Privacy Policy

Last updated: June 23, 2026

This policy describes what Podclave LLC, a Florida limited liability company (“Podclave,” “we”), collects when you use podclave.com, why, and what we do with it. We have tried to write it the way we would want to read it: specific to how Podclave actually works, with the uncomfortable parts stated plainly.

The short version: we hold your email address, encrypted copies of credentials you choose to connect, and the configuration you store with us. Your code and files live on your Sprites in your Sprites.dev organization; they pass through our servers only when you use a feature that moves them, and we don’t keep them. Our analytics are server-side, pseudonymous, and cookie-free. We don’t sell anything about you to anyone.

Questions or requests: hello@podclave.com.

1. What we collect and store

Account data. Your email address, your role, organization memberships and invitations, and timestamps of account activity. Sign-in uses one-time codes sent to your email; if you register a passkey we store its public key and an opaque random identifier — no biometrics, nothing personal (the biometric check happens on your device and never leaves it).

Credentials you connect. This is the most sensitive thing we hold, and it exists because credential setup across machines is a core feature:

  • your Sprites.dev organization token, used to call the Sprites.dev API on your behalf;
  • your Anthropic (Claude) tokens, obtained when you complete Anthropic’s sign-in flow, placed on Sprites you own so claude arrives signed in, and refreshed by us before expiry;
  • your GitHub token, obtained via GitHub’s OAuth consent screen and placed on Sprites you own so git and gh work.

All of these are encrypted at rest with AES-256-GCM, are decrypted only to perform the operations above, and are never shown back in the product or included in analytics or logs. You can disconnect each one in the product at any time, and revoke them at the provider independently of us.

Configuration you store. Overlay files (often environment variables and credentials you choose to distribute to your Sprites), package lists, network-egress policy (domain allow-lists), schedule definitions (request headers and bodies are encrypted at rest), and Sprite metadata such as names and URLs.

Billing data. If your organization adds paid seats, payment is handled by Stripe. Card numbers go directly to Stripe and never touch our servers; we store Stripe’s identifiers for your customer and subscription, seat counts, and a subscription status.

Operational logs. Standard server logs for security and debugging, which can include IP addresses and request paths. We don’t build profiles from them.

2. What passes through us but is not kept

Using Podclave means our control plane operates on your Sprites with your token. When you browse files, upload or download, use the terminal, or provision a Sprite, that content transits our servers to serve the request — and that is all it does. Upload staging files are deleted when the transfer completes; terminal traffic is relayed live, not recorded; file listings and contents are fetched when you look and are not retained.

Honest implication: because the control plane holds your Sprites.dev token, it is technically capable of reading what’s on your Sprites. Our rule is that we access customer Sprites only as needed to provide the features you invoke, to investigate abuse of our Terms, or with your permission during support.

Claude traffic never passes through us. Prompts and responses flow between your Sprite and Anthropic under your own account.

Agent Email content does not pass through us. If you enable Agent Email, email sent and received through your Sprite’s inbox flows directly between your Sprite and our subprocessor AgentMail — not through Podclave. We hold our AgentMail account credentials and the encrypted inbox-scoped credentials we place on your Sprite, but we do not retain your mailbox contents. See Subprocessors for AgentMail’s role and data handling.

3. Product analytics

We run server-side product analytics (PostHog, US Cloud) with no browser tracking and no cookies, against a fixed allowlist of events:

  • Events are things like “user signed up,” “sprite created,” “shell opened” — business moments, identified by your account’s random UUID, never your email.
  • We never send: email addresses, code or file contents, file names or paths, repository names or URLs, credentials, shell input, Claude prompt text, or IP addresses.
  • Error tracking captures exception types, messages, and stack traces from our code, attributed to the same random UUID.

4. How we use data

To operate the service (everything in sections 1–2 exists to make a feature work); to send transactional email (sign-in codes, organization invites); to bill organizations with paid seats; to understand product usage in aggregate and fix errors; to secure the service and enforce our Terms; and to comply with law. We do not sell or rent personal data, and we do not use your content or your data to train machine-learning models.

5. Who we share data with

Only the vendors it takes to run the service, listed with their roles on the Subprocessors page — hosting (Fly.io), database (Neon), email (Resend), payments (Stripe), analytics (PostHog), bot protection (Cloudflare), and — for organizations that enable Agent Email — AgentMail (inbox provisioning and mail delivery). Each receives only what its function needs.

Separately, when you connect Anthropic, GitHub, or Sprites.dev accounts, we interact with those providers as you — that is the feature. Your relationship with each of them is direct and governed by their privacy policies.

We will disclose data if validly compelled by law. Unless legally prohibited, we will tell you before handing over anything about you. If Podclave LLC is ever acquired or its assets sold, this policy continues to apply to data collected under it, and we will notify you before any change.

6. Where data lives

We are a US company; our infrastructure (listed on the Subprocessors page) is US-based. If you use Podclave from outside the United States, your data is processed in the US. For users in the EEA/UK: we rely on our subprocessors’ standard contractual protections for these transfers, and the rights in section 8 are available to you regardless of where you live.

7. Retention and deletion

Account data, stored credentials, and configuration are kept while your account is active. Disconnecting a credential deletes our stored copy. There is no self-serve account deletion yet — email hello@podclave.com and we will delete your account and the control-plane data above within 30 days, except minimal records we must keep (for example invoices, which Stripe retains for tax law). Deleting your Podclave account does not touch your Sprites or anything on them — they are in your Sprites.dev organization, not ours.

8. Your rights

Email hello@podclave.com to access, correct, export, or delete your personal data, or to object to a use of it. We honor these requests for everyone, not only where a statute (GDPR, UK GDPR, CCPA) requires it, and we respond within 30 days. We will never discriminate against you for exercising them. We do not sell or “share” personal information as the CCPA defines those terms.

9. Security

Credentials and other sensitive values are encrypted at rest (AES-256-GCM); everything is TLS in transit; sign-in has no passwords to leak (one-time email codes and passkeys); production access is limited to people who operate the service — currently its founder. No system is perfectly secure; if we suffer a breach affecting your data, we will notify you promptly and tell you what we know.

10. Children

Podclave is not directed at children under 13, and we do not knowingly collect their data (where your country sets a higher minimum age for online services, that age applies instead). Users under 18 participate as invited members of an organization managed by an adult — see the Terms, section 3. If you believe a child below the minimum age has an account, email us and we will delete it.

11. Changes

We will update this policy as the product evolves. The “Last updated” date reflects the current version and the full history is preserved. For material changes we will notify you by email or in the product before they take effect.

Podclave LLC · Florida, USA · hello@podclave.com

© 2026 Podclave LLC · Operated by Podclave LLC, a Florida limited liability company · hello@podclave.com