Talk to us Get early access
Product Pricing About Careers Blog Talk to us
Legal

Privacy policy

Effective date · 1 May 2026 Last updated · 1 May 2026 Version · 1.0

This Privacy Policy explains what personal information aiworklab ("aiworklab", "we", "us") collects, how we use it, who we share it with, and the choices you have. We've tried to write it in plain English. If anything is unclear, write to legal@aiworklab.com and a human will answer.

The short version

We are a local-first product. Your source code never reaches our servers. The skill graph that powers our learning features is stored on your device by default. If you opt in to cloud sync, only concept-level facts (e.g. "user demonstrated jwt-lifecycle on 14 April") are synchronised — never code, never diffs, never the literal text of your prompts.

Information we collect

1. Information you give us

  • Account information. Email, name, organisation (Team / Enterprise tiers), and authentication tokens issued by your identity provider.
  • Billing information. Processed by our payment processor (Stripe). We never store full card numbers; we store the last four digits, card brand, and a Stripe customer ID.
  • Communications. When you email us at any of our published addresses, we keep a copy of the conversation so we can follow up.

2. Information your device generates

  • Local skill graph. Stored on-device. Includes concept identifiers, your state on each (encountered, explained, demonstrated, mastered), spaced-retrieval scheduling data, and timestamps of events.
  • Local diff hashes. We hash diffs to dedupe events. The hash is local-only and never transmitted.
  • Diagnostic logs. Locally rotated. Sent to us only if you explicitly attach a log to a support request.

3. Information our servers see

  • If you opt in to cloud sync (Pro and above): concept-level skill graph deltas — i.e. "user‐1234 transitioned concept jwt‐lifecycle from demonstrated to mastered at <timestamp>." No code, no diff content, no prompt text.
  • If you use a Team or Enterprise plan: aggregated, anonymised concept telemetry across the team for the org dashboard. Aggregations are computed on the server; the raw stream is concept-level only.
  • Standard web/server logs. IP address, user-agent, timestamps. Used for security and abuse prevention. Retained 30 days.

4. Information we do not collect

  • Your source code, file paths, repository contents, or commit messages.
  • The literal text of your prompts to the LLM, the agent's reasoning traces, or the diffs the agent generates.
  • Your LLM provider credentials. These are stored in your operating system's keychain and used directly by the desktop app — they never reach us.
  • Keystrokes, screen content, telemetry from outside aiworklab itself.

How we use information

  • To operate, maintain, and improve the product.
  • To provide the org-level dashboard to administrators on Team and Enterprise tiers.
  • To bill you and meet our tax and accounting obligations.
  • To respond to your support requests and other communications.
  • To detect and prevent abuse, fraud, or security incidents.
  • To comply with applicable law.

We do not sell or rent your personal information. We do not use your data to train any AI model — ours or anyone else's.

Sharing

We share personal information only with service providers that are operationally required for the product to work, and only the minimum necessary. Our current sub-processors are listed at aiworklab.com/security and updated when they change.

We will share information with law enforcement only when compelled by valid legal process, and we will challenge overbroad requests. Where legally permitted, we will notify you before responding.

International transfers

Our servers are located in the United States. If you access aiworklab from outside the US, your information will be transferred to and processed in the US. For users in the EEA, UK, or Switzerland, transfers are made under the European Commission's standard contractual clauses where applicable.

Retention

  • Account information: as long as your account is active, then 90 days after closure.
  • Billing information: as required by tax law in our jurisdictions, typically 7 years.
  • Cloud-synced skill-graph data: as long as your account is active. Deleted within 30 days of account closure.
  • Server logs: 30 days, then deleted.

Your rights

Depending on where you live, you may have the right to access, correct, delete, or export the personal information we hold about you, and to object to or restrict certain processing. To exercise any of these rights, email legal@aiworklab.com. We respond within 30 days.

Children

aiworklab is intended for use by people aged 16 or older (13+ with school authorisation in our Education tier). We do not knowingly collect information from younger users. If you believe a younger user has signed up, contact us and we'll delete the account.

Changes to this policy

If we make a material change, we'll email registered users at least 14 days before it takes effect. Non-material changes (typo fixes, clarifications) will be reflected in the "last updated" date above.

Contact

For privacy questions, data subject requests, or to file a complaint:
Email: legal@aiworklab.com
Mail: aiworklab, 600 California Street, 11th Floor, San Francisco, CA 94108, USA