Refactyl ("we", "our", "us") operates the website https://www.refactyl.com (the "Service").
This Privacy Policy explains how we collect, use, store, and protect user data when you use Refactyl.
1. Summary
- •Your code belongs to you
- •You also own all refactored/migrated outputs
- •We process code only to generate migrations
- •Code is stored temporarily and deleted after 7 days
- •Code is processed in isolated Docker containers
- •Third-party LLM providers are used only to generate outputs for you
- •We do not sell data
- •We do not train models on your code
- •Questions? Contact us at refactyl@gmail.com
2. Information We Collect
a) Information You Provide
- Name
- Email address
- Authentication credentials
- Uploaded source code and configuration files
b) Automatically Collected Information
- IP address
- Browser and device information
- Usage metadata (timestamps, request logs)
- Cookies and local storage identifiers
3. Source Code Handling & Ownership
Code Ownership
- You retain full ownership of all source code you upload.
- You also retain ownership of all AI-generated refactored outputs.
- Refactyl does not claim any intellectual property rights over your code or outputs.
How Code Is Processed
- Source code is uploaded by the user.
- Code is securely stored in cloud storage (e.g., AWS S3).
- Code is copied into an isolated, ephemeral Docker container.
- Automated refactoring and migration is performed.
- Migrated output is stored temporarily for download.
- The processing container is terminated.
Retention & Deletion
- Original and migrated code is automatically deleted within 7 days of processing.
- Deleted data is not recoverable. Users may request earlier deletion by contacting us.
4. Use of Third-Party AI Services
Refactyl uses third-party Large Language Model (LLM) providers (such as OpenAI) to generate code refactoring and migration outputs.
- Only the minimum required portions of code are sent for processing.
- Code is used solely to generate results for the requesting user.
- Refactyl does not permit LLM providers to train models on user code where such controls are available.
- AI-generated outputs are provided as-is and require user review.
5. Authentication Data & Storage
Cookies
We use functional cookies to:
- Maintain session state
- Store UI preferences (e.g., sidebar state)
These cookies do not store personal or sensitive information.
Local Storage
Authentication tokens are stored in browser local storage:
- Access tokens (JWT)
- Refresh tokens (JWT)
These tokens are required to access authenticated features.
6. Security
We implement reasonable technical and organizational safeguards, including:
- Encrypted storage
- Isolated execution environments
- Limited access controls
However, no system is 100% secure. You use the Service at your own risk and are responsible for securing your device and browser environment.
7. Third-Party Services
We use trusted third-party providers, including:
- Cloud storage and infrastructure (e.g., AWS S3)
- AI processing services (third-party LLM providers)
- Hosting and deployment platforms (e.g., Vercel)
- Payment processors (e.g., Stripe)
- Fonts and static assets (e.g., Google Fonts)
These providers process data under their own privacy policies.
8. Data Retention
- Account data is retained while your account is active.
- Source code is retained for no longer than 7 days after processing.
- Users may request account or data deletion at any time.
9. Your Rights (EU Users)
If you are located in the EU, you have the right to:
- Access your data
- Correct inaccurate data
- Request deletion
- Restrict or object to processing
- Request data portability
Legal basis for processing:
- User consent
- Contractual necessity
- Legitimate business interests
10. California Privacy Rights
California residents may:
- Request disclosure of collected personal information
- Request deletion of personal information
- Opt out of any sale of personal data (we do not sell data)