Privacy Policy

PropelCode ("we," "us," or "our") operates the PropelCode platform at propelcode.app. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Information We Collect

Account information: When you register, we collect your email address and a hashed version of your password. We never store passwords in plaintext.

GitHub OAuth tokens: If you connect your GitHub account, we store an OAuth access token scoped to the permissions you grant. This token is used to clone repositories and push changes on your behalf.

Code and files: Your code lives in an isolated Linux container provisioned for your account. We do not access, read, copy, or analyze the contents of your container. Your code is yours.

Usage analytics: We collect anonymized usage data through PostHog, including pages visited, features used, and session duration. This helps us understand how the product is used and where to improve.

Payment information: Payment processing is handled entirely by Stripe. We do not store credit card numbers or bank account details. We receive a customer identifier and transaction records from Stripe.

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the PropelCode service, including provisioning your container and connecting to your GitHub repositories
• Process payments and manage your credit balance
• Send transactional emails (account verification, password resets, billing receipts)
• Improve the product based on aggregated usage patterns
• Respond to support requests
• Detect and prevent abuse, fraud, and security incidents

We do not sell your personal information. We do not use your code to train AI models.

3. Third-Party Services

PropelCode relies on third-party services to operate. Each has their own privacy policy:

• Stripe — Payment processing. Stripe handles all credit card and billing data. Stripe Privacy Policy
• Railway — Cloud infrastructure. Your containers run on Railway's platform. Railway Privacy Policy
• GitHub — Source code hosting and OAuth authentication. GitHub Privacy Statement
• PostHog — Product analytics. Collects anonymized usage data. PostHog Privacy Policy
• Anthropic / OpenRouter — AI processing. When you use the AI agent, code context from your current session is sent to AI providers to generate responses. These providers do not store your code or use it for training per their data processing agreements.

4. Data Storage and Security

Your code is stored in isolated Railway containers. Each user has their own container — there is no shared file system between users. Containers are ephemeral and can be destroyed on request.

Our PostgreSQL database stores account information with encrypted connections. All data in transit is protected by TLS encryption. Passwords are hashed using bcrypt with a cost factor of 10.

For more details on our security practices, see our Security page.

5. Cookies and Local Storage

PropelCode uses the following client-side storage:

• JWT authentication token — Stored in memory or local storage to maintain your logged-in session
• User preferences — Editor settings, theme preferences, and panel layout stored in local storage

We do not use third-party tracking cookies. PostHog analytics uses first-party cookies only and respects Do Not Track headers.

6. Data Retention

Account data: We retain your account information for as long as your account is active. If you delete your account, we remove your personal data within 30 days.

Containers: Your container and all code within it can be deleted at any time from your account settings. Inactive containers may be suspended after extended periods of inactivity.

Analytics data: Anonymized usage data is retained for up to 12 months for product improvement purposes.

Billing records: Payment records are retained as required by tax and financial regulations.

7. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate personal data
• Deletion: Request deletion of your account and associated data
• Data portability: Your code is always accessible in your container. You can clone, download, or push your repositories to any remote at any time.
• Opt-out of analytics: You can disable PostHog tracking by enabling Do Not Track in your browser

To exercise any of these rights, contact us at privacy@propelcode.app.

8. Children's Privacy

PropelCode is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete that information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our website at least 30 days before the changes take effect. Your continued use of PropelCode after the effective date constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

privacy@propelcode.app