Privacy Policy

Last updated: 23 June 2026

This Policy explains how Reticle handles your data.

1. Who we are

Reticle (the "Service") is operated by [Your Registered Business Name], based in Bosnia and Herzegovina ("we", "us", "our"). This Privacy Policy explains what personal data we collect, how we use it, and your rights. For data-protection purposes we act as a controller for your account data, and as a processor for the content you put into the Service.

2. Data we collect

  • Account data: your name, email address, and authentication identifiers.
  • Workspace content: your projects, the live-page feedback and comments your reviewers leave, messages, and metadata about the repositories and branches you connect.
  • Credentials you provide: your AI provider API key and Git access, which we store encrypted and use only to operate the Service on your behalf.
  • Support messages: anything you send us via the Support or Contact forms (name, email, message).
  • Usage and technical data: log data, device/browser information, and error diagnostics needed to run and secure the Service.

3. How we use your data

  • To provide, maintain, and secure the Service.
  • To process feedback and, when you choose, to hand an approved comment to an AI coding agent that changes your connected repository.
  • To communicate with you about your account, support requests, and important changes.
  • To process payments through our payment provider.
  • To comply with legal obligations and prevent abuse.

4. AI processing

When you send a comment to the AI coding agent, the relevant context (the feedback, the targeted element, and access to the repository you connected) is processed by your configured AI provider (currently Anthropic) using the API key you supply. That processing is also subject to your AI provider's terms and privacy policy. We do not use your code or feedback to train any AI model.

5. Sub-processors

We rely on a small set of trusted providers to run the Service. They process data only as needed to provide their service to us:

  • Supabase — database, authentication, and storage.
  • Railway — application hosting and compute.
  • Anthropic — the AI coding agent (invoked with your key).
  • Your Git provider (e.g. GitHub) — repository access you authorise.
  • Our payment provider / Merchant of Record — billing and tax (e.g. Lemon Squeezy).
  • Our email provider — transactional and support email (when enabled).

6. Sharing your data

We do not sell your personal data. We share it only with the sub-processors above, where required by law, or in connection with a business transfer (e.g. merger or acquisition), subject to this Policy.

7. Data retention

We keep your data for as long as your account is active and as needed to provide the Service. When you delete your account or ask us to, we delete or anonymise your personal data within a reasonable period, except where we must retain it to meet legal, accounting, or security obligations.

8. Security

We use technical and organisational measures to protect your data, including encryption of sensitive credentials at rest, scoped access to connected repositories, and tenant isolation. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

9. Your rights

Depending on your location (including under the GDPR), you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, contact us using the details below. You may also lodge a complaint with your local data-protection authority.

10. International transfers

Your data may be processed in countries other than your own, including where our sub-processors operate. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for those transfers.

11. Cookies

We use strictly necessary cookies to keep you signed in and to operate the Service securely. We do not use advertising cookies. If we add analytics in the future, we will update this Policy and, where required, ask for your consent.

12. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data.

13. Changes to this policy

We may update this Policy from time to time. If we make material changes, we will take reasonable steps to notify you. The “Last updated” date above reflects the latest version.

14. Contact

For privacy questions or to exercise your rights, reach us through the contact form on our website or at [your support email].

Questions about this document? Reach us via the contact form.