Privacy Policy

The Service is operated by Vellora AI, Inc., a Delaware corporation, under the Mithrandir Wizard Systems and MWS IDE names. For privacy questions, contact privacy@vellora.ai.

We collect only the information needed to operate the Service:

• Account information, including email address, user ID, account status, and authentication session data.
• Password authentication material, such as password hashes handled by our authentication provider. We do not store plain-text passwords.
• Subscription and billing information, including plan, status, Stripe customer ID, Stripe subscription ID, billing-period dates, invoices, and payment status.
• Token-plan usage totals, including included tokens, used tokens, remaining tokens, credit tokens, and current billing period.
• IDE authentication metadata needed to connect a signed-in account to an IDE session, including state values, redirect URI values, device names, and short-lived authorization codes.
• Essential website session cookie data stored in your browser, including user, entitlement, access token, and expiration timestamp.
• Basic request and security logs, such as IP address, user agent, timestamps, endpoint paths, response status, and abuse-prevention signals.
• Messages you choose to send to us, including support, legal, privacy, or billing communications.

We do not collect, transmit, store, log, cache, mirror, index, copy, inspect, or retain:

• Your source code, repository contents, file contents, or project contents.
• File names, folder names, project structure, local paths, diffs, commits, branches, secrets, credentials, private keys, or environment files.
• Prompts, completions, edits, cursor position, keystrokes, terminal output, IDE telemetry, or model interaction payloads.
• Training data, benchmark data, fine-tuning data, evaluation data, or derived datasets from your code or development activity.
• Advertising identifiers, third-party marketing cookies, cross-site tracking identifiers, or browsing activity outside the Service.

Your code and local IDE state stay on your device. Vellora does not have access to your local code through the Service.

We use collected information to:

• Create, secure, authenticate, and maintain your account.
• Provide IDE sign-in, dashboard access, billing, subscriptions, and token-plan accounting.
• Process payments, invoices, taxes, chargebacks, refunds, and subscription changes.
• Prevent abuse, fraud, unauthorized access, service misuse, and security incidents.
• Respond to support, privacy, legal, billing, and account requests.
• Comply with legal, tax, accounting, regulatory, and dispute-resolution obligations.

We do not use your code, prompts, completions, edits, files, or project materials to train, fine-tune, evaluate, benchmark, red-team, improve, or develop AI models.

Where GDPR, UK GDPR, or similar laws apply, our legal bases may include performance of a contract, legitimate interests in operating and securing the Service, compliance with legal obligations, and consent where consent is required. You may withdraw consent where processing is based on consent.

We share information only as needed to operate the Service, comply with law, protect rights and security, or complete a corporate transaction. We do not sell your personal information or share it for cross-context behavioral advertising.

Our current service-provider categories include:

• Stripe for payment processing, invoices, subscriptions, taxes, fraud prevention, and billing records.
• Supabase or equivalent backend providers for authentication, user records, entitlements, database hosting, and secure API operations.
• Vercel or equivalent hosting and infrastructure providers for website hosting, deployment, routing, logs, and uptime.
• Email and support providers if you contact us or receive account, legal, billing, or security notices.

Service providers are authorized to process information only for the services they provide to us and are not permitted to use your information for model training or advertising on our behalf.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not use or disclose your personal information, code, prompts, completions, edits, files, project materials, or telemetry for model training, model improvement, advertising, data brokerage, or third-party analytics.

For California, Virginia, Colorado, Connecticut, Utah, and other state privacy laws, Vellora does not sell or share your personal information as those terms are commonly used for ad targeting. If our practices change, we will update this Policy and provide required opt-out rights.

We keep account and entitlement records while your account is active and for up to 30 days after account deletion unless a longer period is needed for security, fraud prevention, legal compliance, dispute resolution, backups, or legitimate business operations.

Billing, invoice, tax, chargeback, and accounting records may be retained for the period required by law, generally up to seven years. Essential browser session cookies expire automatically based on the session duration or when you sign out.

We use administrative, technical, and organizational safeguards designed to protect information, including encrypted transport, scoped access, session expiration, secure-cookie attributes where available, provider access controls, and operational monitoring. No online service is perfectly secure, and you are responsible for protecting your devices, passwords, IDE installation, local repositories, secrets, and account credentials.

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to processing of your personal information, and to withdraw consent where applicable. You may also have the right to appeal a privacy-rights decision.

To make a request, email privacy@vellora.ai. We may verify your identity before fulfilling a request. We will not discriminate against you for exercising privacy rights.

The website uses an essential session cookie named mws_session to keep you signed in, store account entitlement information, and protect authenticated dashboard flows. This cookie uses same-site restrictions and the secure attribute when served over HTTPS.

We do not use advertising cookies, third-party marketing cookies, or analytics cookies on this website. If we add non-essential cookies in the future, we will provide any notice and consent controls required by law.

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 provided personal information to us, contact us and we will take appropriate steps to delete it.

Vellora is based in the United States. Your information may be processed in the United States and other countries that may have data-protection laws different from those where you live. Where required, we rely on appropriate safeguards such as standard contractual clauses, provider data-processing terms, or other lawful transfer mechanisms.

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised last-updated date. If an update materially changes how we process personal information, we will provide additional notice when required by law.

Privacy questions, requests, and notices may be sent to Vellora AI, Inc. at privacy@vellora.ai. Legal notices may be sent to legal@vellora.ai.