DeepNerd Privacy Policy

1. Introduction & Scope

This Privacy Policy explains how DeepNerd ("we," "us," or "our") collects, uses, discloses, and safeguards personal data when you use the DeepNerd platform, including Vault Vault IDE, Muac Agent, our APIs, and associated developer ecosystems (collectively, the "Services").

Consumer vs. Commercial Services: This policy applies to personal data we collect as a "data controller." When we process data on behalf of Enterprise customers through our Commercial Services (such as Dedicated APIs or customized Enterprise Agents), we act as a "data processor," and such processing is governed by our Enterprise Data Processing Agreement (DPA) rather than this generalized policy.

2. Information We Collect

We collect information you provide directly, information collected automatically, and information from third parties.

A. Identity, Account, and Payment Data

• Profile Information: Name, email address, company name, developer profile URLs (e.g., GitHub, GitLab).
• Credentials: Passwords, SSO tokens, and multi-factor authentication data.
• Payment Information: Billing address, transaction history, and partial credit card data. Full payment information is processed securely by our PCI-compliant payment partners (e.g., Stripe).

B. Inputs, Outputs, and AI Interactions

• Prompts and Queries: Text, code, and documents submitted to our models and agents.
• Outputs: The code, text, or actions generated by our models in response to your Inputs.
• Feedback: Thumbs up/down, context corrections, and debugging annotations you provide.

C. Developer and Integration Data

• Codebases: If you connect repositories to Vault Vault IDE or Muac Agent, we process code snippets necessary for the service.
• API Telemetry: Request volumes, latency, error rates, and endpoint utilization.
• Agent Action Logs: Sequences of actions taken by Muac Agent (e.g., terminal commands executed, files modified).

D. Technical and Device Data

• Log Data: IP addresses, browser types, Vault IDE versions, application state, and crash diagnostics.
• Cookies & Tracking: Unique session identifiers and performance tracking cookies to ensure session stability.

3. Model Training & Data Sources

DeepNerd trains underlying foundational models and specialized coding agents using a mixture of proprietary datasets, publicly available information, and licensed data.

• Opt-Out for Consumer Users: By default, data submitted through consumer APIs and standard UI interfaces may be used to improve our models. Users can opt out of data training at any time via their Account Settings.
• Zero-Training for Commercial Services: We do not use Inputs, Outputs, or Developer Data submitted to our Enterprise tiers, Zero-Data Retention endpoints, or Dedicated Muac Agents to train our foundational base models.

4. How We Use Information

• To Provide Services: Authenticating users, executing code, running AI predictions, and orchestrating Muac Agent workflows.
• To Improve AI Systems: Fine-tuning models for better coding accuracy, lower latency, and reduced hallucination rates (subject to opt-out rights).
• For Infrastructure & Security: Detecting abuse, debugging crashes, enforcing rate limits, and securing our API perimeters from malicious automated attacks.
• For Communication: Sending billing updates, system lifecycle notifications, and API deprecation warnings.

5. Data Sharing and Disclosures

We do not sell your personal data. We only share information under the following circumstances:

• Infrastructure Providers: Cloud hosting (e.g., AWS, GCP), database providers, and compute clusters necessary to host our models.
• Enterprise Workspaces: If you use DeepNerd under an organization's workspace, your activity (logs, code inputs) is visible to the workspace administrators.
• Legal & Safety Requirements: We may disclose data if legally required (e.g., subpoenas, warrants) or to prevent imminent physical harm, illegal acts, or gross violations of our Usage Policy.

6. Data Retention & Security

We implement SOC 2 and ISO 27001 aligned security measures, including TLS 1.3 transit encryption, AES-256 at-rest encryption, and tightly controlled role-based access to databases.

We retain data as long as your account is active or as needed to provide our services. You may request account deletion at any time, which initiates a cascade deletion of your personal data within 30 days, except for anonymized telemetry required for financial compliance mapping.

7. Your Rights and Choices

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Access & Portability: Request a local export of your personal data and prompt history.
• Correction & Deletion: Amend inaccurate data or request total erasure of your account.
• Opt-Out of Training: Prohibit your inputs/outputs from being used to train DeepNerd models.

To exercise these rights, navigate to your Account Settings or contact privacy@deepnerd.io.

8. Legal Bases for Processing (EEA/UK/Swiss Users)

9. International Data Transfers

DeepNerd operates globally. Data may be processed in the United States and other jurisdictions. We utilize Standard Contractual Clauses (SCCs) and comply with the EU-U.S. Data Privacy Framework where applicable to ensure lawful cross-border transfers.

10. Children's Privacy

Our Services are intended for developers, researchers, and enterprises. We do not knowingly collect personal data from individuals under the age of 18. If we identify that a minor has provisioned an account, we will immediately terminate the account and purge the data.

11. Changes to this Policy

We may update this Privacy Policy to reflect infrastructure updates, legal requirements, or new features. We will notify you of material changes via email or an in-app banner 30 days prior to enforcement.