Legal Document

Privacy Policy

Your privacy is fundamental. Here's exactly how we protect your data and what we collect.

Effective Date: January 1, 2025 | Last Updated: January 8, 2025

Our Commitment to Privacy

At TRIBE AI ("TRIBE," "we," "us," or "our"), we believe privacy is a fundamental right. This Privacy Policy explains how we collect, use, protect, and share information when you use our telemetry and analytics platform for AI coding assistants ("Service").

We're committed to transparency and putting you in complete control of your data. Our consent-based architecture means you explicitly choose what data to share, and we automatically redact sensitive information before any upload.

Who We Are

TRIBE AI operates the TRIBE platform at https://tribecode.ai. We provide telemetry collection, analytics, and insights for developers using AI-assisted coding tools including Claude Code, Cursor, GitHub Copilot, and others. For questions about this policy, contact us at: [email protected]

Consent-Based Data Collection

You Control What We Collect

TRIBE only collects data with your explicit consent. You choose what information to share, and collection is opt-in. You can enable or disable collection at any time using CLI commands or your dashboard.

tribe tutor enable

Enable telemetry collection (requires consent)

tribe tutor disable

Stop all data collection immediately

Information We Collect (With Your Consent)

1. AI Interaction Data (Consent Required)

When you enable telemetry collection, we may collect:

Source code: Code snippets and files you interact with via AI tools
Prompts: Questions and instructions you give to AI coding assistants
AI responses: Code suggestions, explanations, and generated content from AI tools
File contents: Content of files involved in AI interactions
Diffs and edits: Changes made with AI assistance

This data is ONLY collected when you explicitly enable telemetry and grant consent.

2. Metadata (Always Collected When Enabled)

Timestamps: When you interact with AI coding tools
Tool identifiers: Names of AI tools used (e.g., Claude Code, Cursor)
Token counts: Input and output token usage
Project names: Repository or folder names
Event types: Type of interaction (chat, completion, edit, etc.)
Session IDs: Anonymous identifiers for grouping related interactions
Usage statistics: Frequency of tool usage, project associations

What We NEVER Collect (Automatic Redaction)

Before any data leaves your machine, TRIBE automatically scans and redacts:

Personally Identifiable Information (PII): Email addresses, phone numbers, names, addresses, SSNs, credit card numbers
Secrets and credentials: API keys, passwords, tokens, private keys
Environment variables: Configuration values, connection strings, secrets in .env files
Authentication tokens: OAuth tokens, session tokens, JWTs
Database credentials: Usernames, passwords, connection strings
Cloud credentials: AWS keys, Google Cloud keys, Azure credentials

You Are Alerted: If sensitive data is detected, you receive an alert BEFORE upload with the option to review or cancel.

3. Account Information

Email address: For account creation and communication
Profile information: Name and preferences you choose to provide
Authentication tokens: OAuth tokens from GitHub or other providers (encrypted)
API keys: Keys you generate for integrations (hashed and encrypted)

4. Analytics and Technical Data

Device information: Operating system, browser type (not device identifiers)
IP address: For security and service provision (anonymized after 30 days)
Log data: Error logs, performance metrics, access logs
Cookies: Essential cookies for authentication and preferences

How We Use Your Information

We use collected information for these purposes:

Provide analytics: Generate insights about your AI tool usage patterns, productivity metrics, and usage trends
Generate insights: Use collected code and prompts to provide personalized recommendations and productivity insights
Improve the Service: Identify bugs, optimize performance, and develop new features
Security: Detect and prevent fraud, abuse, security incidents, and unauthorized access
Communication: Send important service updates, insights reports, security alerts, and support responses
Team analytics: For Teams plan users, provide aggregated analytics across team members

We DO NOT sell your data to third parties or use it for advertising purposes.

How We Protect Your Data

Local-First Architecture

By default, all telemetry data is stored locally on your machine in an encrypted database. Data never leaves your computer unless you explicitly enable cloud sync or team features.

