Privacy Policy

Last Updated: November 3, 2025

1. Introduction

Volition, Inc. ("Company," "we," "us," or "our") operates the Superconductor platform ("Service"), which enables users to build software with AI coding agents. This Privacy Policy explains how we collect, use, share, and protect information when you use our Service.

By using Superconductor, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

Account Information

  • Name and email address
  • Authentication credentials (password or OAuth tokens)
  • Profile information (optional)
  • Payment information (when billing commences)

Workspace and Collaboration Data

  • Workspace names and settings
  • Team member information and permissions
  • Project configurations

Repository and Code Data

  • Repository URLs and metadata
  • Code files and documentation
  • Commit history and branch information
  • Tickets and implementation details

Integration Data

  • GitHub repository connections
  • Slack workspace integrations
  • API keys for AI providers (stored encrypted)
  • Third-party service authorizations

Communications

  • Support requests and correspondence
  • Feedback and suggestions
  • Marketing preferences

2.2 Information Collected Automatically

Usage Data
Usage Data is strictly limited to anonymized, aggregated information about how the Service is used. It specifically includes:

  • Features used and actions taken (button clicks, menu selections)
  • AI agents launched and their configurations (agent type, parameters)
  • Performance metrics and error logs (response times, error rates)
  • Session duration and frequency
  • Ticket completion rates and execution statistics

Usage Data explicitly does NOT include:

  • Your actual code or repository contents
  • File contents or code snippets
  • AI-generated outputs
  • Any personally identifiable information

Device and Technical Information

  • IP address and approximate location
  • Browser type and version
  • Operating system
  • Device identifiers
  • Mobile app version (if applicable)

Analytics Data

  • Page views and click patterns
  • Feature adoption metrics
  • User journey analytics
  • Session recordings (via PostHog, with notice)

2.3 Information from Third Parties

OAuth Providers

  • Basic profile information from Google, Apple, GitHub
  • Email addresses from authentication providers

AI Service Providers

  • Usage metrics from AI agent executions
  • Error reports from agent runtime

3. How We Use Your Information

3.1 To Provide the Service

  • Execute AI coding agents on your behalf
  • Store and manage your code repositories
  • Enable team collaboration
  • Process transactions (when billing commences)
  • Provide customer support

3.2 To Improve and Develop the Service

  • Analyze usage patterns and trends
  • Debug issues and improve performance
  • Develop new features and capabilities
  • Conduct research and analytics

3.3 To Communicate with You

  • Service updates and notifications
  • Security alerts and incident notifications
  • Marketing communications (with consent)
  • Product announcements and feature updates
  • Technical and support communications

3.4 For Safety and Security

  • Detect and prevent fraud
  • Investigate security incidents
  • Enforce our Terms of Service
  • Protect against malicious activity
  • Comply with legal obligations

4. How We Share Your Information

4.1 With Service Providers

We share information with third-party service providers who help us operate the Service:

Infrastructure Providers

  • Amazon Web Services (hosting)
  • Modal (compute infrastructure)
  • Morph Cloud (secondary compute)

AI Providers (when you use their agents)

  • Anthropic (Claude)
  • OpenAI
  • Google (Gemini)
  • Sourcegraph (Amp)
  • Opencode

Analytics and Monitoring

  • PostHog (analytics and session replay - not used for EU/UK IP addresses)
  • Sentry (error monitoring and exception tracking)
  • Scout APM (application performance monitoring)
  • BetterStack (log aggregation and uptime monitoring)

Communication Services

  • Email service providers
  • Customer support tools

4.2 With Your Consent

  • When you authorize sharing with integrated services
  • For testimonials or case studies (with permission)
  • When you direct us to share information

4.3 For Legal and Safety Reasons

  • To comply with legal obligations
  • To respond to lawful requests from authorities
  • To protect our rights and property
  • To prevent harm or illegal activities
  • In connection with legal proceedings

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4.5 Aggregated and Anonymized Data

We may share aggregated or anonymized information that cannot identify you for research, marketing, or other purposes.

