Plainly, here's what we do with your data.

We try to collect as little as we can get away with. We don't sell your data. We don't share it with advertisers. We use a small number of well-behaved tools to keep the lights on and to know when something's broken.

If you only read one section, this is the one. The rest is the plain-language detail.

Artichokey ("we," "us") is a small team building an orchestration layer for AI coding agents. You can reach a human at hello@artichokey.com. We answer.

Three buckets, and that's it:

• Things you give us. An email when you join the waitlist or buy a founder seat. Your name, payment details, and (optionally) a wallet address when you check out. Anything you write in a support email.
• Things your browser gives us. A timestamped log line for each page view: rough geography (country, sometimes city), referrer, browser family, and screen size. We do not set advertising cookies. We do not fingerprint you.
• Things our app gives us.If you use the product (when it's out), we keep operational logs: which agent ran, when, and whether it succeeded. We do not read the contents of your prompts or your repository in order to train models.

• To send you the one email per wave you signed up for.
• To process payments and deliver founder keys.
• To keep the service up, debug failures, and prevent abuse.
• To know — at the rough-geographic level — where our users are, so we can decide where to host things and which time zones to be awake in.

A short list of vendors we trust to do one job well. Each only sees what it needs to do its job:

• Stripe — card payments. They see your payment details; we see a receipt.
• Resend — transactional and waitlist email. They see your email address and the message we send.
• Vercel — hosting. They see request logs.
• Plausible — privacy-respecting page analytics. Cookieless. No cross-site tracking.

We do not sell your information. We do not share it with advertisers. If we're ever forced to hand something over by a court order, we'll tell you unless we're legally gagged.

We use a single first-party cookie to remember your theme preference (light or dark). That is the entire cookie story. No tracking pixels, no third-party advertising cookies, no cross-site identifiers.

• Waitlist emails: until you ask us to delete them, or until we decide to retire the list.
• Customer records (founder seats): seven years, because tax law.
• Operational logs: 30 days, then we roll them off.
• Analytics aggregates: indefinitely, but they're anonymous.

You can, at any time:

• Ask for a copy of what we have on you.
• Ask us to correct something.
• Ask us to delete you (within what tax law lets us delete).
• Withdraw consent for any optional processing.
• Unsubscribe from any email with the link at the bottom.

Email privacy@artichokey.comand we'll handle it within 30 days. If you're in the EU/UK, you also have the right to complain to your local supervisory authority.

TLS everywhere. Secrets in a vault, not in a repo. Backups encrypted at rest. Access to production data is limited to the people who need it, and audited. We're a small team — we don't have a SOC 2 yet, and we're not going to pretend we do.

Artichokey is not for anyone under 16. We don't knowingly collect data from children. If you think we have, write us and we'll delete it.

If we make a material change, we'll email everyone on the waitlist and post a prominent notice on the site for at least 30 days. The date at the top of this page always reflects the most recent revision.

Questions, requests, or complaints: privacy@artichokey.com. A real human reads these.