I'm not a lawyer, but this is a conservative launch draft. Have counsel review before relying on it. Key reason: privacy promises must match the product exactly, and regulators can enforce misleading privacy/security claims; California also expects notice at or before collection when applicable. (ftc.gov)

Privacy Policy

Last Updated: June 23, 2026

This Privacy Policy explains how y ("y," "we," "us," or "our") collects, uses, and shares information when you use our website, desktop application, and related services.

y is a desktop coding-agent app. The app runs on your computer and helps you use third-party coding agents, including Claude Code and OpenAI Codex, through their official local CLIs and your own third-party accounts.

Information We Collect

Account information. When you sign in, we may receive your user ID, email address, display name, profile image, and connected login provider information, such as Google or GitHub account metadata. Authentication is provided through Hexclave.

Product analytics. We collect limited product analytics to understand whether y is working and which features are used. This may include event names, timestamps, app version, operating system, anonymous device/user identifier, signed-in user ID or email, selected agent type, selected model identifier, feature surface, message length, attachment counts, tool-call names, turn duration, success/failure status, onboarding status, CLI detection status, feedback submission status, and similar usage metadata.

Feedback. If you send feedback, we collect the feedback message and related metadata such as message length, category, user/account identifier, and whether the feedback was stored remotely or locally.

Missing capability reports. y may collect structured reports when a coding agent indicates that a capability is missing. These reports are limited to fields such as requested capability, reason category, app surface, confidence, and engine ID.

Local app data. y stores chats, folders, local settings, Modify history, permissions, auth session data, userland files, analytics queue data, and isolated workspace metadata locally on your device.

Information We Do Not Intentionally Collect

We do not intentionally collect your source code, project files, full prompts, full chat messages, model outputs, terminal output, file contents, secrets, API keys, or credentials through product analytics.

We do not use your code, prompts, chats, outputs, or project files to train AI models.

We do not intentionally collect sensitive personal information, such as government IDs, health information, financial account numbers, payment card numbers, precise location, or children's data. Do not submit sensitive information through y feedback or support channels.

Third-Party Coding Agents

y lets you use third-party tools such as Claude Code and OpenAI Codex. Those tools are not operated by us. When you use those tools, your prompts, files, code, terminal output, and other context may be sent directly by those tools to their providers under your own account and their terms and privacy policies. We do not control those providers' processing, retention, training, logging, or security practices.

How We Use Information

We use information to provide and improve y, authenticate users, maintain accounts, detect bugs, understand feature usage, improve onboarding, process feedback, investigate abuse, protect the service, communicate with users, comply with law, and enforce our terms.

How We Share Information

We may share information with service providers who help us operate y, including authentication, hosting, analytics, database, feedback, security, and infrastructure providers. These may include Hexclave, PostHog, Cloudflare, Google, and GitHub, depending on the feature used.

We may disclose information if required by law, to protect rights and safety, to investigate abuse or security incidents, or in connection with a merger, acquisition, financing, or sale of assets.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

Security

We use reasonable technical and organizational measures to protect information. Auth tokens are stored locally using operating-system secure storage where available. No system is perfectly secure, and we cannot guarantee absolute security.

Retention

We retain account, analytics, feedback, and operational data for as long as reasonably necessary to provide y, improve the product, comply with legal obligations, resolve disputes, and enforce agreements. Local app data remains on your device until you delete it, reset local data, or uninstall and remove y's application support files.

Your Choices

You can delete local app data from your device. You can contact us to request access, correction, or deletion of personal information we control. We may need to verify your identity before responding.

Children

y is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

International Use

If you use y outside the United States, your information may be processed in the United States or other countries where we or our providers operate.

Changes

We may update this Privacy Policy from time to time. The updated version will be posted with a new "Last Updated" date.

Contact

Questions or requests: contact@ytimesy.com