4.6 No Sale of Personal Information

Important Commitment: We do NOT sell or rent your personal information to third parties for their marketing purposes. We have not sold personal information in the past 12 months, and we will not sell it in the future without providing you with explicit notice and an opportunity to opt-out.

We do not have actual knowledge that we sell or share personal information of individuals under 16 years of age.

5. Data Retention

5.1 Active Accounts

We retain your information for as long as your account is active and as needed to provide the Service.

5.2 After Account Deletion

  • Immediate Deletion: Most user data is deleted within 30 days
  • Legal Compliance: Some data may be retained longer if required by law
  • Backups: Deleted data may persist in backups for up to 90 days
  • Anonymized Data: We may retain anonymized usage data indefinitely

5.3 Specific Retention Periods

  • Code and repositories: Deleted upon account closure or repository removal
  • Usage logs: 90 days for debugging, then aggregated
  • Security logs: 1 year for security investigations
  • Payment records: 7 years for tax compliance

6. Your Privacy Rights

6.1 Access and Portability

You can access and export your data through the Service or by contacting us.

6.2 Correction

You can update your account information through the Service settings.

6.3 Deletion

You can delete your account and associated data. Some information may be retained as described in Section 5.

6.4 Opt-Out Rights

  • Marketing Emails: Unsubscribe link in emails or account settings
  • Analytics: Browser settings or privacy tools
  • Session Recording: Contact us to opt out

6.5 Additional Rights for EEA Residents

If you are in the European Economic Area, you have additional rights:

  • Right to object to processing
  • Right to restrict processing
  • Right to lodge a complaint with supervisory authorities
  • Right to withdraw consent

To exercise these rights, contact privacy@superconductor.dev.

7. Data Security

7.1 Security Measures

We implement appropriate technical and organizational measures:

  • Encryption in transit (TLS/HTTPS)
  • Encryption at rest for sensitive data
  • Access controls and authentication
  • Regular security assessments
  • Employee training and confidentiality agreements

7.2 Incident Response

In case of a data breach that poses risk to your rights:

  • We will notify you without undue delay and where required by law
  • Where applicable under GDPR, we will notify the supervisory authority within 72 hours where required
  • We will provide information about the breach
  • We will take steps to mitigate harm

7.3 Your Responsibilities

  • Keep your account credentials secure
  • Use strong, unique passwords
  • Report security concerns promptly
  • Review and configure privacy settings

8. International Data Transfers

8.1 Data Location

Your data is primarily stored in the United States. By using the Service, you consent to the transfer of your data to the U.S.

8.2 Transfer Safeguards

For transfers from the EEA, we rely on:

  • Standard contractual clauses with service providers
  • Appropriate technical and organizational measures
  • Your explicit consent where required

9. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it promptly.

10. AI and Machine Learning

10.1 No Training on Your Code

Important Commitment: We do not use your code or private repositories to train AI models. Your code remains private and is not used for model training without explicit opt-in consent.

10.2 Future Opt-In Programs

We may offer optional programs where you can:

  • Opt in to contribute data for model improvement (with benefits)
  • Request custom models trained on your code (premium feature)
  • Participate in research programs (with consent)

10.3 Metadata and Analytics

We may use aggregated, anonymized metadata about usage patterns to:

  • Improve agent performance
  • Identify common issues
  • Enhance user experience

11. Third-Party Services and Integrations

11.1 GitHub Integration

When you connect GitHub repositories:

  • We access repository content as needed for agent operations
  • We store minimal metadata about repositories
  • You can revoke access at any time

11.2 AI Provider Data Sharing

When using AI agents, your code is shared with the respective provider:

  • Each provider has its own privacy policy
  • We recommend reviewing provider policies
  • Consider using privacy-focused tiers where available

11.3 Analytics and Session Recording

Session Recording Disclosure: We use PostHog for session recording to improve user experience and debug issues.

