Skip to content
← Back to home

Privacy Policy

How we collect, use, and protect your data. Covers local-first design and our zero-knowledge cloud relay.

Effective date: June 7, 2026

Glueprint ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data when you use the Glueprint desktop application, cloud relay service, and web portal (collectively, the "Service").

1. What We Collect

Account Information

When you create a Glueprint account, we collect:

  • Email address (provided during registration)
  • Activation key (used to unlock the desktop application)
  • Subscription tier and billing status
  • Security-related metadata (authentication hash, authentication salt, and encryption salt) used to derive and protect your encryption keys — these values cannot be used to decrypt your session data

Usage Analytics

We use PostHog (PostHog Cloud, US region) to understand how Glueprint is used so we can improve it. We do not collect the content of your coding sessions, agent conversations, or source code.

  • Website analytics — anonymized page views and download interactions on our marketing site, used to understand which pages and downloads are useful. Configured cookieless (it uses your browser's local storage, not tracking cookies), so no cookie-consent banner is required.
  • Web portal product analytics — because the web portal is something you sign in to, its page views and a small set of product events (for example signing in, creating a session, or starting a checkout) are associated with your account, along with your plan and role, so we can see how signed-in users use the product. This never includes your source code, session content, or agent conversations. Like the marketing site, it is configured cookieless (browser local storage, not tracking cookies).
  • Download counts — our download server counts completed downloads and auto-updates so we know how many real installs happen. These counts use a coarse, non-identifying value derived from a one-way hash of IP address, browser type, and the day; we do not store your raw IP address.
  • Desktop application telemetry — the desktop app sends two anonymous events, when it is first installed and when it is updated, identified only by an anonymous per-machine ID. It contains no source code, session content, or personal data. This is opt-out: turn it off any time in Settings → General ("Share anonymous usage analytics").
  • Error & crash diagnostics — when something breaks in our websites or apps, we use Sentry (Sentry, US region) to capture the error message, stack trace, and the page or screen where it happened so we can fix it. On the signed-in web portal these reports are linked to your account (user ID, email, plan) to help us reproduce the problem. In the desktop, CLI, and mobile apps, crash reporting is anonymous and can be turned off in Settings (on desktop it shares the "Share anonymous usage analytics" opt-out; on mobile, the "Share crash reports" toggle) — opt out and no crash reports are sent. Reports never include your source code, session content, or agent conversations.

Cloud Relay Metadata

When you use the cloud relay service, we process the minimum routing metadata required to deliver encrypted event envelopes: session identifiers, sequence numbers, timestamps, and event type labels. The relay server never has access to the plaintext content of your sessions.

Local Data

The Glueprint desktop application stores data locally in the ~/.glueprint/ directory on your machine. This includes session transcripts (JSONL), work item configurations (YAML), workflow definitions, audit logs, project metadata, and application settings. This data remains on your device and is not transmitted to our servers unless you explicitly enable the cloud relay feature.

2. Cloud Relay & Encryption

Glueprint employs a zero-knowledge encryption architecture for the cloud relay. All session data transmitted through the relay is encrypted client-side using AES-256-GCM with keys derived via PBKDF2 from credentials that never leave your device. The relay server processes only encrypted ciphertext and the minimum routing metadata required for delivery (session identifiers, sequence numbers, timestamps, and event type labels). It cannot access the plaintext content of your sessions.

  • Encryption keys are derived locally from your credentials
  • Data Encryption Keys (DEKs) are wrapped and stored server-side but can only be unwrapped by your device
  • The relay server stores and forwards encrypted ciphertext only — no plaintext previews, summaries, or session content are transmitted
  • We cannot comply with requests to produce plaintext session data because we do not possess decryption keys

3. Local Data Storage

The Glueprint desktop application stores all operational data locally in the ~/.glueprint/ directory. This includes:

  • Session transcripts (JSONL format)
  • Work item configurations (YAML format)
  • Workflow and methodology definitions
  • Audit logs
  • Project metadata
  • Application settings and preferences

This data never leaves your machine unless you explicitly enable the cloud relay, in which case only encrypted session events are transmitted.

4. Third-Party AI Services

Glueprint orchestrates interactions with third-party AI services (such as Anthropic's Claude) on your behalf. When you use these services through Glueprint, your prompts and AI-generated outputs are exchanged directly between your device and the third-party provider. Glueprint does not transmit this content to our servers. Each third-party AI provider operates under its own privacy policy and terms of service; please review Section 5 ("Third-Party AI Services") of our Terms of Service for additional details.

5. Third-Party Infrastructure Services

We use or may use the following third-party infrastructure services:

  • Authentication provider — for PKCE OAuth login flows
  • Payment processor — we may use third-party payment processors for subscription billing; if so, we do not store full credit card numbers
  • AnalyticsPostHog (PostHog Cloud, US region) for website, web-portal, download, and desktop usage metrics, configured cookieless. The marketing-site, download, and desktop metrics are anonymized; the signed-in web portal's metrics are linked to your account (see Section 1, "Usage Analytics")
  • Error & crash reportingSentry (Sentry, US region) for error messages and stack traces from our websites and apps, linked to your account on the signed-in web portal (see Section 1, "Usage Analytics")

Each third-party service operates under its own privacy policy. We share only the minimum data required for each service to function.

6. Cookies, Local Storage & Keychain

The Glueprint web portal uses browser session storage (not persistent local storage) for authentication tokens and encryption key material. Session storage is automatically cleared when you close the browser tab. Our marketing site and web portal use browser local storage (not cookies) to hold analytics state. The desktop application uses the operating system's secure keychain (macOS Keychain, Windows Credential Manager, or Linux Secret Service) for API key storage. We do not use tracking cookies or third-party advertising cookies.

7. Data Retention & Deletion

Account data is retained for the duration of your subscription. Encrypted event data in the cloud relay is retained for approximately one hour to support real-time delivery and short-term recovery, then automatically purged. Session routing metadata (session identifiers and sequence counters) is retained for up to 24 hours. You may request deletion of your account and all associated server-side data at any time by contacting us. Local data stored on your device is under your control and can be deleted at any time by removing the ~/.glueprint/ directory.

8. International Data Transfers

Our cloud relay infrastructure is hosted in the United States. If you access the Service from outside the United States, your routing metadata and encrypted event data will be transferred to and processed in the United States. Because all session content is encrypted client-side before transmission, the relay server cannot access the plaintext content regardless of jurisdiction. We take appropriate safeguards to ensure that any transfer of personal data complies with applicable data protection laws.

9. Children's Privacy

Glueprint is not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from anyone under 18. If you believe that someone under 18 has provided us with personal data, please contact us and we will promptly delete it.

10. Your Rights

Depending on your jurisdiction (including under the GDPR, UK GDPR, CCPA/CPRA, and similar laws), you may have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request that we correct inaccurate data
  • Deletion — Request that we delete your personal data
  • Portability — Request your data in a machine-readable format
  • Objection — Object to processing of your data for certain purposes

To exercise any of these rights, contact us at the address below.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the effective date above. Your continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Email: privacy@glueprint.ai