Legal

Privacy Policy

Last updated: June 11, 2026 · Beta

Ephemerent builds Orrery, a local-first agentic code editor you install on your own computer. This policy explains what data we collect, why, who processes it, and the choices you have. It covers both free local use and the paid subscription tiers (Pro, Max, and Ultra). Orrery is in beta, so this policy may change as the product does — see “Changes” below.

The short version

In local and free mode, Orrery runs entirely on your machine. Your source code, repositories, prompts, and the work the agents do stay on your device — we never receive them. If you subscribe to a paid tier and use the bundled DeepSeek models, the prompts and code needed for those completions are sent through our relay to DeepSeek so they can be generated, and we keep a usage meter (token counts). Beyond that, the data we hold is what’s needed to run a paid account: your sign-in identity, subscription status, and usage counters.

What we collect

Account identity. If you sign in (required only for paid tiers), our authentication provider, Supabase, stores your account identifier, email address, and any basic profile fields (display name, avatar URL) your chosen sign-in method provides. You can sign in with Google, GitHub, or an email magic link.
Subscription & billing status. If you subscribe, we store your plan (Pro / Max / Ultra), subscription status (active, canceled, past-due), renewal date, and the customer/subscription identifiers our payment processor, Stripe, gives us. We do not see or store your full card number — Stripe handles payment details directly.
Usage meter (token counts). When you use bundled models, we count the tokens consumed so we can enforce your monthly quota and show your usage. These counts are stored on your device and on our servers, and are numbers and timestamps — not the content of your prompts.
Prompts & code sent for bundled-model inference. When you choose a bundled DeepSeek model, the prompt and the code/context required to answer it are transmitted through our relay to DeepSeek’s API to generate the completion, and the result is returned to you. This is the same data you would send if you called DeepSeek directly — it is necessary to provide the feature you requested.
High-level activity logs. When signed in, we may record events such as sign-in, opening the editor, or starting a task, with a timestamp. These record that an action happened, not the contents of your code.
Local-only identity (optional). In local mode you can enter an email/name to label your own on-device audit log. This is stored only in your browser’s/app’s local storage on that device and is not sent to us.

What we do NOT collect

In local and free mode (including using your own local Ollama models), nothing about your code or prompts leaves your machine — we don’t receive or store it. We do not collect your source code, repositories, or prompt content for any purpose other than proxying a bundled-model request you explicitly make. We do not store prompt or completion content beyond what is needed to relay the request to DeepSeek and return the answer, and we do not use your prompts or code to train our own models. Note that once a bundled-model request reaches DeepSeek, DeepSeek processes it under its own terms (see “Subprocessors”). When you bring your own API key for another provider, that traffic goes to that provider under their terms, not through us.

How we use your data

To sign you in and keep one identity across the website and the desktop app.
To provide and bill your subscription, enforce monthly quotas, and show your usage.
To proxy bundled-model requests to DeepSeek and return completions to you.
To operate the beta, debug issues, prevent abuse, and keep the service secure.

Subprocessors & service providers

We rely on a small number of third parties to run the service. Each processes only the data needed for its role:

Stripe — payment processing, subscriptions, and billing. Stripe receives the data needed to charge you and is the system of record for payment details.
Supabase — authentication and the database that stores your account profile, subscription state, and usage counters.
DeepSeek — the inference provider for the bundled models. When you use a bundled model, your prompt and the code/context for that request are sent to DeepSeek’s API to generate the completion. DeepSeek processes that data under its own terms.
Google and GitHub — OAuth sign-in, only if you choose one of them to log in.
Vercel — hosting for this website and related endpoints; standard server logs (e.g. IP address, request metadata) may be generated.

Cookies and local storage

This website sets no advertising or third-party tracking cookies. The desktop app and the site use local storage (and a Supabase session token/cookie when you are signed in) to keep you logged in and to hold the optional local identity and on-device audit buffer. Clearing your browser’s or app’s local storage removes the local-only data on that device.

Data retention

We keep your account, subscription, and usage data for as long as your account exists and as needed to provide the service and meet legal/accounting obligations (for example, billing records Stripe retains for tax and compliance). Transient prompt/completion content handled by the relay is not retained by us beyond what is needed to fulfil the request. When you ask us to delete your account, we remove your profile and associated logs from our systems; some billing records may be retained where the law requires.

Your rights

Depending on where you live, you may have rights under laws such as the EU/UK GDPR and the California CCPA/CPRA — including the right to access, correct, delete, or export your personal data, and to object to or restrict certain processing. We do not sell your personal information. To exercise any of these rights:

Use Orrery entirely in local/free mode — no account, and nothing sent to us.
Email hello@ephemerent.com to request a copy of, correction of, or deletion of your account data. We may need to verify your identity before acting.
Cancel or manage your subscription at any time (see the Terms of Service).
Clear your device’s local storage to remove the local identity and audit buffer.

If you are in the EU/UK, you also have the right to lodge a complaint with your local data-protection authority.

International data transfers

Our providers (including Stripe, Supabase, DeepSeek, and Vercel) may process data on infrastructure located outside your country, including the United States. Where required, we rely on the appropriate safeguards offered by those providers for such transfers.

Children

Orrery isn’t directed to children under 13 (or the minimum age in your region), and we don’t knowingly collect their data.

Changes

We’ll update this page when our practices change and revise the “last updated” date. Significant changes affecting paid accounts will be communicated where practical.

Contact

Privacy questions or data requests: hello@ephemerent.com. This service is operated by [PLACEHOLDER: LEGAL ENTITY] (trading as Ephemerent).