Geographic-Based Approach:

  • EU/UK Users: Session recording is DISABLED by default for users accessing from EU/UK IP addresses
  • Other Regions: Session recording may be active to help us improve the Service

What Session Recording Captures:

  • Screen interactions (clicks, scrolls, navigation)
  • Form interactions (excluding sensitive fields)
  • Error messages and system responses

Privacy Protections:

  • Code editors, terminals, and password fields are automatically masked
  • Sensitive form fields are excluded from recordings
  • Personal information in recordings is minimized

Your Control Options:

  • In-App Opt-Out: You can disable session recording directly in your account settings under "Privacy Preferences" (when available)
  • Email Opt-Out: Contact privacy@superconductor.dev to disable session recording for your account - we will confirm within 48 hours
  • Browser Extensions: Use privacy-focused browser extensions that block tracking
  • Global Privacy Control: We honor GPC signals where technically feasible

Important Notes:

  • VPN Users: Using a VPN may bypass our geographic detection. If you're in the EU/UK using a VPN, please contact us directly to ensure session recording is disabled
  • EU/UK Residents: While we automatically disable session recording for EU/UK IP addresses, this detection is not 100% reliable. We recommend EU/UK residents contact privacy@superconductor.dev for confirmation that session recording is disabled for their account
  • All Users: You have the right to opt out of session recording regardless of your location

12. Marketing and Communications

12.1 Marketing Preferences

We may send you marketing communications about:

  • New features and updates
  • Tips for using the Service
  • Industry news and best practices
  • Special offers (when billing commences)

You can opt out at any time via:

12.2 Operational Communications

We will always send necessary communications about:

  • Security incidents
  • Service disruptions
  • Account changes
  • Legal updates

13. California Privacy Rights

13.1 California Residents

If you are a California resident, you have additional rights under the CCPA:

  • Right to know what information we collect
  • Right to delete your information
  • Right to opt-out of sales (we do not sell personal information)
  • Right to non-discrimination

13.2 Categories of Information

We collect these categories under CCPA:

  • Identifiers (name, email)
  • Commercial information (usage data)
  • Internet activity (browsing behavior)
  • Professional information (code repositories)

13.3 Do Not Track

We do not currently respond to Do Not Track signals.

14. Cookies and Tracking Technologies

14.1 Technologies We Use

  • Essential Cookies: For authentication and security
  • Analytics Cookies: To understand usage patterns
  • Preference Cookies: To remember your settings

14.2 Managing Cookies

You can control cookies through:

  • Browser settings
  • Cookie preference center (where available)
  • Third-party opt-out tools

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification
  • In-app notification
  • Prominent notice on our website

Continued use after changes constitutes acceptance of the updated policy.

16. Contact Information

For privacy-related questions or to exercise your rights, contact us at:

Privacy Contact:
Email: privacy@superconductor.dev

Data Protection Officer:
Email: privacy@superconductor.dev

Mailing Address:
Volition, Inc.
2261 Market Street #4795
San Francisco, CA 94114

General Inquiries:
Email: team@superconductor.dev

17. Jurisdiction-Specific Provisions

17.1 European Economic Area

Legal Basis for Processing:

  • Contract performance (to provide the Service)
  • Legitimate interests (security, fraud prevention, improvement)
  • Legal compliance
  • Consent (for optional features)

Data Protection Authority:
You may lodge a complaint with your local supervisory authority.

17.2 United Kingdom

UK residents have similar rights to EEA residents under UK GDPR.

17.3 Brazil

Brazilian residents have rights under LGPD similar to GDPR rights.

18. Glossary

  • Personal Data/Information: Information that identifies or relates to you
  • Processing: Any operation performed on personal data
  • Controller: Entity that determines purposes and means of processing
  • Service Provider: Third party that processes data on our behalf

This Privacy Policy is effective as of November 3, 2025. For questions about our privacy practices, please contact privacy@superconductor.dev.