Local SQLite database with AES-256 encryption at rest
Stored in your user directory (isolated from other users)
Can be deleted anytime via CLI commands

Automatic Redaction System

Before any data is transmitted (if you enable cloud sync), our redaction engine:

Scans all content: Uses pattern matching and ML to detect sensitive information
Redacts automatically: Removes PII, secrets, credentials, and sensitive env vars
Alerts you: Shows what was redacted and asks for confirmation before upload
Allows review: You can cancel the upload if you're not comfortable
Keeps you safe: Even if you miss something, the system catches it

Optional Cloud Sync

If you enable cloud sync or team features, your data is protected by:

End-to-end encryption: Data encrypted before transmission using AES-256
Zero-knowledge architecture: Encryption keys never leave your device—we cannot read your encrypted data
Secure transmission: TLS 1.3 for all data in transit
Isolated storage: Each user and team has separate encryption keys and data silos
SOC 2 Type II certified infrastructure: Regular security audits and compliance reviews

Security Measures

Regular security audits and penetration testing
Access controls and role-based permissions for team features
Audit logging of all data access
Automatic security updates
Incident response procedures and security monitoring
Employee security training and background checks

Data Retention

You control retention periods:

Telemetry data: Configurable retention (default: 90 days, maximum: 2 years)
Account data: Retained while your account is active
After account deletion: All data permanently deleted within 30 days
Backups: Deleted from backup systems within 90 days
Logs: Anonymized after 30 days, deleted after 1 year

Information Sharing and Disclosure

We DO NOT sell your data. Ever.

Your data is not a product. We will never sell, rent, or trade your information to advertisers, data brokers, or any third parties for their marketing purposes.

We only share information in these limited circumstances:

1. With Your Consent

When you explicitly authorize us to share information (e.g., connecting to GitHub for commit integration).

2. Team Members

For Teams plan users, aggregated analytics are shared with team administrators. Individual detailed telemetry remains private to each team member unless explicitly shared.

3. Service Providers

We work with trusted third-party service providers under strict confidentiality agreements:

Cloud hosting: Infrastructure providers (AWS, Google Cloud) for cloud sync feature
Analytics: Minimal, anonymized usage analytics for service improvement
Payment processing: Stripe for subscription billing (we don't store credit card numbers)
Email delivery: Transactional email services for account notifications

All service providers are prohibited from using your data for any purpose other than providing services to us.

4. Legal Obligations

We may disclose information if required to:

Comply with valid legal process (subpoena, court order, warrant)
Enforce our Terms of Service
Protect the rights, property, or safety of TRIBE, our users, or the public
Detect, prevent, or address fraud, security, or technical issues

We will notify you of legal requests unless prohibited by law.

5. Business Transfers

If TRIBE is acquired, merged, or sells assets, your information may be transferred. We will notify you and ensure continued protection of your data under this Privacy Policy or request your consent.

Your Rights and Control

You have complete control over your data. Depending on your location, you may have the following rights:

Data Access & Management

Access: Request a copy of all data we have about you
Correction: Update or correct inaccurate information
Deletion: Delete your account and all associated data
Export: Download your data in CSV or JSON format

Privacy Controls

Disable collection: Stop telemetry collection anytime
Pause collection: Temporarily stop without losing data
Opt out of emails: Unsubscribe from non-essential communications
Withdraw consent: Revoke permission for data collection at any time

Quick Control Commands

tribe tutor disable

Stop all data collection immediately

tribe tutor export --format=json

Export all your data

tribe tutor delete --confirm

Permanently delete all collected data

Exercising Your Rights

To exercise these rights:

Use the CLI commands above for immediate control
Access your dashboard at tribecode.ai/tribe for data management
Email us at [email protected] for assistance

We will respond to verified requests within 30 days. No fees unless requests are excessive or unfounded.

International Data Transfers

TRIBE operates globally. If you access our Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

We use appropriate safeguards including standard contractual clauses, end-to-end encryption, and adequacy decisions for international transfers.

Children's Privacy

TRIBE is not intended for children under 13 (or 16 in the European Economic Area). If you believe we have collected information from a child under the applicable age, contact us at [email protected].

