Privacy Policy

Last Updated: November 29, 2025 | Effective: November 29, 2025

BranchPy ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, software, and services.

Key Principles:

We collect only what is necessary to provide and improve BranchPy
We never sell your personal data to third parties
You control your data and can request deletion at any time
Telemetry is optional by default, except for RC Testing participants

1. Information We Collect

1.1 Account Information

When you create a BranchPy account, we collect:

Email address: Used for account identification, authentication, and communication
Username: Your chosen display name on our platform
Password: Stored as a securely hashed value using bcrypt (we never store plaintext passwords)
Account metadata: Account creation date, last login, subscription tier, license key

1.2 Optional Telemetry (Opt-In)

If you enable telemetry in the BranchPy software (disabled by default), we collect anonymized usage data:

Commands executed: Which BranchPy commands you use (e.g., bpy analyze, bpy render)
Feature usage: Which features are most commonly used
Performance metrics: Execution times, memory usage, crash reports
Environment information: Operating system, Python version, editor (VS Code, CLI, etc.)
Error logs: Stack traces and error messages (sanitized to remove file paths and personal data)

What we DO NOT collect in telemetry:

Source code or file contents
AI prompts or responses
Project names or file paths
Personally identifiable information (PII)

ℹ️ Data Storage: For full details on where BranchPy stores cache, logs, and AI-related data on your machine (including AI cache), see the Storage Layout section in our documentation.

1.3 RC Testing Telemetry

Participants in the RC Testing Program have telemetry collected locally on their machines during the testing period. This telemetry is not automatically transmitted to BranchPy. RC testers may voluntarily export their telemetry (via branchpy telemetry export) and upload it through the RC Testing portal. This data is essential for identifying bugs and measuring feature stability before public release. See the RC Testing Agreement for full details.

1.4 Website Usage Data

We collect standard web analytics data:

Page views and navigation: Which pages you visit on branchpy.com
Browser information: Browser type, version, and device type
IP address: Used for security, fraud prevention, and geographic analytics (not linked to your account)
Cookies and local storage: Session tokens for authentication (see Section 9)

1.5 Community Content

If you participate in the BranchPy community (forum posts, comments), we store:

Your username and avatar
Post content, comments, and replies
Post timestamps and edit history

2. How We Use Your Information

We use your data for the following purposes:

Account management: Authentication, account recovery, subscription management
Service delivery: Providing access to BranchPy software, license validation, downloads
Communication: Sending important updates, security alerts, RC Testing invitations, and release announcements (you can opt out of marketing emails)
Product improvement: Analyzing telemetry to prioritize features, fix bugs, and improve performance
Support: Responding to customer inquiries and troubleshooting issues
Legal compliance: Fraud prevention, enforcing terms of service, responding to legal requests

4. Data Retention

Account data: Retained as long as your account is active. Deleted within 30 days of account closure.
Telemetry data: Retained for 90 days after collection, then permanently deleted (except aggregated/anonymized statistics).
RC Testing telemetry: Retained for 90 days after the RC phase ends, then deleted.
Community posts: Retained indefinitely unless you request deletion or delete your account.
Email logs: SendGrid retains email logs for up to 30 days.

5. Data Security

We implement industry-standard security measures to protect your data:

Encryption in transit: All data is transmitted over HTTPS (TLS 1.2+)
Encryption at rest: Sensitive data (e.g., 2FA secrets, if implemented) is encrypted using AES-256-GCM
Password hashing: Passwords are hashed using bcrypt with 10 rounds
Access controls: Only authorized personnel have access to production databases
Regular security audits: We monitor for vulnerabilities and apply security patches promptly

However, no system is 100% secure. If you discover a security vulnerability, please report it to security@branchpy.com.

6. Your Rights

You have the following rights regarding your personal data:

6.1 Access

You can view and download your account data from your profile settings or by emailing support@branchpy.com.

6.2 Correction

You can update your username, email, and profile information in your account settings.

6.3 Deletion

You can delete your account at any time from your profile settings. All associated data (except anonymized telemetry and aggregated statistics) will be deleted within 30 days.

6.4 Data Portability

You can export your data in JSON format by emailing support@branchpy.com.

6.5 Opt-Out of Marketing

You can unsubscribe from marketing emails by clicking the "Unsubscribe" link in any email or by updating your preferences in account settings. Note: You will still receive critical transactional emails (password resets, security alerts).

6.6 Telemetry Control

You can enable or disable telemetry at any time in the BranchPy settings. For RC testers, telemetry is collected locally as part of the technical operation of the software, but you control whether to export and upload it.

7. Children's Privacy

BranchPy is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us at support@branchpy.com, and we will delete it immediately.

8. International Data Transfers

BranchPy is based in Québec, Canada. If you are accessing our services from outside Canada, your data may be transferred to and stored in Canada or other countries where our service providers operate. We ensure adequate data protection measures are in place for international transfers.

9. Cookies and Local Storage

We use cookies and browser local storage for the following purposes:

Session tokens: Stored in localStorage to keep you logged in (contains no personal data, only a session ID)
Preferences: Theme settings, language preferences (stored locally, not sent to servers)

You can clear cookies and local storage at any time in your browser settings. Note that clearing session tokens will log you out.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Significant changes will be communicated via:

Email notification to registered users
Prominent notice on branchpy.com
Updated "Last Updated" date at the top of this page

Continued use of BranchPy after changes constitutes acceptance of the updated policy.

11. Compliance

BranchPy aims to comply with:

Québec Law 25: Québec's privacy law (in effect September 2023)
PIPEDA: Canada's Personal Information Protection and Electronic Documents Act
GDPR: European Union General Data Protection Regulation (where applicable)

12. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us:

Email: support@branchpy.com (general inquiries)
Security issues: security@branchpy.com
Data requests: support@branchpy.com with subject "Data Request"