Alpha in progress — coming soon.

Waitlist

Join the alpha waitlist

Drop your name and email. We'll be in touch when public access opens.

Privacy Policy

Heads up: Atrophic Dev is under construction. The product is in closed alpha and so is this policy — both will be updated as the service evolves and as the operating entity is formalised. Email privacy@atrophic.dev if anything here is unclear or out of date.

This policy explains what data Atrophic Dev collects, why, and what your rights are. It's written in plain English on purpose — if anything in it is unclear, email privacy@atrophic.dev and we'll explain.

Who we are

Atrophic Dev is the team building the Atrophic Dev webapp, the VS Code extension, and the backend API that supports them. We are pre-incorporation: there is no formal legal entity yet. This policy will be updated when an operating entity is registered.

For any privacy question or request, contact privacy@atrophic.dev.

What this policy covers

This policy applies to the Atrophic Dev webapp, the VS Code extension (when signed in), and the backend API that connects them. It does not cover third-party services we link to.

What we collect

  • From GitHub OAuth. Your GitHub login, display name, email address (if it's public on your GitHub profile), and avatar URL. This is how you sign in.
  • Service data. The records you generate by using the product — repositories you connect, workspaces, quests, submissions, skill events, world maps, and progress.
  • Repository content. File contents the VS Code extension sends to our API for analysis and quest generation. These contents are forwarded to OpenAI for LLM processing (see Sub-processors).
  • Operational data. Request logs, error logs, and basic metadata used for security, debugging, and keeping the service running.

Sub-processors

We use the following third parties to operate the service. Each is bound by its own privacy and security terms.

  • Supabase — Postgres database and object storage hosting.
  • OpenAI — LLM processing of repository content for quest generation. Sent under OpenAI's API terms; under those terms, data submitted to the API is not used to train OpenAI's models.
  • GitHub — OAuth identity provider and GitHub App for repository read access you authorize.

Lawful bases (GDPR Article 6)

  • Performance of a contract — to create your account and deliver the service you signed up for.
  • Legitimate interest — to secure the service, prevent abuse, and debug problems.

Retention

We keep your data while your account is active. If you ask us to delete it, we will, with a reasonable backup window before complete erasure. Email privacy@atrophic.dev to request deletion.

Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data erased.
  • Receive a portable copy of your data.
  • Restrict or object to certain processing.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@atrophic.dev.

Security

We use TLS in transit, encryption at rest via Supabase, and restrict service-role database access to the backend. GitHub App installation tokens are minted on demand from a private key held only on the server — they are not stored long-term.

What we don't do

  • We don't sell your data.
  • We don't run advertising or behavioural profiling.
  • We don't embed third-party tracking pixels.

Children

The service is not intended for users under 16. Don't use it if you're under 16.

Changes to this policy

Material changes will be posted on this page with a new "Last updated" date. If the change affects you significantly, we'll also notify you by email.

Last updated .