Privacy Policy
Last Updated: May 30, 2026
1. Introduction
Uzera Inc. ("Uzera," "we," "us," or "our") provides the independent knowledge layer for coding agents. Our platform scans codebases to build structured Knowledge Trees and makes that knowledge available to coding agents such as Claude Code, Cursor, GitHub Copilot, and Windsurf through MCP integrations (collectively, the "Service").
This Privacy Policy describes how we collect, use, disclose, and protect personal information when you:
- Visit our website at uzera.com (the "Website");
- Use or access the Uzera platform, CLI, APIs, or MCP integrations;
- Interact with our communications or support channels; or
- Otherwise engage with us.
Our Service is designed for software development teams and their representatives. We do not offer products or services for personal, familial, or household use.
2. Personal Information We Collect
2.1 Information You Provide
- Contact Information: Name, email address, company or organization name, job title.
- Account Information: Username, password (hashed), account preferences, notification settings, team membership and role.
- Payment Information: Billing details provided in connection with paid plans. Payment transactions are handled by our third-party payment processor. We do not store full credit card numbers on our systems.
- Communications: Messages sent through email, support channels, or feedback forms, including attachments and metadata.
- Rules and Configuration: Team conventions, enforcement configurations, and workspace settings you define within the Service.
2.2 Information Collected Automatically
When you access the Service, we may automatically collect:
- Device Information: Operating system, browser type and version, screen resolution, device identifiers, language settings.
- Network Information: IP address, approximate geographic location derived from IP address.
- Usage Information: Features accessed, actions taken within the Service, timestamps, session duration, referring URLs.
- CLI Telemetry: Command names executed (e.g.,
uzera scan, uzera connect). We do not collect command arguments that may contain file paths, code content, or other sensitive values. - Communication Engagement: Email opens, link clicks, and engagement metrics for emails we send.
2.3 Information from Third-Party Sources
- Authentication Providers: When you sign in with GitHub or Google, we receive your name, email address, and profile picture as authorized by you through those services.
- Team Invitations: If a team member invites you to a Uzera workspace, we receive your email address from the inviting user.
3. Codebase Data
Uzera processes source code to build Knowledge Trees. Because this involves sensitive technical data, we describe its handling separately.
3.1 What We Process
When you run uzera scan or related commands, the Service processes:
- Source code files in the targeted repository
- Directory and file structure (names, paths, nesting)
- File metadata (sizes, last modified dates)
- Dependency manifests (e.g., package.json, requirements.txt, go.mod)
- Configuration files relevant to project structure
3.2 What We Store
- Knowledge Trees: Structured representations of your codebase's architecture, patterns, conventions, and dependency relationships. These are derived metadata generated from analysis of your code, not copies of your code.
- Agent Interaction Logs: Queries made by coding agents to the Knowledge Tree, responses returned, timestamps, agent type, and Rules applied or overridden. These logs power the Observability dashboard and audit trail.
- Audit Trails: Hash-chained, tamper-evident records of agent actions.
3.3 What We Do Not Store
- Raw source code. Source code is processed in memory during scanning. We do not retain copies of source code files after the Knowledge Tree is generated.
- Secrets or credentials. The scanning process excludes files matching common secret patterns (e.g., .env, key files, certificate files). If sensitive data is inadvertently processed during scanning, it is not persisted.
3.4 Restrictions on Codebase Data Use
We do not use your codebase data, Knowledge Trees, Rules, or agent interaction logs to:
- Train, fine-tune, or improve machine learning or AI models
- Provide services to other customers or share across accounts
- Aggregate with other customers' data
- Sell, license, or transfer to third parties for their own purposes
- Display advertising or build advertising profiles
Your codebase data belongs to you. We process it solely to provide the Service to you.
4. How We Use Your Personal Information
4.1 Service Delivery and Operations
- Provide, operate, and maintain the Service
- Create and manage your account and workspace
- Build and maintain Knowledge Trees, enforce Rules, serve agent queries
- Generate Observability dashboards and audit trails
- Process payments and manage subscriptions
- Provide customer support and respond to inquiries
- Send transactional communications (account verification, password resets, security alerts, billing confirmations)
4.2 Service Improvement
- Analyze aggregate usage patterns to identify bugs and improve features
- Monitor service performance, reliability, and uptime
- Conduct internal research to develop new capabilities
4.3 Communications
- Send onboarding and product guidance emails
- Send product updates and feature announcements
- Send marketing communications (with your consent, where required by law)
You may opt out of non-essential communications at any time (see Section 7).
