Privacy Policy

1. Information We Collect

When you create an account, we collect your username, email address, and password (stored as a bcrypt hash). If you sign up with Google, we receive your name and email from Google's authentication service.

When you use the Service, we collect usage data including session metadata (timestamps, model used, token counts, costs) and transaction history (balance top-ups and usage deductions).

2. Source Code

Your source code is read locally by the fourpoket CLI on your machine. Relevant portions of your code are sent to AI providers for processing. We do not store your source code on our servers. We may store lightweight project metadata (such as file names and basic structure) to enable the Service to function efficiently — this does not include your actual source code content.

3. How We Use Your Information

We use your information to:

Provide and maintain the Service, process payments, calculate usage costs, send important account notifications, improve the Service, and prevent abuse.

4. Third-Party AI Providers

When you use the Service, portions of your code are sent to third-party AI providers for processing. Each provider has their own privacy and data retention policies. We recommend reviewing the privacy policies of the AI providers used by fourpoket. The specific providers available may change over time as we add or remove model support.

5. Payment Processing

Payments are processed by Stripe. We do not store your credit card information. Stripe's privacy policy governs the handling of your payment data. We store transaction records (amounts, timestamps, Stripe session IDs) for billing history.

6. Data Storage and Security

Account data is stored in encrypted databases. API keys are hashed using SHA-256 and cannot be recovered — only verified. CLI authentication tokens are encrypted using AES-256-GCM. We use industry-standard security practices including HTTPS, rate limiting, and input validation.

7. Data Retention

Account data is retained for as long as your account is active. Session metadata and transaction history are retained for billing and service improvement purposes. You may request deletion of your account and associated data by contacting us.

As the Service is currently in beta, data handling practices may evolve. We will notify users of any significant changes to how data is collected or retained.

8. Your Rights

You have the right to access, correct, or delete your personal data. You may update your profile information through the dashboard. For account deletion or data export requests, contact us at the email below.

9. Cookies

We use a JSON Web Token (JWT) stored in your browser's localStorage for authentication. We do not use tracking cookies or third-party analytics cookies. Google Sign-In may set its own cookies as part of the authentication flow.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes via the website or email. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or requests, contact us at privacy@fourpoket.com