Strayl Logo

PRIVACY POLICY

Effective date: 1 September 2025

Contact: alemzhan@strayl.dev

About Strayl

Strayl is a mobile-first AI IDE. The iOS app and the web dashboard share a single Supabase backend and connect to GitHub, cloud sandboxes, and AI providers to help you inspect, edit, and deploy code. This policy explains what information we collect, why we process it, how long we keep it, and your choices.

Information We Collect

Account & Authentication

  • Supabase Auth stores your email, password (hashed), OAuth identifiers, session tokens, and metadata.
  • When you request account deletion we cascade-delete every linked table and then remove the Supabase Auth user.

Repository & Code Data

  • GitHub App installation IDs, repository metadata, and access tokens are stored to let you browse and edit code.
  • When you enable indexing we store file paths, code snippets, hashes, embeddings, and job logs in Supabase.
  • Local caches on your device keep repository trees, file contents, diffs, and embeddings in iOS UserDefaults for speed.

AI & Usage Metrics

  • Prompts, responses, token counts, USD cost, and error status for each AI request are logged to enforce plan budgets.
  • Cloud chat sessions create records for chat titles, sandbox IDs, repository URLs, branch names, and stored messages.

Subscriptions & Payments

  • App Store receipts, plan tier, expiry, compute budget, and spend totals are stored in Supabase when you subscribe.
  • We do not process card data directly; billing is handled by Apple. We keep the validation payload and status.

Local Storage & Credentials

  • Chats, repo caches, TODOs, embeddings, and file contents remain on-device until you clear them or delete the account.
  • Custom API keys for third-party models are saved to your device Keychain; we never sync them to our servers.

How We Use Information

  • Authenticate you, maintain sessions, and allow account recovery.
  • Connect to GitHub, list repositories, apply edits, open pull requests, and keep indexing jobs in sync.
  • Generate embeddings, run AI chats, resolve code search queries, and keep usage within your subscription limits.
  • Provision Daytona sandboxes, upload or clone project files, execute build/start commands, and surface preview URLs.
  • Operate the web dashboard so mobile and web views share consistent repository and usage state.

Data Retention & Deletion

  • You can unlink GitHub or remove individual repositories at any time; we delete associated records and code chunks.
  • Account deletion triggers a cascade that removes indexing data, usage metrics, sandboxes, MCP configs, and the auth record.
  • Local caches can be cleared by removing chats, disconnecting repositories, or deleting the app.
  • Usage logs and subscription records are retained as long as needed for billing, abuse prevention, and regulatory obligations.

Third Parties & International Transfers

We share data with service providers solely to deliver the features you request:

  • Supabase (database, authentication, storage, serverless functions).
  • GitHub (repository metadata, commits, pull requests, installation tokens).
  • OpenRouter & OpenAI (AI chat completions and embeddings).
  • Daytona (cloud development sandboxes, file uploads, build/start commands).
  • Apple App Store (subscription processing and receipt validation).
  • Strayl proxy services (deployment previews and screenshots).

These providers may process data in jurisdictions outside your home country. By using Strayl you consent to those transfers.

Security

  • All Supabase traffic uses TLS; JWTs guard API calls, and service role keys stay on the server.
  • GitHub installation tokens are short lived and generated on-demand through signed requests.
  • Local caches remain on-device; sensitive third-party API keys are stored in the iOS Keychain.
  • We monitor usage for abuse and reserve the right to suspend accounts that circumvent quotas or attack the service.

Your Rights & Choices

  • Access and export: contact us to request a copy of your stored Supabase data.
  • Correction: update your profile information in the app or request edits by email.
  • Deletion: use the in-app delete account flow or email us; we remove all server-side data and instruct third parties when possible.
  • Opt-out: you may disconnect GitHub, stop using AI features, or choose not to subscribe to managed plans.

Children

Strayl is not directed to children under 13. If we learn that we collected personal data from a child, we will delete it promptly.

Changes

We may update this policy to reflect new features or legal requirements. We will change the effective date above and, where appropriate, notify you in-app or by email.

Contact

Questions or requests? Email alemzhan@strayl.dev.

Strayl LogoSTRAYL

© 2025 Strayl. All rights reserved.

Sponsored by Daytona Startup Grid
PRIVACY POLICYTERMS OF SERVICE