Privacy Policy

What we collect

Account data: email address, hashed password, subscription status, and billing information (processed by Stripe — we never see your full card number).

Usage metrics: token consumption counts and feature usage to enforce plan limits and improve the product. These are aggregate numbers, not your code or conversations.

We do NOT collect: your source code, project files, conversation history, AI responses, or any data from your local workspace. Charles runs entirely on your machine.

How we use it

• Authenticate your account and enforce subscription limits
• Process payments through Stripe
• Send transactional emails (password resets, billing receipts)
• Improve the product based on aggregate usage patterns

Local-first architecture

Charles is designed to run locally. Your code, files, and AI conversations never leave your machine. The only data transmitted to charlesapp.io is account authentication and usage counters. Model requests go directly from your machine to your configured AI provider — we are not in that path.

Third parties

Stripe: payment processing. See Stripe's privacy policy.

We do not sell, rent, or share your personal data with any other third party.

Data retention

Account data is retained while your account is active. If you delete your account, all personal data is removed within 30 days. Aggregate, anonymized usage statistics may be retained indefinitely.

Your rights

You may request access to, correction of, or deletion of your personal data at any time by contacting support@sovrintech.com. EU/UK users have additional rights under GDPR.

Cookies

charlesapp.io uses a single session cookie for authentication. No tracking cookies, no analytics cookies, no third-party cookies.

Contact

Privacy questions? Contact us at support@sovrintech.com.