Privacy Policy

The data controller responsible for your personal data is:

If you are located in the European Economic Area (EEA), you may also contact us to request information about our EU representative.

We collect the following categories of personal information:

What we do not collect: source code, file contents, diff contents, repository metadata, or Git history. The Prume CLI and Pro app operate entirely on your local machine.

If you are located in the EEA, UK, or Switzerland, we process your personal data on the following legal bases:

• To provide, maintain, and improve the Services
• To process payments and deliver license keys
• To send transactional emails (receipts, license delivery, security alerts)
• To respond to support requests
• To improve the Services based on aggregated, anonymous usage data
• To detect, prevent, and address fraud or security issues
• To comply with legal obligations

We do not sell, rent, or trade your personal data. We share data only with the following service providers, solely to operate the platform:

We may also disclose data if required by law, court order, or governmental regulation, or to protect our rights or the safety of users.

Prume never sends your source code to our servers. The CLI and desktop app operate entirely locally. When AI classification is enabled (Pro, opt-in), only hunk metadata and summaries are sent to your own configured LLM provider (e.g., OpenAI, Anthropic, or a local model via Ollama). We act as neither a proxy nor a processor for this data.

Your data may be transferred to and processed in countries outside your own, including the United States. When we transfer data outside the EEA, UK, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The EU-US Data Privacy Framework, where applicable
• Your explicit consent, where no other mechanism is available

We retain your data for the following periods:

Under the Swiss Federal Act on Data Protection (nFADP), the EU General Data Protection Regulation (GDPR), and the UK GDPR, you have the following rights:

• Right of access — request a copy of your personal data
• Right to rectification — correct inaccurate or incomplete data
• Right to erasure — request deletion of your data (“right to be forgotten”)
• Right to restriction — restrict processing in certain circumstances
• Right to data portability — receive your data in a machine-readable format (JSON/CSV)
• Right to object — object to processing based on legitimate interest
• Right to withdraw consent — where processing is based on consent

To exercise any of these rights, contact us at privacy@prume.dev. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know — request disclosure of personal information collected, used, and shared
• Right to delete — request deletion of your personal information
• Right to correct — correct inaccurate personal information
• Right to opt out — opt out of the sale or sharing of personal information
• Right to non-discrimination — we will not discriminate against you for exercising your rights

We do not sell your personal information. We do not share personal information for cross-context behavioral advertising. We honor Global Privacy Control (GPC) signals.

To exercise your rights, email privacy@prume.dev or use the opt-out mechanisms provided.

We use only essential cookies for authentication sessions. We do not use advertising cookies, tracking pixels, or fingerprinting.

Our analytics provider (Plausible) is cookie-free and does not track individual users or store IP addresses. No cookie consent banner is required for this type of analytics under GDPR.

The Services are not directed at children under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@prume.dev.

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours (as required by GDPR)
• Notify affected users without undue delay if the breach poses a high risk
• Document the breach, its effects, and the remedial actions taken

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the website, updating the “Last updated” date, and sending email notification to registered users at least 30 days before changes take effect.

For privacy-related questions, data access requests, or complaints, contact:

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. For EU residents, you can find your authority at edpb.europa.eu.