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we'll notify you via email and post a prominent notice on our website. Continued use after changes constitutes acceptance of the updated policy.

Questions or Concerns?

We're here to help with any privacy questions or concerns. We're committed to transparency and responsiveness.

Email:

[email protected]

Response Time:

We aim to respond to all privacy inquiries within 72 hours and resolve requests within 30 days.

This Privacy Policy is part of our commitment to transparency and user privacy.

tribecode

Legal Document

Privacy Policy

Your privacy is fundamental. Here's exactly how we protect your data and what we collect.

Effective Date: January 1, 2025 | Last Updated: January 8, 2025

Our Commitment to Privacy

Who We Are

Consent-Based Data Collection

You Control What We Collect

tribe tutor enable

Enable telemetry collection (requires consent)

tribe tutor disable

Stop all data collection immediately

Information We Collect (With Your Consent)

1. AI Interaction Data (Consent Required)

When you enable telemetry collection, we may collect:

Source code: Code snippets and files you interact with via AI tools
Prompts: Questions and instructions you give to AI coding assistants
AI responses: Code suggestions, explanations, and generated content from AI tools
File contents: Content of files involved in AI interactions
Diffs and edits: Changes made with AI assistance

This data is ONLY collected when you explicitly enable telemetry and grant consent.

2. Metadata (Always Collected When Enabled)

Timestamps: When you interact with AI coding tools
Tool identifiers: Names of AI tools used (e.g., Claude Code, Cursor)
Token counts: Input and output token usage
Project names: Repository or folder names
Event types: Type of interaction (chat, completion, edit, etc.)
Session IDs: Anonymous identifiers for grouping related interactions
Usage statistics: Frequency of tool usage, project associations

What We NEVER Collect (Automatic Redaction)

Before any data leaves your machine, TRIBE automatically scans and redacts:

Personally Identifiable Information (PII): Email addresses, phone numbers, names, addresses, SSNs, credit card numbers
Secrets and credentials: API keys, passwords, tokens, private keys
Environment variables: Configuration values, connection strings, secrets in .env files
Authentication tokens: OAuth tokens, session tokens, JWTs
Database credentials: Usernames, passwords, connection strings
Cloud credentials: AWS keys, Google Cloud keys, Azure credentials

You Are Alerted: If sensitive data is detected, you receive an alert BEFORE upload with the option to review or cancel.

3. Account Information

Email address: For account creation and communication
Profile information: Name and preferences you choose to provide
Authentication tokens: OAuth tokens from GitHub or other providers (encrypted)
API keys: Keys you generate for integrations (hashed and encrypted)

4. Analytics and Technical Data

Device information: Operating system, browser type (not device identifiers)
IP address: For security and service provision (anonymized after 30 days)
Log data: Error logs, performance metrics, access logs
Cookies: Essential cookies for authentication and preferences

How We Use Your Information

We use collected information for these purposes:

Provide analytics: Generate insights about your AI tool usage patterns, productivity metrics, and usage trends
Generate insights: Use collected code and prompts to provide personalized recommendations and productivity insights
Improve the Service: Identify bugs, optimize performance, and develop new features
Security: Detect and prevent fraud, abuse, security incidents, and unauthorized access
Communication: Send important service updates, insights reports, security alerts, and support responses
Team analytics: For Teams plan users, provide aggregated analytics across team members

We DO NOT sell your data to third parties or use it for advertising purposes.

How We Protect Your Data

Local-First Architecture

By default, all telemetry data is stored locally on your machine in an encrypted database. Data never leaves your computer unless you explicitly enable cloud sync or team features.

