SpecBuddy Privacy Policy
Effective date: 2026-07-03
This Privacy Policy explains how Alexander Shustanov, an individual software developer (“Developer”, “we”, “us”, or “our”), collects and processes personal data when you use the SpecBuddy IDE plugin (the “Plugin”) and the website https://specbuddy.dev (the “Site”).
Contact for privacy matters: alex@specbuddy.dev
1. Summary
- The Plugin collects product analytics only: which actions you perform in the Plugin (for example, creating a specification, generating a plan, running a step, opening a review).
- The Plugin does not collect your source code, file contents, prompts, specifications, plans, diffs, commit messages, or credentials.
- Code, prompts, and project context that you send to AI coding agents (such as Claude Code or OpenAI Codex) go directly from your machine to those services under their own terms. We do not receive or store that data.
- The Site collects an email address if you join the waitlist, and standard technical logs.
- You can opt out of non-essential analytics in the Plugin settings.
2. Data We Collect
2.1. Plugin — product analytics
When you use the Plugin, we collect usage events describing which actions were performed (processed via Amplitude — see Section 6). Each event may include:
- the action name and non-content parameters (for example, feature flags, counts, durations, success/failure status);
- a pseudonymous installation or user identifier (random ID, not derived from your name or email);
- technical context: Plugin version, IDE name and version, operating system, locale.
We do not collect as part of analytics: source code, file contents or file names, prompts, specification or plan text, diffs, repository names, API keys, or other secrets.
2.2. Plugin — error diagnostics
The Plugin uses Sentry to collect crash reports and error logs. These are limited to the Plugin’s own stack traces and technical state (Plugin version, IDE version, operating system) and may include your IP address processed transiently by Sentry.
2.3. Site
- Waitlist / contact: your email address, if you submit it.
- Technical logs: standard web server logs (IP address, user agent, pages visited). The Site does not use analytics tools or advertising cookies.
2.4. Support
If you contact alex@specbuddy.dev, we process the information you choose to send.
3. What We Do Not Collect
We do not sell personal data. We do not use your data to train AI models. We do not receive the content you exchange with third-party AI agents through the Plugin.
4. Purposes and Legal Bases
We process data to:
- understand feature adoption and improve the Plugin (legal basis: consent for non-essential analytics where required, otherwise legitimate interest);
- diagnose and fix errors (legitimate interest);
- operate the waitlist and respond to messages (performance of a contract / legitimate interest);
- comply with legal obligations where applicable.
5. Opt-Out
You can disable non-essential analytics in the Plugin settings at any time. Disabling analytics does not affect Plugin functionality.
6. Third-Party Processors
We use the following service providers to process data on our behalf:
- Product analytics: Amplitude, Inc. — https://amplitude.com/privacy (EU data residency)
- Error monitoring: Functional Software, Inc. (Sentry) — https://sentry.io/privacy/ (EU data residency)
- Website hosting: Cloudflare, Inc. — https://www.cloudflare.com/privacypolicy/
- Email and other infrastructure: service providers that host our mailbox and supporting infrastructure, acting on our behalf.
Third-party AI agents and IDE vendors (JetBrains, Anthropic, OpenAI, and others) act as independent services under their own privacy policies; we are not a party to your relationship with them.
7. Retention
- Analytics events: 24 months, then deleted or aggregated.
- Waitlist emails: until you unsubscribe or ask us to delete them.
- Support correspondence: up to 24 months after the last contact.
8. International Transfers
Analytics and error monitoring data is stored in the European Union: EU data residency is enabled for both Amplitude and Sentry. These providers are US-based companies; where personal data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses.
9. Your Rights
Depending on your jurisdiction (including GDPR for EEA/UK residents), you may have the right to access, correct, delete, restrict, or object to the processing of your personal data, the right to data portability, and the right to withdraw consent. EEA/UK residents may also lodge a complaint with their supervisory authority.
To exercise your rights, contact alex@specbuddy.dev. We respond within the timeframes required by applicable law.
10. Children
The Plugin and Site are not directed at children under 16, and we do not knowingly collect their data.
11. Changes
We may update this Privacy Policy. Material changes will be announced through the Plugin, the Site, or release notes. The current version is always available at https://specbuddy.dev/privacy.