This Privacy Policy describes how Groove Dev ("Groove," "we," "us," or "our") collects, uses, and shares information when you use our website groovedev.ai, our documentation at docs.groovedev.ai, our desktop application, and related services (collectively, the "Services").

By using the Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, do not use the Services.

1. Information we collect

Information you provide

• Account data: email address, display name, password (hashed), and, if you sign in with Google or GitHub, the basic profile information those providers share (name, email, avatar, profile URL).
• Payment data: when you subscribe to Pro or Teams, payment information is processed by Stripe. We do not store full card numbers. We retain only a Stripe customer ID, subscription ID, plan, status, and period end.
• Content you create: skills you publish on the marketplace, profile details (bio, website, social links), and support messages you send us.

Information collected automatically

• Usage data: pages viewed, features used, actions within the desktop app (aggregated and anonymized where possible).
• Device data: operating system, app version, browser user agent, IP address.
• Cookies and similar technologies: we use session cookies for authentication and Google Analytics for aggregate traffic analysis. See "Cookies" below.

Information the desktop app collects locally

The Groove desktop application runs primarily on your machine. Your agent sessions, code, and local data stay on your device. The app communicates with our servers only for: authentication, subscription validation, auto-updates, marketplace browsing, and any pro features that require our infrastructure (SSH relays, federation, cloud team management).

2. How we use your information

• Provide, operate, and improve the Services
• Authenticate you and secure your account
• Process subscriptions and payments via Stripe
• Validate your subscription status (the desktop app polls our API periodically)
• Send transactional emails (receipts, security alerts, service notifications)
• Respond to support requests
• Detect and prevent abuse, fraud, and security incidents
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data to train AI models.

3. Third-party services

We use a small number of third-party services to operate the platform:

• Stripe — payment processing and subscription management. Governed by Stripe's Privacy Policy.
• Google OAuth — optional sign-in. We receive your basic Google profile only with your consent during sign-in.
• GitHub OAuth — optional sign-in. We receive your basic GitHub profile only with your consent during sign-in.
• Google Analytics — aggregate traffic analysis. IPs are anonymized where supported.
• GitHub Releases — hosts our desktop app installers. Downloads are logged by GitHub under their terms.
• Cloud infrastructure providers — host our servers. Data is stored in data centers maintained by reputable providers with industry-standard security.

4. Cookies

We use the following categories of cookies:

• Authentication cookies (required): groove_token — an HttpOnly, Secure cookie scoped to .groovedev.ai used to keep you signed in. Expires after 30 days.
• Analytics cookies (optional): Google Analytics cookies for measuring aggregate site traffic. You can block these with your browser settings or ad blockers without affecting core functionality.

5. How we share information

We share information only in these circumstances:

• With service providers listed above, strictly to operate the Services.
• For legal reasons — if required by law, subpoena, or to protect safety and rights.
• In a business transfer — if Groove is acquired or merged, your data transfers with the company, with notice to you.
• With your consent — anything else requires your explicit approval.

6. Data retention

We retain account and subscription data while your account is active and for a reasonable period afterward to comply with tax, accounting, and legal obligations (typically up to 7 years for billing records). You can delete your account at any time — see "Your rights" below.

7. Data security

We use industry-standard measures to protect your data, including:

• TLS encryption for all data in transit
• Passwords hashed with bcrypt (not reversible)
• JWTs signed with HMAC-SHA256, short-lived sessions
• Scoped database access, audit logs
• Payment data never touches our servers — handled entirely by Stripe

No system is perfectly secure. If we learn of a breach affecting your data, we will notify you as required by law.

8. Your rights

Depending on where you live, you may have the following rights:

• Access — request a copy of the personal information we hold about you
• Correction — ask us to update inaccurate information
• Deletion — ask us to delete your account and associated data
• Portability — request your data in a portable format
• Opt out of analytics — disable Google Analytics via browser settings or cookie blockers

To exercise any of these rights, email us at privacy@groovedev.ai.

GDPR (EU/UK residents)

If you reside in the EU or UK, you have additional rights under the GDPR, including the right to restrict processing, object to processing, and lodge a complaint with a supervisory authority. Our legal basis for processing is typically performance of contract (providing the Services) and legitimate interest (security, fraud prevention, service improvement).

CCPA (California residents)

Under the CCPA, California residents may request disclosure of categories of personal information collected and sold in the past 12 months. We do not sell personal information.

9. Children's privacy

The Services are not directed to children under 13 (or 16 in the EU/UK). We do not knowingly collect information from children. If you believe we have, contact us and we will delete it.

10. International data transfers

Groove operates from the United States. If you access the Services from outside the U.S., your data may be transferred to and processed in the U.S. By using the Services, you consent to this transfer.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page with a new "Last updated" date. If changes are material, we will notify you via email or in-app notice.

12. Contact

Questions, requests, or concerns? Email us at privacy@groovedev.ai or reach us via your account page once signed in.