Privacy
Last updated: 2026-04-17 · Draft
Plain-English draft. Legible is in pre-launch. This page documents our current data practices in plain language so you can evaluate us. A formal policy (reviewed by counsel) lands before we charge any customer. Email [email protected] with questions.
What we collect
- Your email & password hash — so you can sign in. Passwords are hashed with bcrypt; we never see the plaintext.
- Your projects’ structured index — file paths, symbol names, call edges, import specifiers. Not your source code. The CLI parses locally; only the extracted metadata crosses the wire.
- Runtime traces you record — V8 cpuprofile spans (function name, script URL, line, duration). Secrets are redacted client- and server-side before storage.
- Your API token — issued at signup, stored at rest.
- Request logs — standard web-server logs (IP, user-agent, path, status, timestamp). Rotated every 14 days.
What we don’t collect
- Your raw source code. The CLI explicitly uploads only structured metadata.
- Third-party analytics trackers. No Google Analytics, no Segment, no pixel trackers on app pages.
- Anything beyond what you send us.
Who we share with
- OpenRouter (for the Narrate feature) — we forward a redacted span summary to their API when you click "Narrate," and the chosen model returns a narrative. BYO-key support is available on the Pro tier.
- Nobody else. No ad networks, no data brokers, no "partner" sharing.
How long we keep it
- Accounts — until you delete them.
- Projects, scans, traces, narratives — until you delete them, or indefinitely if you don’t.
- Request logs — 14 days.
Deleting your data
Email [email protected] with the subject "Delete my account." We’ll confirm and remove within 7 days. Self-serve deletion ships before general launch.
Contact
Questions, concerns, or requests: [email protected].