Stele

Privacy Policy

Effective May 28, 2026.

This Privacy Policy explains how Stele AI LLC, a California limited liability company doing business as Stele ("Stele", "we", "us", or "our"), collects, uses, and shares personal data when you use stele-ai.dev, app.stele-ai.dev, and our related services (collectively, the "Service").

1. Information We Collect

Information you provide

When you sign in using GitHub or Google, we receive basic profile information from that provider, including your name, email address, and the unique identifier they assign you. We do not receive your password from these providers.

When you communicate with us by email or through any support channel, we receive the contents of your message and any attachments you choose to send.

Information you submit to the Service

When you or an AI coding agent acting under your account submits content to Stele (including knowledge nodes, tasks, decisions, comments, documents, file paths, and code snippets), we store that content as part of your project. We process this content solely to provide the Service to you and the team members you authorize.

Automatically collected information

When you use the Service, we and our infrastructure providers may automatically collect information such as your IP address, browser type and version, operating system, referring page, pages visited, actions taken in the application, and timestamps. We use this information to operate, secure, and improve the Service.

Cookies and similar technologies

We use a small number of strictly necessary cookies for authentication and security (for example, to keep you signed in to app.stele-ai.dev). We do not use advertising cookies. If we add any analytics, we will use privacy-friendly analytics that do not require cookie consent under the EU ePrivacy Directive; if that changes, we will update this Policy and present a consent banner where required by law.

2. How We Use Information

We use personal data to:

  • provide, operate, maintain, and secure the Service;
  • authenticate you and the team members you authorize;
  • respond to support requests and other communications;
  • investigate and address actual or suspected security incidents, abuse, or violations of our Terms;
  • understand how the Service is used so we can improve it; and
  • comply with applicable legal obligations.

We do not sell personal data. We do not use the content you submit to the Service to train machine-learning models for any purpose other than improving features that you have explicitly enabled within your own account.

Where the EU/UK General Data Protection Regulation applies, we process personal data on the following bases: performance of a contract with you (to provide the Service); our legitimate interests in operating, securing, and improving the Service (balanced against your rights); your consent (where we ask for it, such as for optional features); and compliance with legal obligations.

4. Sub-Processors and Service Providers

We rely on the following sub-processors to operate the Service. Each is contractually obligated to protect personal data and to process it only on our instructions:

  • Supabase, Inc. — hosted Postgres database, authentication, and realtime infrastructure. Stores all of Your Content and account data.
  • Vercel, Inc. — hosting and content delivery for our web applications and APIs. Processes request metadata and logs.
  • Resend, Inc. — transactional email delivery (sign-in confirmations, invites, account notifications).
  • GitHub, Inc. (a Microsoft subsidiary) — OAuth identity provider, used only if you choose to sign in with GitHub.
  • Google LLC — OAuth identity provider, used only if you choose to sign in with Google.
  • Stripe, Inc. — payment processing, used only if and when you elect a paid plan.
  • Sentry, Inc. — error monitoring and crash reporting for the hosted service. Receives error events and stack traces; request bodies, cookies, and headers are scrubbed before transmission and no user content is included.

This list will be updated in this Policy if it changes. We will provide notice of any new sub-processor before it begins processing personal data on our behalf, where practical and required by law.

5. International Data Transfers

We are based in the United States. Our sub-processors may store and process personal data in the United States or other countries. Where personal data is transferred from the EEA, the UK, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards, including the EU Standard Contractual Clauses or equivalent mechanisms.

6. Data Retention

We retain Your Content for as long as your account is active. If you delete a project, we delete its content from our active systems within 30 days. Backups are retained for up to 30 additional days before being overwritten on rotation. We may retain limited information for longer periods where required by law or for legitimate business purposes such as fraud prevention or dispute resolution.

7. Your Rights

Subject to applicable law, you may have the right to: access the personal data we hold about you; correct inaccurate personal data; request deletion of your personal data; object to or restrict certain processing; receive your personal data in a portable format; and withdraw consent where processing is based on consent.

You can delete your account and download a copy of your personal data directly from the Account → Security section in the app — no request email needed. For other rights (correction, restriction, objection), or if you encounter any issue with the self-serve options, email legal@stele-ai.dev from the address associated with your account. We will respond within the timeframes required by applicable law (generally 30 days under the GDPR and 45 days under the California Consumer Privacy Act).

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what categories of personal information we collect, the right to request deletion, and the right not to be discriminated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising.

If you are in the EEA, the UK, or Switzerland, you also have the right to lodge a complaint with your local data protection authority.

8. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit (TLS), encryption at rest where supported by our sub-processors, row-level security policies in our database, principle-of-least-privilege access controls, and required multi-factor authentication for our administrative accounts. No method of transmission over the internet or method of electronic storage is perfectly secure, however, and we cannot guarantee absolute security.

Suspected security issues can be reported to security@stele-ai.dev. Our responsible disclosure policy is also available on the website.

9. Children's Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, contact legal@stele-ai.dev and we will take steps to delete it.

10. Local Stele Clients

If you install and run the Stele command-line interface or the Claude Code plugin on your own computer, those clients store credentials and local cache files locally. We do not have access to that local data. When those clients communicate with the hosted Service on your behalf, the data they send is still subject to this Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by posting the updated Policy on stele-ai.dev with a revised effective date and, where reasonably practical, by emailing the address associated with your account.

12. Contact

Privacy questions and data-subject requests: legal@stele-ai.dev. Security issues: security@stele-ai.dev. General support: support@stele-ai.dev.

Stele is operated by Stele AI LLC, a California limited liability company.