Legal

Privacy Policy

Last updated: May 22, 2026

1. Who we are

AI Rules Generator(“we”, “us”, “our”) is a service that generates personalized AI coding rules for software developers. Contact: gordan.valenta@gmail.com

2. What data we collect

When you sign in with GitHub OAuth, we receive and store:

  • Your GitHub username and display name
  • Your email address (as provided by GitHub)
  • Your GitHub avatar URL
  • A unique GitHub user ID (for authentication)

We also store:

  • The number of rule generations you have performed (for free-tier enforcement)
  • The content of your generation requests (project description and uploaded dependency file) for Pro users — used to power generation history
  • Payment records (order ID, amount, plan type) processed via Lemon Squeezy

3. How we use your data

  • Authentication: to identify you across sessions via GitHub OAuth
  • Usage tracking: to enforce free-tier generation limits and display your remaining count
  • Generation history: to allow Pro users to review past generations
  • Billing: to verify your payment status and unlock Pro access
  • Service improvement: anonymised, aggregated analytics via Vercel Analytics (no personal data)

4. Third-party processors

We use the following services to operate AI Rules Generator:

  • Supabase — database and authentication, data stored in EU region
  • Vercel — hosting and anonymised analytics
  • Lemon Squeezy — payment processing as Merchant of Record; handles your payment data per their own Privacy Policy
  • Anthropic / OpenAI — AI generation; your project description is sent to these APIs. No personal data is included beyond what you explicitly write in the prompt

5. Your rights

You have the right to:

  • Access — request a copy of the data we hold about you
  • Deletion — request deletion of your account and all associated data (generations, payment records)
  • Portability — request an export of your generation history

To exercise any of these rights, email us at gordan.valenta@gmail.com. We will respond within 30 days.

6. Cookies

We use only essential cookies required for authentication (Supabase session tokens). We do not use tracking cookies. Vercel Analytics collects anonymised page-view data without cookies or personal identifiers.

7. Data retention

We retain your data for as long as your account is active. Upon an account deletion request, all personal data is removed within 30 days. Anonymised analytics data may be retained indefinitely.

8. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes via email or a notice on the service. Continued use after the effective date constitutes acceptance of the updated policy.

9. Contact

For privacy-related questions, email us at gordan.valenta@gmail.com.