Privacy Policy

Last updated: April 14, 2026

Effective date: April 14, 2026

0dai (“we”, “us”, or “our”) operates the 0dai CLI, the 0dai API service at 0dai.dev, and related infrastructure. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding that information.

1. Information We Collect

1.1 Account Information

When you authenticate with 0dai (via Google OAuth or GitHub OAuth), we collect:

  • Your email address
  • Your display name
  • Avatar URL provided by the OAuth provider
  • OAuth provider ID (Google or GitHub)
  • Account creation timestamp

1.2 Project Telemetry

When you run 0dai init, 0dai sync, or other commands that communicate with our API, we collect:

  • Detected project stack (e.g., next-ts, python-fastapi)
  • CLI version number
  • Number of files generated or updated
  • Plan tier (free, pro, team)
  • Anonymous device fingerprint (hash of machine identifiers)
  • IP address (for rate limiting and abuse prevention)

We do not collect your source code, file contents, environment variables, API keys, or any secrets from your machine.

1.3 Usage Analytics

We operate self-hosted analytics (Umami) to understand feature usage and improve the service. This includes:

  • Page views on 0dai.dev
  • Feature interaction (which commands are used, how often)
  • Session duration and navigation paths

All analytics infrastructure is self-hosted. We do not use Google Analytics, Mixpanel, or any third-party analytics providers.

1.4 Feedback and Reports

When you submit feedback or project reports via 0dai feedback push or 0dai report push, we store:

  • Project stack and plan tier
  • CLI version and file counts
  • Feedback content (text you choose to send)
  • Timestamp and anonymous device fingerprint

1.5 Session and Swarm Data

When you use swarm delegation or session roaming, we may store:

  • Task descriptions and outcomes (not code)
  • Model selection decisions and costs
  • Session metadata (duration, status, tool used)

2. How We Use Information

We use collected information for:

  • Providing and maintaining the 0dai service
  • Authenticating your identity and managing your account
  • Enforcing plan limits and rate limits
  • Improving AI model recommendations and tool quality
  • Measuring feature usage to guide product development
  • Detecting and preventing abuse and fraud
  • Sending service-related notifications

3. Legal Basis for Processing (GDPR)

If you are a resident of the European Economic Area (EEA), our legal basis for processing your data includes:

  • Contract performance: Processing necessary to provide the 0dai service you requested
  • Legitimate interests: Improving our service, preventing fraud, and ensuring security
  • Consent: Where you have explicitly consented (e.g., feedback submission)

4. Data Sharing and Third Parties

0dai does not sell personal data to third parties.

We may share limited data with:

  • OAuth providers: Google and GitHub, solely for authentication purposes
  • Infrastructure providers: Our hosting provider (server logs may contain IP addresses)
  • Legal requirements: When required by law or to protect our rights and safety

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account or request data deletion:

  • Account data (email, name, avatar) is deleted within 30 days
  • Anonymized telemetry data may be retained in aggregate form
  • Backup copies may persist for up to 90 days before being overwritten

6. Your Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request limitation of processing

To exercise any of these rights, contact us at hello@0dai.dev. We will respond within 30 days.

7. Children's Privacy

0dai is not directed to individuals under 16. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 16, we will delete it promptly.

8. Security

We implement reasonable security measures to protect your data, including:

  • HTTPS/TLS encryption for all API communications
  • Hashed device fingerprints (not raw identifiers)
  • Rate limiting and abuse detection systems
  • Restricted access to user data on our servers

No system is 100% secure. We cannot guarantee absolute security but will notify you of any data breach as required by law.

9. International Data Transfers

0dai's infrastructure may be located in jurisdictions different from your own. By using our service, you consent to the transfer of your data to these jurisdictions.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting the updated policy on this page with a new “Last updated” date.

11. Contact

For privacy questions, data requests, or complaints, contact:

hello@0dai.dev

If you are an EEA resident and have unresolved concerns, you have the right to lodge a complaint with your local data protection authority.