Privacy — Pisces

Plain language, the short version: we send your prompts and project code to the AI providers we use. We don't sell anything, run third-party tracking SDKs, or look at your code unless you ask us to.

What we collect.

Account info — email, username, password hash, billing details (handled by Stripe; we never see your card).
Usage data — which tools you call, how many PU you spend, when you connect / disconnect. Used to bill you and improve the agent.
Conversation content — what you type to Pisces and what tool calls are made on your behalf. Used to fulfill the request and (rarely, in aggregated, anonymized form) to improve prompts.
Code + project state — when the agent calls read_scripts, grep_scripts, etc., the relevant source is sent through the system. Stored in cache for the duration of your session, plus a short retention window for debugging.

What we don't.

No third-party analytics SDKs (no Google Analytics, Segment, FullStory, Hotjar, etc.).
No advertising pixels.
No fingerprinting libraries.
No selling, trading, or "partnering" with your data.
The plugin doesn't phone home when you're disconnected.

Where the requests go.

Your messages and code are routed to the AI provider that powers the model you selected — currently MiniMax for Dolphin/DeepDive, and OpenCode Zen for the Titan/Orca/Kraken family. The providers process the request under their published API terms; we don't share data outside what each request technically requires. Provider terms generally state they don't train on API traffic — we link to each provider's policy from the dashboard rather than restating it here. We log request metadata (model, token counts, tool calls) for billing and abuse review, not the content of your code or prompts.

Cookies, sessions, storage.

Session cookie — keeps you logged in. Standard, secure, HttpOnly.
Local storage — your draft message, attachment pills, theme preference. Lives in your browser, never sent to us automatically.
No cross-site tracking. The site sets no third-party cookies.

How long we keep things.

Account record — for the life of the account, plus 30 days after you delete it.
Conversation logs — 90 days, then aggregated and the original is dropped.
Plugin script snapshots — 30 days rolling, then evicted.
Billing records — 7 years (legal requirement).

Your rights.

You can:

Export all your data. Use the dashboard's Message the developer form from your account; we ship a JSON dump within 7 days.
Delete your account from the dashboard. Data is purged within 30 days; backups roll off within 90.
Opt out of any non-essential processing (rare since we don't do much). Same form as above.

Children.

Pisces is for builders 13 and older. If you're under 13, please don't sign up. If we learn we have an account that shouldn't exist, we delete it.

Changes to this policy.

We post material changes here with the new effective date and notify active users by email. Older versions of this page are kept in our backups so you can ask via the dashboard form for a previous revision if you need it.

Contact.

Privacy questions and general support both go through the dashboard's Message the developer form once you're signed in. We read everything that lands there.

Privacy policy.