Privacy Policy
Last updated: 9 July 2026
This Privacy Policy explains how OpenDev ("OpenDev", "we", "us") collects, uses, and protects your personal data when you use the OpenDev website and services at opendev.page — including the OpenDev team-chat AI agent (the "Chat Agent") and the OpenDev Mobile cloud coding product ("OpenDev Mobile") — together, the "Service".
OpenDev is operated by SRC CONNECTION LIMITED, a company registered in the United Kingdom, and we process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are the "data controller" for the personal data described in this policy.
1. Data we collect
We collect only what we need to run the Service:
- Account information. When you sign in with Google, we receive your name, email address, and profile picture from Google. We store your email address and an account identifier.
- Session data. We set an essential session cookie so you stay signed in. We store session tokens and their expiry times.
- Workspace and usage data. Information about the cloud workspaces (servers) you create, their configuration, and service usage logs (for example which AI model was used and approximate usage volumes) so we can operate the Service, monitor abuse, and calculate costs.
- Content you submit. The messages, prompts, code, and files you send to the AI agent or store in your workspace. This content is processed to provide the Service and is not used for any other purpose.
- Chat Agent data. If your team uses the Chat Agent in Slack (or our web chat), we process your chat platform identifiers (workspace, channel, and user IDs, display name), the messages you address to the agent (mentions, direct messages, and their threads), and — where the feature is enabled — recent conversation context used to answer you. Agent conversations and their memory are retained so the agent can keep thread context over time; your workspace admin or you can ask us to delete them.
- Optional integrations. If you connect Telegram (for example for reminders), we store the Telegram chat identifier needed to message you.
- Payment information. If you make a purchase (for example a wallet top-up), payment is handled by our payment provider, Stripe, via Stripe-hosted checkout. We never see or store your full card details; we receive confirmation of payment and limited billing metadata (such as the amount and a payment reference).
We do not collect data for advertising, and we do not sell your personal data.
2. How we use your data
- To provide, operate, and secure the Service (legal basis: performance of a contract).
- To prevent fraud and abuse, monitor service health, and keep usage within plan limits (legal basis: legitimate interests).
- To communicate with you about your account, service changes, or support requests (legal basis: performance of a contract / legitimate interests).
- To comply with legal obligations, such as tax and accounting rules (legal basis: legal obligation).
3. AI processing
When you use an OpenDev AI agent, the content of your prompts, messages, code, and conversation is sent to third-party AI model providers in order to generate responses. The Chat Agent runs on Anthropic's Managed Agents platform, where each conversation is processed in a managed agent session with its own sandbox and memory. OpenDev Mobile sends prompts to the model provider you select (for example Anthropic or others). We do not permit these providers to use your content to train their models beyond what their own published policies allow, and we recommend you review the policies of any provider whose API key you supply yourself.
4. Who we share data with
We share personal data only with the service providers ("processors") we need to run OpenDev:
- Cloudflare — hosting, databases, storage, and sandboxed compute for your workspaces.
- Google — sign-in (Google Identity Services).
- Anthropic — the Managed Agents platform that powers the Chat Agent, and AI model inference.
- AI model providers — processing of prompts and code, as described in section 3.
- Slack — if your team uses the Chat Agent in Slack, messages flow through Slack under your workspace's own Slack agreement.
- GitHub and app-hosting providers — when you ask the Chat Agent to open a pull request or deploy an app, the relevant code is pushed to GitHub and deployed apps are hosted on our hosting provider.
- Telegram — only if you connect it, to deliver messages you request.
- Stripe Payments Europe, Ltd. — payment processing (Stripe-hosted checkout; see Stripe's privacy policy).
We may also disclose data where required by law or to protect our legal rights. We never sell personal data to third parties.
5. International transfers
Some of our providers process data outside the UK (for example in the United States or the European Economic Area). Where personal data is transferred outside the UK, we rely on safeguards recognised under UK GDPR, such as the UK International Data Transfer Agreement or Addendum, adequacy regulations, or the providers' equivalent standard contractual protections.
6. How long we keep data
- Account data — for as long as your account exists, and deleted within a reasonable period after you delete your account or ask us to.
- Workspace content — until you delete the workspace or your account.
- Usage and security logs — typically no longer than 12 months.
- Billing records — as required by UK tax law (generally 6 years).
7. Cookies
We use a single essential cookie (session) to keep you signed in. We do not use advertising or cross-site tracking cookies. Google Sign-In may set its own cookies when you use it — see Google's privacy policy.
8. Your rights
Under UK GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data deleted ("right to be forgotten");
- restrict or object to certain processing;
- receive your data in a portable format;
- withdraw consent at any time, where processing is based on consent.
To exercise any of these rights, email us at [email protected]. We will respond within one month.
You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO) — ico.org.uk — although we'd appreciate the chance to resolve any concern first.
9. Security
All traffic to the Service is encrypted with HTTPS. Workspaces run in isolated sandboxes, access to production systems is restricted, and we follow the principle of collecting and retaining as little data as possible. No system is perfectly secure, but if a data breach affecting your personal data occurs, we will notify you and the ICO as required by law.
10. Children
The Service is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.
11. Changes to this policy
We may update this policy from time to time. We will post the updated version on this page with a new "last updated" date, and for material changes we will notify you by email or in the app.
12. Contact us
For any privacy questions or requests, contact us at [email protected].