2. Information We Process

2.1 URLs & Public Websites

When you submit a URL, we fetch publicly available assets (HTML, CSS, images) to extract design tokens. We never attempt to access authenticated or private content. Submitted URLs are cached temporarily (see §6) to improve performance; they are not retained for analytics or marketing.

2.2 GitHub Repositories

When you submit a GitHub repository name, we call the public GitHub API to list files and fetch up to 20 design-relevant public files (config files, stylesheets, components). We do not access private repositories unless you explicitly authenticate (see §3).

2.3 Images (Screenshots)

When you upload a screenshot, the image is resized and analyzed client-side to extract a color palette. If AI assistance is enabled on the instance, the image (as a base64 payload) is sent to our server and forwarded to an external vision-capable API for analysis. The image is not stored by us after processing.

2.4 Text Briefs

When you submit a design brief, the text is sent to our server and may be forwarded to external AI providers for markdown generation. We do not archive briefs.

2.5 Generated Content

DESIGN.md files and extracted tokens are generated in real-time. We do not keep archives of generated documents. You are free to download, edit, and redistribute your outputs.

3. Authentication & Account Data

You may optionally sign in with GitHub OAuth. When you do:

• We receive your GitHub ID, login/username, and avatar URL from GitHub's API.
• We store these in our Cloudflare D1 database (table: users) to identify your account.
• We also store your GitHub OAuth access token in our database (table: github_sessions) encrypted with AES-GCM-256, so we can list your repositories on request and authenticate you on future visits.
• We set an encrypted session cookie (__Host-session) containing your user ID, encrypted with AES-GCM-256. This cookie is HttpOnly; Secure; SameSite=Strict and expires after 30 days.
• During the OAuth flow, we set a short-lived CSRF cookie (oauth_state, 10 minutes, HttpOnly; Secure; SameSite=Lax) to prevent cross-site request forgery.

You can delete your session at any time by clicking "Logout". We do not use your GitHub data for profiling, advertising, or any purpose other than authentication and repository listing.

4. CLI API Tokens

Authenticated users can create API tokens for command-line access. When you create a token:

• The raw token is displayed exactly once; we never show it again.
• We store only a SHA-256 hash of the token in our database (table: api_tokens), along with an optional name, creation date, revocation status, and last-used timestamp.
• When you use the token, we update last_used_at. You can revoke a token at any time; revocation is immediate.

5. AI Processing & Third Parties

AI-enhanced features are opt-in at the instance level (disabled by default). When enabled by the operator:

• HAL API: Design tokens, image base64 payloads, text briefs, and/or HTML context are sent for markdown enhancement or vision analysis. Data is subject to the provider's privacy policy.
• JIMMY: Text-only fallback used when primary AI providers fail.
• Pollinations AI: Additional text fallback when other providers are unavailable.

When AI is disabled, no data leaves our infrastructure for AI processing. Algorithmic extraction (CSS parsing, Tailwind class inference, color bucketing) runs entirely on our edge workers or in your browser.

6. Caching

To reduce load and improve response times:

• Cloudflare KV: URL and GitHub analysis results are cached for up to 1 hour. Cached data includes extracted design tokens (colors, typography, spacing, components, etc.).
• Browser: No local storage, session storage, or cookies are used by the application for caching analysis results.

7. Rate Limiting & Security Data

We process your IP address strictly for rate limiting and abuse prevention (SSRF/bot protection). IP-based counters are stored in Cloudflare KV or in-memory for short windows (maximum 1 hour). We do not build user profiles, and IPs are not stored in our persistent database.

All API communications use HTTPS/TLS. We enforce SSRF protection (blocks localhost, private IP ranges, and cloud metadata endpoints), bot protection (blocks automated scrapers by User-Agent and header analysis), and strict Content-Security-Policy headers.

8. Analytics & External Resources

We use Google Analytics 4 (via gtag.js, measurement ID G-C9RR04YP29) to understand aggregate traffic and usage patterns. Google may collect your IP address, browser type, pages visited, and interaction events, subject to Google's Privacy Policy.

We load Google Fonts (DM Sans, JetBrains Mono, Space Grotesk) from fonts.googleapis.com and fonts.gstatic.com. Google may log your IP address and User-Agent when serving font files.

If you authenticate with GitHub, your avatar image is loaded from avatars.githubusercontent.com, which may log your IP address per GitHub's policies.

9. Cookies

Our service uses the following cookies:

• __Host-session — Encrypted authentication cookie (30 days). Contains your internal user ID. Essential for GitHub login.
• oauth_state — Short-lived CSRF token (10 minutes) during GitHub OAuth handshake. Essential for security.
• Google Analytics cookies (_ga, _gid, etc.) — Set by Google Analytics for session and user identification, subject to Google's policies.

We do not use advertising or third-party tracking cookies beyond the analytics described above.

10. Data Retention & Deletion

• Analysis inputs (URLs, images, briefs): Not retained persistently. URL/GitHub results may persist in KV cache for up to 1 hour.
• Account data: Retained as long as you maintain an active session. Logout clears your session cookie but does not delete your database record.
• API tokens: Retained until revoked by you. Revoked tokens remain in the database with a revocation timestamp but are immediately unusable.
• GitHub OAuth token: Retained in our database for the duration of your active session (up to 30 days). It is refreshed on each login.

You can delete your account at any time from the Account page. This will permanently remove your user record, API tokens, and encrypted GitHub session from our database.

11. Open Source & Self-Hosting

This project is open-source. If you self-host, you are the data controller. The public instance operated by us follows the practices described here; your own deployment may differ based on your configuration.

12. Changes to This Policy

We may update this Privacy Policy to reflect new features or legal requirements. Changes are effective immediately upon posting the updated date above.