4.4 Security and Compliance
- Detect, prevent, and respond to security incidents and abuse
- Enforce our Terms of Service and Acceptable Use Policy
- Comply with applicable laws, regulations, and legal processes
- Maintain internal compliance and audit records
4.5 De-identification and Aggregation
We may create de-identified, aggregated, or anonymized datasets from usage information for business analysis. Once de-identified, such data does not identify individual users or contain codebase content, and is not subject to the restrictions in this policy.
5. How We Share Your Personal Information
We do not sell your personal information. We share it only in the following circumstances:
5.1 Service Providers
We engage third-party companies to help operate the Service. These providers are contractually bound to use your data only as we direct and to maintain appropriate security measures. Examples include:
- Cloud infrastructure and hosting
- Payment processing
- Email delivery (transactional and marketing)
- Error monitoring and logging
- Website analytics
A current list of sub-processors is available upon request by contacting security@uzera.com.
5.2 Within Your Organization
If you are part of a team workspace, other members with appropriate permissions may access shared Knowledge Trees, Rules, audit trails, and Observability data within that workspace.
5.3 Professional Advisors
We may share information with legal counsel, auditors, insurers, and other professional advisors when necessary for services they provide to us.
5.4 Legal and Safety Requirements
We may disclose information if we believe in good faith that disclosure is necessary to:
- Comply with applicable law, regulation, legal process, or governmental request
- Protect the rights, safety, or property of Uzera, our users, or the public
- Detect, prevent, or address fraud, security, or technical issues
- Enforce our Terms of Service
Where permitted by law, we will make reasonable efforts to notify you before disclosing your information in response to legal process.
5.5 Business Transfers
If Uzera is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
5.6 With Your Consent
We may share your information with other third parties when you direct us to do so or provide explicit consent.
We may also share de-identified, aggregated, or anonymized data that does not identify any individual.
6. Cookies and Tracking Technologies
6.1 What We Use
| Cookie/Technology | Type | Purpose | Duration |
|---|
| Session cookie | Essential | Maintains your authenticated session | Session |
| Authentication token | Essential | Keeps you signed in across visits | 30 days |
| Cookie consent preference | Essential | Remembers your cookie choices | 1 year |
| Analytics cookies | Optional | Tracks page views, feature usage, navigation patterns | 26 months |
We do not use advertising cookies or tracking pixels for ad targeting.
6.2 Essential Cookies
Required for the Service to function. They handle authentication, session management, and security. You cannot opt out of essential cookies while using the Service.
6.3 Optional Cookies
Analytics cookies help us understand how the Service is used so we can improve it. These are set only with your consent.
6.4 Managing Preferences
- On first visit: We request consent before setting optional cookies.
- At any time: Update preferences at uzera.com/cookie-settings.
- Browser settings: Most browsers allow you to block or delete cookies. Blocking essential cookies will prevent the Service from functioning properly.
6.5 Do Not Track
Some browsers transmit "Do Not Track" signals. There is no industry consensus on how to respond to these signals, and the Service does not currently alter its behavior in response to Do Not Track requests.
7. Your Choices and Rights
7.1 Account Information
You may review and update your account information at any time by signing in to the Service or by contacting security@uzera.com.
7.2 Data Export
You may export your Knowledge Trees, Rules, and audit trails in JSON format through the Service or by contacting us.
7.3 Data Deletion
You may request deletion of your account and associated data by contacting security@uzera.com. Upon deletion:
- Account data is removed within 30 days
- Knowledge Trees, Rules, and workspace data are removed within 30 days
- Agent interaction logs and audit trails are removed within 30 days
- Backup copies are purged within 90 days
Certain data may be retained longer where required by law (e.g., billing records for tax compliance).
7.4 Communication Preferences
- Marketing emails: Opt out using the unsubscribe link in any marketing email or by contacting us. We process opt-out requests within 10 business days.
- Transactional emails: Essential service communications (security alerts, billing, account changes) will continue regardless of marketing preferences.
