Privacy Policy

Updated 11/12/2025


Compounds Dev, Inc. (“Compounds”, “we”, or “us”) provides this Privacy Policy to explain how we collect, use, process, retain, store, transfer, and protect personal information when individuals and organizations use the Compounds.dev platform and related services (the “Service”).


This Privacy Policy applies to visitors of our website, users of the Service, and organizations that subscribe to the Service. It forms part of the Agreement between Customer and Compounds.


By accessing or using the Service, you acknowledge this Privacy Policy.

1. INFORMATION WE COLLECT


1.1 Information You Provide Directly


Account Information


When creating an account or being invited to an account, we may collect:

• Name

• Email address

• Authentication credentials

• Organization information

• Role or team assignment


Billing Information


For paid subscriptions we may collect:

• Billing contact details

• Payment details (processed by third party payment processors)

• Transaction history


Customer Inputs


Prompts, queries, configurations, instructions, or other content submitted to the Service. Inputs may contain personal information if provided by Customer.

Customer Communications


• Support requests

• Feedback

• Emails or messages to our team

• Survey responses


1.2 Information Processed by the Service


To generate Customer Outputs we may process:

• Source code

• Build logs

• CI or CD metadata

• Repository configuration metadata

• Software dependency metadata

• Development workflow information

• Engineering telemetry


Compounds processes Customer Data transiently. Full Customer codebases are not retained unless explicitly enabled in an enterprise deployment.


Customers must avoid submitting any production secrets or prohibited data.


1.3 Automatically Collected Information


Usage Information

We may collect analytics regarding how the Service is used, including:

• Pages viewed

• Buttons clicked

• Features accessed

• Performance metrics

• Time spent within the Service

• Interaction logs


Device and Technical Data


• IP address

• Browser type and version

• Operating system

• Device identifiers

• Session identifiers

• Log files


Cookies and Similar Technologies


We use cookies for authentication, analytics, personalization, and security. Users may control cookies through browser settings.

2. HOW WE USE INFORMATION


We use personal data for the following purposes.


2.1 Providing and Maintaining the Service


• Operating the Compounds.dev platform

• Processing Customer Inputs transiently to generate Customer Outputs

• Managing accounts and authentication

• Enabling integrations with GitHub, GitLab, Bitbucket, Jira, Linear, ServiceNow, CI and CD systems, and cloud providers


2.2 Security


• Monitoring platform stability

• Detecting misuse or anomalies

• Preventing fraud and abuse

• Protecting Customer Data

• Maintaining audit logs


2.3 Improving the Service


We may use Aggregated and de identified data to:

• Improve model accuracy

• Optimize workflows

• Enhance performance

• Conduct analytics

• Build new features


We do not train machine learning models on identifiable Customer Data unless Customer provides explicit written consent.


2.4 Communications


• Service notifications

• Account and billing notices

• Product updates

• Security alerts

• Support communications


Marketing communications are optional and require consent where required by law.


2.5 Legal and Compliance


• Meeting legal obligations

• Responding to lawful government or regulatory requests

• Preventing harm

• Enforcing the Agreement

3. LEGAL BASES FOR PROCESSING


We process personal data under the following legal bases:


• Contractual necessity

• Legitimate interests such as platform security, analytics, and improvements

• Consent, where required (for example, marketing)

• Compliance with legal obligations


When acting as a processor, Compounds processes personal data according to Customer’s documented instructions under the DPA.

4. HOW WE SHARE INFORMATION


We do not sell personal information.


4.1 Sub processors


Compounds uses trusted Sub processors to support the Service, including:

• Cloud hosting providers

• Model inference providers such as Anthropic and Google Gemini

• Monitoring, logging, and analytics vendors

• Customer support tools

• Billing processors


Sub processors are subject to contractual obligations to protect Customer Data.


4.2 Third Party Integrations


At Customer’s direction and configuration, the Service may share or receive data from:

• GitHub

• GitLab

• Jira

• Linear

• CI or CD tools

• Cloud providers


Compounds is not responsible for third party privacy practices.


4.3 Legal Requirements


We may disclose data if required to do so by law or in response to valid legal process.


4.4 Business Transactions


In the event of a merger, acquisition, investment, financing, asset transfer, or similar corporate transaction, Customer Data may be transferred subject to obligations consistent with this Privacy Policy.

5. INTERNATIONAL TRANSFERS


Customer Data may be transferred to and processed in the United States or other jurisdictions where Compounds or its Sub processors operate.


For transfers from the EEA, UK, or Switzerland, Compounds relies on:

• Standard Contractual Clauses

• UK International Data Transfer Addendum

• Adequacy decisions where applicable


6. DATA RETENTION


We retain:

• Account and billing data for the duration of the subscription and as required by law

• Telemetry and logs for operational periods

• Customer code and logs only transiently for processing unless explicitly configured differently


Upon termination, Customer may request deletion of retained data that is not required to be kept by law.


7. DATA SECURITY


Compounds maintains organizational, administrative, physical, and technical safeguards including:

• Encryption in transit

• Strict access controls

• Network segmentation

• Audit logging

• Secure development practices

• Vendor risk assessments

• Regular internal security reviews


Customers are responsible for securing access to their own repositories, CI and CD systems, linked accounts, and any credentials used to integrate with the Service.

8. CUSTOMER RIGHTS


Depending on your jurisdiction, you may have rights to:

• Access your data

• Correct inaccurate data

• Delete data

• Restrict processing

• Object to processing

• Request portability

• Withdraw consent

• Lodge a complaint with a supervisory authority


Requests may be submitted to privacy@compounds.dev.


We may need to verify identity before fulfilling a request.

9. CHILDREN’S PRIVACY


The Service is not intended for children under 16. We do not knowingly collect or process data from children.

10. CUSTOMER RESPONSIBILITIES


Customer is responsible for:

• Ensuring that data submitted to the Service is collected lawfully

• Avoiding submission of prohibited or sensitive data

• Managing and securing user access

• Ensuring compliance with privacy laws applicable to Customer’s organization and industry

11. CHANGES TO THIS PRIVACY POLICY


We may update this Privacy Policy to reflect changes in the Service, legal requirements, or operational practices. Updates will be posted on our website, and the Last Updated date will be revised. Continued use of the Service constitutes acceptance of the updated Privacy Policy.

12. CONTACT INFORMATION


For questions, requests, or concerns about privacy, contact:


Compounds Dev, Inc.

Email: privacy@compounds.dev

Address: 608 Brook Run Drive, Westerville, Ohio, 43081, United States