Last updated 2026-05-27

Privacy

What we collect, what we don't, who processes it, and how to get rid of it. Written in plain language because we expect operators to actually read it.

What we collect

Only the inputs we need to run the service for you. Today that means:

  • Your email address.
  • Your GitHub handle and, once connected, the repositories you authorize.
  • The PRD content you submit for audit, plus the repo URLs and project metadata required to operate on them.
  • The fields you fill out on the beta-signup form: what you're building, the build stage, the AI tools you already use, and any free-form notes you choose to add.
  • Standard request metadata (IP, user agent, timestamps) for the short period needed to serve traffic and prevent abuse.

There is no analytics SDK in v1. There is no marketing pixel. There is no fingerprinting.

What we don't collect

  • Your source code. It stays in the GitHub repository you control. The GitHub App opens pull requests; it does not exfiltrate your codebase to us.
  • Credit card details. Stripe handles payment data end-to-end. We receive a customer identifier and an invoice summary; we never see the card.
  • Data about your customers' customers. If your product collects end-user data, that lives in your systems under your privacy policy, not ours.

How we use what we collect

  • To run the service: audit your PRD, compose a harness, emit pull requests.
  • To send transactional email — beta invitations, account notifications, billing receipts. There is no marketing list in v1.
  • To open pull requests on your behalf, via the GitHub App you install, scoped to the repos you authorize.
  • To send PRD content to the Anthropic API for audit. Anthropic processes that content under their API terms.

Sub-processors

We use a small set of vendors to operate the service:

Cloudflare
Hosting, edge network, D1 database, static assets.
Anthropic
Claude API for PRD audit, contract synthesis, and review.
GitHub
OAuth and the GitHub App used to emit pull requests.
Stripe
Subscription billing, payment processing, invoice records.
Resend or Cloudflare Email Workers
Transactional email delivery.

We update this list when it changes. If we add a sub-processor that materially changes how your data is handled, we'll tell active customers by email.

Retention

  • Beta signups: retained until we invite you, or for eighteen months, whichever comes first. If we don't invite you and you don't ask us to delete it, the record expires automatically.
  • PRDs and project metadata for active customers: retained for the duration of your subscription plus ninety days after cancellation to allow restoration if you change your mind.
  • Billing records: retained as long as required by tax and accounting law in our jurisdiction.

Your rights

  • Export. Ask us and we'll send you a machine-readable copy of the data we hold for your account.
  • Delete. Ask us and we'll delete your account and the data tied to it. Backups age out on their normal schedule; we'll confirm in writing when the purge is complete.
  • Correct. Tell us what's wrong and we'll fix it.

Email [email protected] for any of the above. A human reads that inbox.

Jurisdiction

dark software factories is operated from the United States and governed by US law. We make no GDPR compliance claims at this stage — we are a solo-founder beta and the framework's machinery does not yet apply to us. We honor deletion and export requests regardless of where you live.

Changes to this policy

We'll update this page when our practices change. Material changes get an email to active customers thirty days before they take effect. The date at the top reflects the current revision.

Contact

[email protected]