7.5 Rights for EEA, UK, and Swiss Users (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following additional rights:
- Access: Request a copy of personal information we hold about you.
- Rectification: Request correction of inaccurate or incomplete information.
- Erasure: Request deletion of your personal information, subject to legal retention requirements.
- Restriction: Request that we limit processing of your personal information in certain circumstances.
- Portability: Receive your personal information in a structured, commonly used, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
Legal bases for processing:
| Processing Activity | Legal Basis |
|---|
| Providing the Service and account management | Performance of contract |
| Security and fraud prevention | Legitimate interest |
| Service improvement and aggregate analytics | Legitimate interest |
| Marketing communications | Consent |
| Optional cookies and tracking | Consent |
| Legal compliance | Legal obligation |
You may exercise these rights by contacting security@uzera.com. We respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
7.6 Rights for California Residents (CCPA/CPRA)
If you are a California resident:
- Right to Know: Request the categories and specific pieces of personal information we have collected about you.
- Right to Delete: Request deletion of your personal information, subject to legal exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
Categories of personal information collected: Identifiers (name, email, IP address), internet and network activity (usage data, device information), professional information (company, job title).
Categories of personal information sold or shared: None.
To exercise your rights, contact security@uzera.com. We will verify your identity before processing. We respond within 45 days.
8. Data Residency and International Transfers
Uzera processes and stores data in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.
For transfers from the EEA, UK, or Switzerland, we use Standard Contractual Clauses (SCCs) approved by the European Commission or other lawful transfer mechanisms as applicable. Regardless of where data is processed, we apply the protections described in this policy.
9. Data Retention
We retain personal information only as long as necessary to fulfill the purposes described in this policy, unless a longer period is required by law.
| Data Type | Retention Period |
|---|
| Account and contact information | Duration of account, plus up to 1 year after closure |
| Knowledge Trees and Rules | Until deleted by you or upon account deletion |
| Agent interaction logs (Pro tier) | 90 days |
| Audit trails (Pro tier) | 90 days |
| Payment and billing records | As required by tax and financial regulations |
| Website analytics data | 26 months |
| Email engagement data | 24 months |
| Support correspondence | 24 months after resolution |
After the applicable retention period, data is securely deleted or anonymized. Backup copies are purged within 90 days of primary deletion.
10. Security
We maintain technical, organizational, and physical safeguards to protect your information. These include:
- Encryption: Data in transit encrypted using TLS 1.2 or higher. Data at rest encrypted using AES-256.
- Access Controls: Role-based access, multi-factor authentication, and least-privilege principles for internal systems.
- Audit Logging: Internal access to customer data is logged and reviewed.
- Tamper-Evident Audit Trails: Agent interactions recorded in hash-chained logs.
- Vulnerability Management: Regular penetration testing, vulnerability scanning, and patching.
- Incident Response: Documented response plan with defined roles and notification procedures. In the event of a confirmed data breach affecting your personal information, we will notify you and relevant authorities as required by law, targeting notification within 72 hours of confirmation where feasible.
- Infrastructure: Hosted on SOC 2 compliant infrastructure with physical security, redundancy, and disaster recovery.
No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.
To report a security vulnerability, contact security@uzera.com.
11. Other Sites and Services
The Service may contain links to websites, products, or services operated by third parties. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing personal information.
Third-party integrations you configure (such as connecting Uzera to Claude Code, Cursor, GitHub Copilot, or Windsurf via MCP) are governed by those services' respective privacy policies and terms.
12. Children
The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from individuals under 18. If you believe a child has provided us with personal information, contact security@uzera.com. We will take steps to delete such information upon confirmation.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will update the "Last Updated" date at the top.
- For material changes, we will provide notice via email or prominent notice on the Service at least 30 days before the changes take effect.
- For non-material changes (clarifications, corrections, administrative updates), we may update this policy with immediate effect.
Your continued use of the Service after the updated policy takes effect constitutes acknowledgment of the changes. Previous versions are available upon request.
14. Contact Us
If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how your data is handled:
Email: security@uzera.com
General Support: support@uzera.com
For users in the EU/EEA, our data protection point of contact can be reached at security@uzera.com.
We aim to respond to all privacy-related inquiries within 30 days.