 days. If you are in the EU/EEA or UK, you have additional rights under GDPR/UK GDPR, including the right to rectification, restriction of processing, and to lodge a complaint with your supervisory authority.

6. Security

All data is encrypted in transit (TLS) and at rest. Each workspace sandbox runs in an isolated Cloudflare Durable Object container with per-workspace Row Level Security policies in Postgres. Secrets (API keys, env vars) are injected into sandboxes at runtime and never logged. We perform regular security reviews and follow responsible disclosure practices — see SECURITY.md for details.

7. Changes to This Policy

We will notify you of material changes to this Privacy Policy via email or an in-app notice at least 14 days before they take effect. The “Last updated” date at the top of this page always reflects the current version.

This is a template document. Consult a lawyer before publishing to production users.