§ Legal · Privacy
← O’Doyle Rules

Privacy Policy

Last updated · April 29, 2026

Short version: we don’t want your secrets and we don’t want to manage user accounts. The product is built around that posture.

What we don’t collect

  • Anthropic API keys — supplied by you, used in memory for one request, never stored, never logged, never persisted.
  • GitHub Personal Access Tokens — same posture as Anthropic keys. Pass-through only. We never see them again after the request ends.
  • Repository contents — the curated file slice we send to Anthropic to generate your rules file is not stored on our servers.
  • User accounts — there is no signup, no login, no password. There is nothing to forget.
  • Cookies — we don’t set tracking cookies or run third-party analytics pixels.
  • Pro license keys and customer email — when you buy a Pro license, our payment provider (Lemon Squeezy) emails the license key directly to you. We don’t receive a webhook, we don’t store the key on our servers, and we don’t see your email or billing details. When you paste the key into our UI, we validate it against Lemon Squeezy’s public license API; the key is then persisted only in your own browser (localStorage). Lemon Squeezy handles all billing data — see their privacy policy for what they store.

What we do collect

Anonymous output telemetry

When a generation completes, we record an aggregate row about the run for product quality work — repository size, file count, output format, line count, prompt version, and tier (free/pro). This row contains no API keys, no tokens, no PII, no user identifiers. Public-repo runs include the public repo URL (already public on GitHub). Private and local-folder runs are reduced to a one-way hash so we can’t reverse-engineer which repository it was. Telemetry lives in Neon Postgres.

Server logs

Our hosting provider (Vercel) records request-level logs (IP address, timestamp, route, status code) to operate the service. We don’t join these to telemetry. They are retained per Vercel’s default and are accessible only to administrators.

Vercel Web Analytics & Speed Insights

We use Vercel’s built-in, first-party analytics to track aggregate page views, referrers, and Core Web Vitals (page load and responsiveness metrics). It is cookieless. IP addresses are hashed and discarded after 24 hours; no cross-site tracking occurs and no data is shared with third parties. See Vercel’s analytics privacy policy.

Where your data goes

  • Anthropic — your repository slice and prompt are sent to Anthropic’s API using your own key. Their data handling governs that relationship.
  • GitHub — for public repos we use the public API anonymously; for private repos we use your supplied PAT for one request and discard it.
  • Lemon Squeezy — handles all payments, refunds, and subscription state.
  • Vercel — hosts the app and runs request logs.
  • Neon — hosts the anonymous telemetry table.

Local browser storage

We use localStorage in your browser, never cookies. All keys are prefixed odoylerules:* and include things like your Anthropic API key, your activated license key, and small UI preferences. Clearing site data in your browser deletes all of it.

Children

The service is not intended for users under 18. We do not knowingly collect data from minors.

Your rights

Because we don’t hold accounts, there’s very little to request. To delete the email and license-key record tied to your purchase, email hello@odoylerules.ai from the address you bought with and we’ll remove it. (Note: this also revokes your license.)

Changes

We may update this policy. The “Last updated” date at the top reflects the current version. Material changes will be summarized on the homepage for at least a week.

Contact

Privacy questions: hello@odoylerules.ai.