Privacy

Last updated 2026-05-02

Plain English. We collect what we need to run the product and bill it correctly, nothing more. Where we send your data is listed below. If anything here is unclear, email hello@fredcode.net.

What we store

  • Account: email, name, password hash (or OAuth provider ID), session tokens.
  • API keys: we store a SHA-256 hash + a 12-char prefix for display. The raw key is never persisted; you see it once at creation.
  • Usage events: per-call token counts, model name, cost, timestamp, duration. Used for billing and your own usage dashboard.
  • Behavioral CLI telemetry (default-on, opt-out): per-session and per-turn metadata — model, token counts, durations, finish reasons, slash command names, tool names, retry counts, plan/act mode. We use this to recursively improve the agent loop — where flash gets stuck, which slash commands are dead, how long retries cascade, etc. No prompt text, no response text, no tool args, no file contents; only counts, durations, and SHA-256 hashes. Tied to your account so we can tell which user patterns produce which behaviors. Opt out with /telemetry off in the REPL or fred telemetry off from a shell. See /docs/telemetry for the full schema and what's never collected.
  • Web research events (when you opt into web research at /settings): per-call counts, depth, billed cost, timestamp. Same shape as usage events; query strings and result text are not persisted on Fred's servers.
  • Audit log: security-relevant events (CLI device approvals, key revocations, account deletions, settings toggles) with actor, IP, and timestamp. Retained indefinitely so you and we can reconstruct what happened on an account.

What we don't store

Prompt or completion text — those flow through the streaming proxy and are not persisted on Fred's servers. DeepSeek (the upstream model provider) handles them per their own policy. Reading their privacy notice is a reasonable thing to do.

Cookies

We set a single first-party session cookie when you sign in (Better-Auth, httpOnly, secure in production). No third-party trackers, no advertising cookies, no analytics pixels. Stripe Checkout sets its own cookies during a top-up — that's outside our control and covered by Stripe's privacy notice.

Data retention

  • Account profile: until you request deletion. On deletion we soft-delete the user row and revoke all keys; profile fields stay only for the time it takes to reconcile any open invoices, then they're cleared on request to hello@fredcode.net.
  • Usage events & credits ledger: retained for the life of the account plus a reconciliation window (currently 18 months) so we can answer billing questions and satisfy financial-records obligations.
  • Audit log: indefinite. Security history is the whole point.
  • Behavioral telemetry: retained while it's useful for product improvement. We don't have a fixed expiry today; opt-out stops new collection immediately.

Sub-processors

  • Vercel — application hosting (United States).
  • Cloudflare — streaming proxy + DNS (global).
  • Neon — Postgres database (United States).
  • Stripe — payment processing (United States, payment-card data is theirs alone).
  • Resend — transactional email (United States).
  • Upstash — rate limiting / state (global).
  • Tavily — web search and content extraction (United States, only when you opt into web research).
  • DeepSeek — model inference. Note: DeepSeek operates from China; using Fred sends your prompts and completions to their infrastructure for the duration of inference.

International transfers

By using Fred you authorize the cross-border transfer of your prompts and completions to DeepSeek's infrastructure outside your home jurisdiction (currently China) for inference, and to our other sub-processors listed above (primarily United States) for hosting, billing, and operations.

Age

Fred is intended for users who are at least 18 years old, or the age of majority in your jurisdiction if higher. Don't create an account on behalf of a child.

Your rights

Delete your account from /settings. We soft-delete the user row and revoke all keys; ledger and usage rows are retained for the periods listed above. Email hello@fredcode.net for a data export, a hard delete request, or any other privacy question.

Changes

Material changes are posted here with the new "Last updated" date and emailed to active accounts. The current version is always the one at /privacy.