SHARCSHARC
Legal

Privacy Policy

Last updated: March 8, 2026

1. What we collect

When you create a SHARC account or use the service we may collect:

  • Account information — email address and authentication credentials provided through our sign-up flow
  • API usage data — request counts, token consumption, and error rates used for quota enforcement and billing
  • Codebase content — source code you index through SHARC for semantic search (stored as vector embeddings)
  • Payment information — collected and processed by Stripe; SHARC does not store card numbers or bank details

2. How we use your data

  • Provide, maintain, and improve the SHARC service
  • Enforce plan limits and track usage for billing
  • Send transactional communications (billing receipts, security alerts)
  • Investigate and prevent abuse or fraud

We do not sell your data. We do not use your indexed code to train models.

3. Third-party services

SHARC relies on the following third-party processors to operate:

  • Stripe — payment processing, invoicing, and tax collection under Stripe Managed Payments
  • Supabase — authentication and database hosting
  • Vercel — web application hosting and CDN

Each processor operates under its own privacy policy and data processing terms.

4. Data retention

We retain your data for as long as your account is active. When you delete your account through the dashboard, all SHARC application data — including API keys, usage records, plan information, and indexed codebase data — is permanently removed.

Stripe may retain transaction records where required by financial regulations.

5. Your rights

You can exercise the following rights at any time:

  • Access — view your data through the SHARC dashboard
  • Deletion — permanently delete your account and all associated data from the dashboard Plan page
  • Rectification — update your account information through the authentication provider

For any request you cannot complete through the dashboard, contact us at contact@sharc.sh.

6. Cookies and tracking

SHARC does not use tracking cookies, advertising pixels, or third-party analytics. Authentication state is managed through secure HTTP-only tokens provided by Supabase Auth.

7. Security

All data is transmitted over TLS. API keys are hashed before storage. Access to production systems is restricted to authorized personnel. If you discover a security vulnerability, please report it to contact@sharc.sh.

8. Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the dashboard or by email. Continued use of SHARC after changes constitutes acceptance of the revised policy.

9. Contact

Questions about this policy? Reach out at contact@sharc.sh or use our contact form.

See also our Terms of Service.