Privacy policy

Last updated: 2026-06-10

The short version

swatchdog helps your AI agent build to a design standard and check its work. We do not store the code, design tokens, or content you check. When you run a check (over MCP or in the web normalizer preview), that input is processed to produce the result and is not retained on our servers. We collect only what's needed to sell licenses, deliver packs, keep the service running, and support you.

What we collect

• Purchase details — your email address and purchase/checkout metadata, to fulfill and support your order. Card details are handled by our payment processor; we never see or store full card numbers.
• License keys — stored only as a one-way hash, never in plain text, mapped to the pack families you own.
• Minimal usage telemetry — for each check we log the account it belongs to, which pack/source was used, and the outcome (e.g. finding count). We do not log your license key, your source code, or your design tokens.
• Site analytics — aggregate, privacy-friendly page-view metrics for the website.

What we do NOT collect or store

• The CSS, markup, design tokens, or files you submit to check_drift or the normalizer — these are processed transiently to return your result and are not persisted.
• Full payment card details.

Service providers (processors)

We share data only with the providers that run the service, solely to provide it — we do not sell your data:

• Stripe — payment processing.
• Neon (Postgres) — license/entitlement records (hashed keys, families, purchase email).
• Cloudflare R2 — storage of the downloadable pack files.
• Resend — transactional email only (download/recovery links; no marketing email).
• Google Cloud (Cloud Run) — hosting and compute for the MCP/validation and delivery services.
• Vercel — website hosting and aggregate analytics.

Retention

License records are kept while your license is active. Purchase and transaction records are retained for up to 7 years to meet tax and accounting obligations. Operational logs (usage telemetry) are retained for 30 days for reliability and abuse-prevention, then deleted. We do not retain the code, tokens, or content you submit to a check.

Your choices

You can request access to or deletion of your personal data (email, purchase records) by contacting us. Some records may be retained where required for legal or accounting reasons.

Contact

Questions or requests: hey@swatchdog.dev.