Privacy Policy

We collect only what is necessary to provide the service: • Account information: email address, username, and hashed password (managed by Supabase Auth) • Backup content: the files you choose to push — Claude Code settings, plugins, CLAUDE.md, commands, and agent definitions • Backup metadata: file names, sizes, version numbers, platform (macOS/Linux/Windows), and timestamps • Usage data: standard server logs including IP address and request timestamps, retained for up to 90 days We do not collect payment information (the service is free). We do not use tracking pixels or advertising cookies.

Your data is used solely to provide and improve the service: • Authentication: to verify your identity when you sign in • Backup storage: to store your pushed environments and serve them back to you on pull • Public sharing: to serve your shared environments to anyone with the link (only files you explicitly select) • Service integrity: to detect abuse, prevent unauthorized access, and debug issues

When you create a share link, the files you selected become publicly accessible to anyone who has the URL. This is intentional — it is the core feature. The shared content: • Is served without authentication • Is indexed with an opaque random ID, not your email or username (though your @username is shown as the sharer) • Remains accessible until you revoke the link from the dashboard Do not share files containing sensitive credentials, personal data, or information you do not intend to make public.

We use the following third-party service: • Supabase (supabase.com) — authentication, PostgreSQL database, and object storage. Your data is stored in Supabase-managed infrastructure. See Supabase's privacy policy at supabase.com/privacy. We do not sell, rent, or share your personal data with any other third parties for commercial purposes.

Your data is retained for as long as your account exists. When you delete your account: • Your profile and backup records are deleted from the database immediately • Stored backup files are permanently removed from cloud storage within 30 days • Active share links are deleted along with the backup records To request account deletion, email us at minho.sun@rubric.im or use the account settings when available.

We take reasonable technical measures to protect your data, including encrypted connections (TLS), row-level security policies in our database (users can only access their own data), and private storage buckets accessible only via authenticated sessions. No system is perfectly secure. We cannot guarantee absolute protection against all threats.

We may update this Privacy Policy as the service evolves. We will notify you of significant changes via email. The current version and effective date are always shown at the top of this page.

For privacy questions or data deletion requests, contact us at minho.sun@rubric.im