/legal
back to app →

Privacy Policy

Last updated: 13 May 2026 · Version 2026-05-13

This Privacy Policy explains what personal data artifuncs.com collects, why we collect it, how we use and share it, and what choices you have. It applies to anyone who visits the site or uses the Service, and it forms part of our Terms and Conditions.

1. Who we are

The data controller for the personal data described here is artifuncs (we, us). You can reach us at privacy@artifuncs.com.

2. Data we collect

We collect only what we need to run the Service and to keep it safe:

  • Account data. Email address (used for sign-in), chosen username, optional first/last name, language preferences, the agreement versions you have accepted, and a record of whether you opted in to marketing email.
  • Authentication data. Short-lived verification codes (delivered by email), refresh and access tokens stored in cookies, and audit metadata such as the timestamp and IP address of significant authentication events.
  • Tool content. The source code, configuration (artifuncs.json), assets, and version history of tools you create, stored in our Gitea instance.
  • Execution data. Inputs you pass to a tool run, the resulting outputs, runtime logs, error traces, and aggregated resource-usage metrics (CPU, memory, wall time). Inputs and outputs of tool runs are processed in transit and may be persisted for a limited period to power features such as run history.
  • Usage telemetry. Pages visited, features used, GraphQL operations invoked, an opaque per-tab session identifier stored in sessionStorage for tool-usage analytics, request timestamps, IP address, and user-agent. We use this for product analytics, billing-relevant counters, abuse detection, and rate-limiting.
  • Cookies and similar storage. A small number of strictly-necessary cookies for authentication and session continuity, and browser storage for UI preferences (such as theme and sidebar lock state). We do not use third-party advertising cookies.
  • Communications. The content of support requests, legal notices, or other messages you send us.

We do not deliberately collect sensitive categories of personal data (such as health, biometric, neural, or precise-location data). Please do not submit such data through tool inputs or shared content.

3. How we use the data

  • To provide the Service: authenticate you, host and version your tools, run tools in sandboxes, return results, and remember your settings.
  • To keep the Service safe and fair: enforce rate limits, detect abuse of sandbox compute, investigate security incidents, and enforce the Terms.
  • To improve the product: understand which features are used, debug errors, and prioritise work.
  • To communicate with you: transactional messages (e.g. verification codes, security alerts, agreement updates), and — only if you have opted in — product and marketing email.
  • To comply with legal obligations and respond to lawful requests.

4. Legal bases (EEA / UK)

If you are in the European Economic Area or the United Kingdom, our legal bases under the GDPR / UK GDPR are: performance of the contract (to deliver the Service you signed up for), our legitimate interests in keeping the Service secure, abuse-free, and improving (balanced against your rights), consent (for marketing email, where given), and legal obligation (for tax, accounting, or compelled-disclosure purposes).

5. Sharing

We do not sell personal data and we do not share it with advertisers. We share data only with the following categories of recipients, under contractual controls:

  • Sandbox infrastructure providers (currently Daytona) — to run your tools. They receive the tool archive and the input passed for a given run, plus operational metadata.
  • Code-hosting infrastructure (our Gitea instance, hosted by us or a sub-processor on our behalf) — to store and version Your Content.
  • Email delivery provider — to send verification codes, security alerts, and (if opted-in) marketing email.
  • Hosting and observability providers — to run the platform itself (databases, application hosting, logs, error reporting).
  • Legal and professional advisors, regulators, and law enforcement — where we are legally required, or where we reasonably believe disclosure is necessary to protect rights, safety, or the integrity of the Service.
  • Successors — in the event of a merger, acquisition, or asset sale, subject to confidentiality and to this Policy continuing to apply to your data.

If processing involves a transfer of personal data out of the EEA or the UK to a country that does not have an adequacy decision, we rely on the appropriate safeguards (typically the EU Standard Contractual Clauses and/or the UK International Data Transfer Addendum).

6. Retention

We keep personal data only as long as we need it for the purposes above: account data while the account exists and for a limited grace period after deletion to handle disputes and back-up rotation; tool content for as long as you keep the tool on the Service; tool-execution logs and inputs typically for a short rolling window (currently up to 90 days) unless retained longer to investigate abuse or comply with law; aggregated and anonymised usage data indefinitely.

7. Your rights

Depending on where you live, you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate or incomplete data;
  • delete your data (we may retain what we need to comply with law or to defend legal claims);
  • port your data to another service in a machine-readable format;
  • restrict or object to certain processing, including direct marketing — you can opt out of marketing email at any time using the link in any marketing message or by emailing us;
  • withdraw consent where processing is based on consent (this does not affect prior processing);
  • not be subject to a decision based solely on automated processing that has legal or similarly significant effects — we do not currently make any such decisions about you;
  • complain to your local data protection authority (in the EEA/UK), or to exercise California-resident rights under the CCPA/CPRA, including the right to know, to delete, to correct, to opt out of sale or sharing, and to limit the use of sensitive personal information — although, as noted, we do not sell personal data and do not knowingly collect sensitive personal information.

To exercise any of these rights, contact privacy@artifuncs.com. We will respond within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before acting on a request.

8. Security

We use industry-standard administrative, technical, and physical controls to protect personal data: TLS for data in transit, encrypted storage for credentials and tokens, JWT-based authentication with refresh, rate limiting, principle of least privilege for staff access, and tenant isolation for sandboxes. No system is perfectly secure; if we become aware of a security incident affecting your personal data, we will notify you and the relevant authorities as required by law.

9. Children

The Service is not directed to children under 16 (or the higher age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Cookies

We use:

  • Strictly necessary cookies — for sign-in, session continuity, and CSRF protection. The Service does not work without these and they do not require consent under GDPR.
  • Preference storage in your browser's localStorage / sessionStorage — for theme, sidebar state, and a per-tab tool-usage session id used to count runs you initiate.

We do not use third-party advertising or cross-site tracking cookies. You can clear cookies or local storage from your browser at any time; doing so will sign you out and reset preferences.

11. Changes to this Policy

We will update this Policy as the Service evolves. The "Last updated" date at the top reflects the current version. If a change is material we will notify you in-product or by email before it takes effect. We retain versioned consent records so the version that applied at the time of your acceptance is preserved.

12. Contact

Privacy questions, requests to exercise rights, or complaints: privacy@artifuncs.com.