Local SQLite database with AES-256 encryption at rest
Stored in your user directory (isolated from other users)
Can be deleted anytime via CLI commands

Automatic Redaction System

Before any data is transmitted (if you enable cloud sync), our redaction engine:

Scans all content: Uses pattern matching and ML to detect sensitive information
Redacts automatically: Removes PII, secrets, credentials, and sensitive env vars
Alerts you: Shows what was redacted and asks for confirmation before upload
Allows review: You can cancel the upload if you're not comfortable
Keeps you safe: Even if you miss something, the system catches it

Optional Cloud Sync

If you enable cloud sync or team features, your data is protected by:

End-to-end encryption: Data encrypted before transmission using AES-256
Zero-knowledge architecture: Encryption keys never leave your device—we cannot read your encrypted data
Secure transmission: TLS 1.3 for all data in transit
Isolated storage: Each user and team has separate encryption keys and data silos
SOC 2 Type II certified infrastructure: Regular security audits and compliance reviews

Security Measures

Regular security audits and penetration testing
Access controls and role-based permissions for team features
Audit logging of all data access
Automatic security updates
Incident response procedures and security monitoring
Employee security training and background checks

Data Retention

You control retention periods:

Telemetry data: Configurable retention (default: 90 days, maximum: 2 years)
Account data: Retained while your account is active
After account deletion: All data permanently deleted within 30 days
Backups: Deleted from backup systems within 90 days
Logs: Anonymized after 30 days, deleted after 1 year

Information Sharing and Disclosure

We DO NOT sell your data. Ever.

Your data is not a product. We will never sell, rent, or trade your information to advertisers, data brokers, or any third parties for their marketing purposes.

We only share information in these limited circumstances:

1. With Your Consent

When you explicitly authorize us to share information (e.g., connecting to GitHub for commit integration).

2. Team Members

For Teams plan users, aggregated analytics are shared with team administrators. Individual detailed telemetry remains private to each team member unless explicitly shared.

3. Service Providers

We work with trusted third-party service providers under strict confidentiality agreements:

Cloud hosting: Infrastructure providers (AWS, Google Cloud) for cloud sync feature
Analytics: Minimal, anonymized usage analytics for service improvement
Payment processing: Stripe for subscription billing (we don't store credit card numbers)
Email delivery: Transactional email services for account notifications

All service providers are prohibited from using your data for any purpose other than providing services to us.

4. Legal Obligations

We may disclose information if required to:

Comply with valid legal process (subpoena, court order, warrant)
Enforce our Terms of Service
Protect the rights, property, or safety of TRIBE, our users, or the public
Detect, prevent, or address fraud, security, or technical issues

We will notify you of legal requests unless prohibited by law.

5. Business Transfers

If TRIBE is acquired, merged, or sells assets, your information may be transferred. We will notify you and ensure continued protection of your data under this Privacy Policy or request your consent.

Your Rights and Control

You have complete control over your data. Depending on your location, you may have the following rights:

Data Access & Management

Access: Request a copy of all data we have about you
Correction: Update or correct inaccurate information
Deletion: Delete your account and all associated data
Export: Download your data in CSV or JSON format

Privacy Controls

Disable collection: Stop telemetry collection anytime
Pause collection: Temporarily stop without losing data
Opt out of emails: Unsubscribe from non-essential communications
Withdraw consent: Revoke permission for data collection at any time

Quick Control Commands

tribe tutor disable

Stop all data collection immediately

tribe tutor export --format=json

Export all your data

tribe tutor delete --confirm

Permanently delete all collected data

Exercising Your Rights

To exercise these rights:

Use the CLI commands above for immediate control
Access your dashboard at tribecode.ai/tribe for data management
Email us at [email protected] for assistance

We will respond to verified requests within 30 days. No fees unless requests are excessive or unfounded.

International Data Transfers

We use appropriate safeguards including standard contractual clauses, end-to-end encryption, and adequacy decisions for international transfers.

Children's Privacy

TRIBE is not intended for children under 13 (or 16 in the European Economic Area). If you believe we have collected information from a child under the applicable age, contact us at [email protected].

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we'll notify you via email and post a prominent notice on our website. Continued use after changes constitutes acceptance of the updated policy.

Questions or Concerns?

We're here to help with any privacy questions or concerns. We're committed to transparency and responsiveness.

Email:

[email protected]

Response Time:

We aim to respond to all privacy inquiries within 72 hours and resolve requests within 30 days.

This Privacy Policy is part of our commitment to transparency and user privacy.