Privacy Policy
Last updated: 2026-07-01
agenticcli.dev (“we”, “us”, “our”) makes ShipGuard — a CLI release gate for AI-built apps distributed on npm. This policy explains what data we collect, why, and how to exercise your rights. Questions: [email protected].
Your code never leaves your machine. ShipGuard scans run 100% locally. No file contents, file paths, or source code are ever uploaded to our servers — not on the free tier and not on paid plans. Paid plans fetch rule signatures from us; your code stays local.
Data we collect
Account data. When you create an account, WorkOS AuthKit collects and manages your email address and authentication credentials on our behalf. We receive a user identifier and email from WorkOS after successful sign-in.
Waitlist data. If you join our waitlist, we store your email address in our application database (Convex) to notify you when access is available. We do not share waitlist emails with third parties.
Usage and analytics data. We use PostHog to understand how the web application is used — page views, feature interactions, and session metadata. PostHog respects the Do-Not-Track browser header and analytics can be disabled via your browser cookie settings. We do not sell or share this data with advertisers.
Billing and payment data. Payment processing is handled by Dodo Payments as merchant of record. We do not store or receive your full card number or CVV. We receive subscription status, plan tier, and billing cycle information from Dodo Payments.
Local CLI scans. When you run shipguard scan locally, your source code is read and analysed entirely on your machine. No file contents, file paths, or code are sent to our servers. The scan result is yours alone.
How we use your data
- Authenticating you and maintaining your session (account email, WorkOS).
- Notifying waitlist members when access is available (waitlist email).
- Processing subscriptions and managing billing (Dodo Payments).
- Understanding how the product is used to improve it (PostHog analytics).
- Responding to support and disclosure requests (email).
We do not sell your data to third parties, use it for advertising, or use scan results for model training.
Sub-processors
The following third parties process data on our behalf:
- WorkOS — authentication and user identity management.
- Convex — application database and backend infrastructure where account data and waitlist records are stored.
- Dodo Payments — payment processing and subscription management (merchant of record).
- PostHog — product analytics for the web application.
- Cloudflare — CDN, DNS, and edge network (web traffic passes through Cloudflare).
- DigitalOcean — hosting for the agenticcli.dev web application.
- Resend — transactional email delivery.
Cookies
We use strictly-necessary cookies for authentication (WorkOS session) and optional analytics cookies (PostHog). See our Cookie Policy for details and opt-out instructions.
Data retention
We retain account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain it longer. Waitlist data is deleted once you convert to an account or on request.
Your rights
Depending on where you are located, you may have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your personal data.
- Portability — receive your data in a machine-readable format.
- Withdraw consent — for optional analytics, you can disable cookies at any time (see our Cookie Policy).
- Opt-out of sale — we do not sell personal data; this right is met by default.
To exercise any of these rights, email [email protected]. We will respond within 30 days.
Security
We apply reasonable technical and organisational measures to protect the personal data we hold. Sensitive operations (authentication, billing) are delegated to specialist sub-processors. However, no transmission over the internet is completely secure, and we cannot guarantee absolute security. If you believe your data has been compromised, contact [email protected] promptly.
Children
ShipGuard is intended for developers aged 13 and over. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.
Governing law
This policy is governed by applicable law in the jurisdiction where agenticcli.dev operates. Where applicable, GDPR (EU/EEA users) and CCPA (California residents) also apply.
Changes to this policy
We may update this policy as our practices evolve. Material changes will be noted on this page with an updated “Last updated” date. Continued use of the service after changes constitutes acceptance of the updated policy.
Questions? Email [email protected].