Privacy Policy

Introduction

Krosswalk ("Krosswalk", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and process your personal data when you use Krosswalk's platform and services, including our website at krosswalk.io and all related software made available by Krosswalk to interact with codebases (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge you have been informed of and consent to our practices with regard to your personal information and data.

This Privacy Policy does not apply where Krosswalk acts as a data processor and processes personal data on behalf of commercial customers using our enterprise services. Our use of that data is governed by our customer agreements covering access to and use of those offerings.

1. Personal Data We Collect

We collect the following categories of personal data:

A. Personal Data You Provide Directly

We collect personal data if you create an account to use our Service or communicate with us. This includes:

• Account Information: We collect identifiers such as your name and email address when you sign up for an account or join our waitlist.
• Payment Information: If you subscribe to paid features, we collect payment information through our payment processor (Stripe). We do not store your full credit card details on our servers.
• Inputs and Outputs: The Service allows you to submit questions and instructions ("Inputs") which generate responses, code suggestions, and pull requests ("Outputs"). If you include personal data in your Inputs, we will process that information to provide the Service.
• Communication Information: If you contact us, we collect your name, contact information, and the contents of any messages you send.
• Feedback: If you provide feedback on the Service, we may store the exchange as part of your feedback to improve our offerings.

B. Personal Data From Your Use of the Service

When you use the Service, we automatically receive certain technical data:

• Device Information: Your device or browser automatically sends us information including device type, browser information, and operating system.
• Log Information: We collect information about how our Service is performing, including your IP address, browser type and settings, error logs, and interactions with the Service.
• Usage Data: We collect information about your use of the Service, such as dates and times of access, features used, questions asked, and other usage patterns.
• Cookies & Similar Technologies: We use cookies and similar technologies to operate the Service, maintain your preferences, and analyze usage. See our Cookie Policy for details.

C. How Your Code is Handled

Krosswalk facilitates your interaction with your own repositories. When you connect a GitHub account and use the Service:

• Local Repository Access: You clone and access repositories on your own device using your GitHub credentials.
• AI Processing: When you ask questions or request code changes, relevant code context from your local environment is transmitted to our AI provider, Anthropic, for processing using their Claude models.
• GitHub Metadata: We collect repository names, branch information, and your GitHub username to facilitate the Service.

Krosswalk does not permanently store your repository content on our servers. Code context is processed in real-time by AI models and is not retained beyond what is necessary to provide immediate responses. We only access repositories you explicitly authorize.

D. Information We Do Not Collect

Krosswalk does not knowingly collect sensitive personal information such as health information, biometric data, or religious information. We do not knowingly collect information from children under the age of 18. If we learn that a user is under 18, we will delete the personal data and account.

2. How We Use Personal Data

We use personal data for the following purposes:

• To provide and maintain the Service, including answering codebase questions and generating code changes
• To create, manage, and administer your account
• To process payments and facilitate subscriptions
• To improve and develop the Service and conduct research
• To communicate with you about your account, updates, and the Service
• To prevent, detect, and investigate fraud, abuse, security incidents, and violations of our Terms of Service
• To comply with legal obligations and protect rights, safety, and property
• To enforce our Terms of Service and other agreements

Code and AI Model Training

We do not use your code or Inputs to train AI models, nor do we permit third parties to use them for training, unless: (1) content is flagged for security review, (2) you explicitly report it to us as feedback, or (3) you've explicitly agreed to such use. Your code is processed in real-time by AI models to provide answers and generate changes, but is not retained for training purposes.

We may aggregate or de-identify personal data so that it no longer identifies you, and use that information for analytics, research, and improving the Service.

3. How We Share Personal Data

We may disclose your personal data in the following circumstances:

• Service Providers: We share data with third-party vendors who support our business operations, including hosting providers, AI model providers (such as Anthropic for Claude), payment processors (Stripe), and analytics services. These parties process data only as necessary to perform services on our behalf.
• GitHub Integration: When you use the Service to create pull requests or interact with repositories, we transmit necessary data to GitHub on your behalf using your authorized credentials.
• Business Transfers: In the event of a merger, acquisition, or other corporate transaction, personal data may be transferred as part of the transaction.
• Legal Compliance: We may disclose personal data to comply with applicable laws, respond to legal requests, protect rights and safety, prevent fraud, or enforce our Terms of Service.
• With Your Consent: We may share data when you give us permission to do so.

We do not sell your personal information. We do not share personal data for cross-contextual behavioral advertising or targeted advertising purposes.

4. Third-Party Services and AI Processing

Anthropic (Claude AI)

Krosswalk is powered by Anthropic's Claude AI models. When you use the Service:

• Your queries and relevant code context are transmitted to Anthropic for processing
• This data is processed by Anthropic in accordance with their Privacy Policy
• Anthropic does not use API customer data to train their AI models
• Data is processed in real-time and not retained by Anthropic for training purposes

By using Krosswalk, you acknowledge that your data will be processed by Anthropic. We encourage you to review Anthropic's Privacy Policy for details on their data handling practices.

GitHub

When you connect your GitHub account:

• You authorize Krosswalk to access repositories you specify
• Your interactions with GitHub remain subject to GitHub's Privacy Statement
• We only request permissions necessary for the Service to function

Stripe

Payment processing is handled by Stripe. Your payment information is processed in accordance with Stripe's Privacy Policy. We do not store your full payment card details.

5. Data Retention

We retain your personal data only for as long as necessary to operate the Service and support legitimate business needs such as legal compliance, safety, and dispute resolution.

• Account Data: Retained while your account is active and for a reasonable period afterward
• Repository Data: Processed in real-time; we do not permanently store full repository contents
• Conversation History: Retained to provide conversation continuity and may be deleted upon request
• Usage Logs: Retained for security and analytics purposes, typically for 12 months

When personal data is no longer needed, we delete, de-identify, or anonymize it in compliance with applicable laws.

6. Security

We implement commercially reasonable technical and organizational measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit and at rest
• Access controls and authentication requirements
• Regular security assessments
• Secure handling of GitHub OAuth tokens

However, no method of transmission over the Internet or electronic storage is completely secure. You are responsible for maintaining the security of your account credentials and should notify us immediately if you believe your account has been compromised.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data, subject to certain exceptions
• Portability: Request your data in a portable format where applicable
• Objection: Object to certain types of processing
• Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at justin@krosswalk.io. We may request information to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

Managing Repository Access

You can revoke Krosswalk's access to your GitHub repositories at any time through your GitHub settings or through the Krosswalk application.

8. International Data Transfers

Krosswalk processes personal data on servers located in various jurisdictions, including the United States. If you are located outside the United States, your personal data may be transferred to and processed in the United States or other countries. We apply the protections outlined in this policy regardless of where data is processed and only transfer data in accordance with legally valid transfer mechanisms.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will publish an updated version and effective date at the top of this page. For material changes, we will make reasonable efforts to notify you via email or through the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Email: justin@krosswalk.io