Privacy Policy

This Privacy Policy explains what Adrian Labs ("we", "us") collects when you use adrianlabs.io, the Adrian desktop application and Adrian web services (together, the "Service"), and the choices you have. Our starting principle is local-first: the desktop OS is designed so your projects and code stay on your machine.

1. What we collect

  • Early-access signups: your email address and, optionally, what you plan to build. Used solely to manage the beta waitlist and send launch-related email.
  • Account data: email, display name and authentication identifiers when you create an account — including basic Google account information (name, email, avatar) if you sign in with Google OAuth. We never receive your Google password.
  • Billing data: handled by Paddle.com, our Merchant of Record. We never see or store your full payment card details. Paddle shares with us the subscription status and country needed to provide your plan. See Paddle's Privacy Policy.
  • Usage and diagnostics: plan entitlements, allowance usage for hosted models, build metadata and basic error diagnostics needed to run and improve the Service.

2. What stays on your machine

With the desktop application, your project files, source code and build artifacts live on your hardware. If you bring your own API keys, they are stored encrypted, locally on your device and sent only to the model provider you chose — never to our servers. If you use local models, prompts and code do not leave your machine at all. When you use Adrian-hosted cloud builds, the prompts needed to fulfil your build are processed through our model providers as described below.

3. What we do not do

  • We do not sell your personal data.
  • We do not train AI models on your private projects.
  • We do not send marketing email without your consent, and every email includes an unsubscribe link.

4. Service providers

We share data only with processors needed to run the Service:

  • Paddle — payments, tax and invoicing (Merchant of Record).
  • Supabase — authentication and application database (access-controlled per user).
  • Vercel — website and web-app hosting.
  • Model providers — when you use Adrian-hosted models, prompts required to fulfil your build are processed by the underlying model provider under contractual confidentiality; when you bring your own key, your chosen provider's terms apply directly.

5. Retention

We keep personal data only as long as needed for the purposes above: waitlist data until launch communications end or you unsubscribe; account data for the life of your account; billing records as long as law requires. You can request deletion at any time.

6. Your rights

Depending on where you live (including under GDPR and similar laws), you may have the right to access, correct, export, restrict or delete your personal data, and to object to processing. To exercise any right — including account deletion — email info@adrianlabs.io and we respond within 30 days. You may also lodge a complaint with your local data-protection authority.

7. Cookies

adrianlabs.io uses only strictly necessary cookies (session and security). We do not run third-party advertising trackers. If we add analytics, we will use privacy-respecting, cookie-less measurement or ask for consent where required.

8. Security

We follow security-first engineering: encrypted transport (HTTPS/TLS) everywhere, row-level access isolation per user in our database, least-privilege service credentials and hardened build sandboxes. No system is perfectly secure; report concerns to info@adrianlabs.io.

9. Children

The Service is not directed at children under 16, and we do not knowingly collect their data.

10. Changes

We will post any changes here and update the date above; for material changes we will notify you by email or in-product.

11. Contact

Adrian Labs · info@adrianlabs.io · adrianlabs.io/contact