Privacy Policy

When you use OneMillion Code, we collect:

• Account information: name, email address, and LinkedIn URL (if provided) when you create an account via Google OAuth.
• Payment information: processed and stored by Stripe, Inc. We do not store your credit card numbers or bank details on our servers.
• Usage data: API request metadata (model used, token counts, timestamps) for billing and rate limiting. We do not log the content of your prompts or AI responses.
• Analytics: anonymized page views and feature usage to improve the product. We use Vercel Analytics.
• Device information: browser type, operating system, and IP address for security and fraud prevention.

We want to be explicit about what we do not touch:

• We do not read, store, or access your source code, project files, or repository contents.
• We do not log the content of your AI prompts, conversations, or generated outputs.
• We do not collect telemetry from the VS Code extension beyond what is necessary for billing (token counts per request).
• We do not track your coding behavior, keystrokes, or editor activity.

This is our core commitment:

• Your code, prompts, conversations, and project files are never used to train, fine-tune, or improve any AI model.
• We route AI requests to third-party providers (Google, Anthropic, OpenAI) via API. These providers' API terms prohibit training on API inputs.
• We do not retain prompt or response content after the request is complete. Content passes through our gateway and is not stored.
• We will never sell, license, or share your data with any third party for model training purposes.
• If our position on this ever changes, we will notify you at least 90 days in advance and provide an opt-out mechanism before any change takes effect.

We do not sell your personal information. We share data only with:

• Stripe, Inc. — for payment processing.
• Supabase — for data storage and authentication.
• AI model providers (Google, Anthropic, OpenAI) — prompt content is sent to generate responses, but is not retained by these providers for training per their API terms.
• Law enforcement — only when required by valid legal process (subpoena, court order).

You have the right to:

• Access: Request a copy of all personal data we hold about you.
• Correction: Update or correct inaccurate information.
• Deletion: Request deletion of your account and all associated data. We will delete your data within 30 days of your request, except where retention is required by law.
• Portability: Request your data in a machine-readable format.
• Opt-out: Unsubscribe from non-essential communications at any time.

To exercise any of these rights, contact us at privacy@onemillion.build.

We use minimal cookies:

• Authentication cookies: to keep you signed in (essential, cannot be disabled).
• Analytics cookies: anonymized usage tracking via Vercel Analytics (can be disabled in your browser).
• We do not use advertising cookies or tracking pixels.

OneMillion Code is not intended for children under 18. We do not knowingly collect personal information from minors. If you believe a child has provided us with personal data, contact us and we will promptly delete it.

Your data may be processed in the United States where our servers and service providers are located. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place in compliance with applicable data protection laws.

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or email at least 30 days before they take effect. Continued use after changes constitutes acceptance.

Questions about this Privacy Policy? Contact us at privacy@onemillion.build.