Privacy Policy

1. Introduction

This Privacy Policy describes how Arbiter ("we", "us", or "our") collects, uses, and shares information when you use our software and services (the "Service"). By using Arbiter, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

When you use Arbiter, you provide:

• Configuration Data: Settings you configure including GitHub repository names, labels, and preferences
• GitHub Token: Your GitHub Personal Access Token (stored locally on your machine, encrypted if possible)
• License Information: License key, email address, and payment information (processed by our payment provider)
• AI Provider Credentials: API keys or configuration for third-party AI services you choose to use (stored locally)

2.2 Information Automatically Collected

The Service may automatically collect:

• Usage Data: Information about how you use the Service, including command execution, feature usage, and error logs
• System Information: Operating system, Node.js version, and Arbiter version
• License Validation: Periodic checks to validate your license status

2.3 Information We DO NOT Collect

Important: We do NOT collect or store:

• Your source code or repository contents
• GitHub issue or pull request data (except locally on your machine)
• Code generated by AI tools
• Your GitHub username or account details (beyond what's needed for license validation)

3. How We Use Your Information

3.1 To Provide the Service

We use collected information to:

• Operate and maintain the orchestration service
• Process and manage your license and subscription
• Validate license status and enforce usage limits
• Provide customer support and respond to inquiries
• Send important service updates and notifications

3.2 To Improve the Service

We may use aggregated, anonymized usage data to:

• Understand how users interact with the Service
• Identify and fix bugs or performance issues
• Develop new features and improvements
• Analyze usage patterns and trends

3.3 For Legal Compliance

We may use your information to:

• Comply with legal obligations and regulations
• Respond to legal requests and prevent fraud
• Enforce our Terms and Conditions
• Protect our rights, property, and safety

4. Data Storage and Security

4.1 Local Storage

The majority of your data is stored locally on your machine:

• Configuration Files: Stored in ~/.arbiter/config.yaml
• Workspace Data: Repository clones, branches, and working files stored in ~/.arbiter/workspaces/
• State Files: Run state and history stored in ~/.arbiter/state.json
• Logs: By default, stored locally in ~/.arbiter/runs/

You are responsible for securing your local machine and backup of this data.

4.2 Optional Cloud Storage

If you configure cloud storage options:

• PostgreSQL/Elasticsearch: If you configure a remote database for logs, log data will be stored according to your configuration
• You control where this data is stored (your own database, third-party hosting, etc.)
• We do not provide hosted database services by default

4.3 Our Server Storage

We store minimal data on our servers:

• License Information: License keys, email addresses, subscription status, and billing information
• Analytics (Optional): Anonymous usage statistics if you opt-in

We do NOT store your code, repository data, or AI-generated content on our servers.

4.4 Security Measures

We implement security measures to protect your information:

• Encryption in transit (HTTPS/TLS) for all network communications
• Secure storage of license and payment information
• Regular security audits and updates
• Access controls and authentication for our systems

However, no method of transmission or storage is 100% secure. You use the Service at your own risk.

5. Third-Party Services and Data Sharing

5.1 GitHub

Arbiter integrates with GitHub using your Personal Access Token:

• Your token is stored locally on your machine
• The Service uses your token to access GitHub's API on your behalf
• Data exchanged with GitHub is subject to GitHub's Privacy Policy
• We do not receive or store your GitHub data on our servers

5.2 Third-Party AI Providers

When you configure third-party AI services:

• Anthropic (Claude): If you use Claude Code, your code and prompts are sent to Anthropic's API. See Anthropic's Privacy Policy
• Ollama: Runs locally by default; data stays on your machine unless you configure remote instances
• LM Studio: Runs locally by default; data stays on your machine unless you configure remote instances
• Cursor: If you use Cursor Agent, data is subject to Cursor's privacy policy

Important: We do not control and are not responsible for the data practices of third-party AI providers you choose to use.

5.3 Payment Processor

We use Lemon Squeezy to process payments:

• Payment information is collected and processed by Lemon Squeezy
• We do not store your credit card or payment details
• See Lemon Squeezy's Privacy Policy

5.4 Analytics (Optional)

We may use analytics services to understand usage patterns:

• Analytics are opt-in and can be disabled in settings
• Only anonymous, aggregated data is collected
• No personally identifiable information is included

5.5 When We Share Information

We do not sell your personal information. We may share information:

• With Service Providers: Payment processors, hosting providers, and support tools
• For Legal Reasons: When required by law, court order, or to protect our rights
• Business Transfers: In the event of a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize us to share information

6. Data Retention

6.1 Local Data

Data stored locally on your machine remains until you delete it:

• You can delete workspaces, logs, and configuration at any time
• Uninstalling Arbiter does not automatically delete local data
• You are responsible for managing and deleting local data

6.2 Server Data

We retain server-side data as follows:

• Active Licenses: Retained for the duration of your subscription
• Inactive Licenses: Retained for up to 2 years after cancellation for legal/accounting purposes
• Usage Analytics: Retained in aggregated form indefinitely; individual data deleted after 90 days
• Support Tickets: Retained for up to 3 years

7. Your Privacy Rights

7.1 Access and Portability

You have the right to:

• Request a copy of the personal information we hold about you
• Export your license and billing information
• Access all local data stored on your machine directly

7.2 Correction and Deletion

You have the right to:

• Correct inaccurate information we hold about you
• Request deletion of your personal information (subject to legal retention requirements)
• Cancel your subscription and request account deletion at any time

7.3 Opt-Out

You have the right to:

• Opt-out of marketing communications (while still receiving service updates)
• Disable analytics and telemetry in application settings
• Revoke GitHub and AI provider permissions at any time

7.4 Exercising Your Rights

To exercise these rights, contact us at privacy@git-arbiter.com. We will respond within 30 days.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place for international transfers.

9. Children's Privacy

Arbiter is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about data collection, use, and sharing
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information (we do not sell data)
• Non-Discrimination: We will not discriminate against you for exercising your rights

Contact us at privacy@git-arbiter.com to exercise these rights.

11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right of Access: Obtain confirmation of data processing and a copy of your data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for data processing at any time

Our legal basis for processing your data includes: performance of contract, legal obligations, and legitimate interests. Contact us to exercise your rights.

12. Do Not Track

Some browsers have a "Do Not Track" feature. We do not currently respond to Do Not Track signals. You can disable analytics and telemetry in the application settings.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification (for significant changes)

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

15. Summary of Key Points

Topic	Key Point
Data We Collect	Configuration, license info, usage data (NOT your code)
Where It's Stored	Mostly on your local machine; minimal data on our servers
Code & Repository Data	Stored locally only; never sent to our servers
Third-Party Sharing	GitHub API, AI providers you configure, payment processor
Your Rights	Access, correction, deletion, opt-out, data portability
Security	Encryption in transit, secure storage, regular audits
Contact	privacy@git-arbiter.com