Data Use Policy

1. Principles

We use data only to operate, secure, and improve the Services you have chosen to use. We do not operate advertising, we do not sell personal information, and we do not use your code, prompts, or session history to train foundation models for Kodus or for anyone else. Within those principles, specific uses are described in the sections that follow.

2. Agent Prompts and Code Content

When you use the Kodus agent, the content of your prompts, tool-call results, and selected portions of your workspace files is transmitted, on a per-request basis, to one or more third-party AI Model Providers (such as Anthropic, OpenAI, and Google) that produce the model outputs the agent needs to complete your task. That transmission is governed by the applicable provider's data-processing terms. The AI Model Providers we route requests to have committed, on their API tiers, not to use such content to train their foundation models. We do not ourselves use your prompts or workspace content to train any model, and we do not resell them.

3. Chat and Session History

We retain chat and session history (messages, tool calls, tool results, and agent outputs) so that you can review your own prior sessions from the web Dashboard and so that you can resume long-running agent work. Retention of session history also enables abuse monitoring and incident response. You may request deletion of session history as described in Section 8.

4. CLI Telemetry

The Kodus CLI reports telemetry about command invocations, tool calls, session outcomes, and errors. We use this telemetry to diagnose bugs, detect abuse, measure capacity, and prioritize engineering work. Telemetry may include non-sensitive operational metadata such as CLI version, operating system and architecture, and timing data; it does not include the content of your workspace files beyond what is necessary to investigate a specific reported error.

5. Account and Billing Data

Account data (email, name, password hash, invite identifiers) is used to authenticate you and to operate the Dashboard. Billing data (Square customer identifier, subscription state, non-sensitive card metadata) is used exclusively to operate billing, enforce plan entitlements, and produce invoices and receipts. We do not use billing data for advertising, and we do not share it with data brokers.

6. Aggregate and Anonymized Metrics

We compute aggregate, anonymized usage metrics (for example, total active sessions per week, common tool categories, error-rate distributions) to understand how the product is used and to guide improvements. Aggregate metrics are constructed in a way that does not permit re-identification of individual users, and we do not combine them with third-party identity graphs.

7. Security, Abuse Prevention, and Legal Compliance

We may use data to detect and investigate suspected violations of the Terms of Service or Acceptable Use Policy, to protect the Services and their users, and to comply with legal obligations (for example, responding to lawful requests from competent authorities). Where we do so, we use the minimum data necessary and retain it for only as long as needed.

8. Retention and Deletion

We retain different categories of data for different periods:

• Account data: for the life of your account plus a limited period after deletion, to allow recovery from accidental deletion and to meet legal obligations;
• Session history: retained while your account is active; you may delete specific sessions or request bulk deletion;
• CLI telemetry and logs: typically retained for up to 12 months, shorter for high-volume event types;
• Billing data: retained as required by tax and accounting law, typically up to 7 years;
• Backups: encrypted backups may persist for up to 30 days past deletion in primary systems before being overwritten.

You may request deletion of your personal data at any time by emailing privacy@kodus.ai. We will honor deletion requests to the extent required by applicable law.

9. No Model Training on Customer Data

Kodus does not use customer prompts, workspace content, or session history to train foundation models, and we do not license such content to third parties for that purpose. Where an AI Model Provider offers a separate "train on my data" opt-in tier, we do not enroll customer content in such a tier without your express, documented consent.

10. Changes to This Policy

We may update this Data Use Policy from time to time. Material changes will be communicated through the Services or via email. Continued use of the Services after such changes constitutes acceptance of the updated policy.