Privacy Policy
01 Who we are
The Celeborn Code service and the thot.ai website are authored by Cloud Dancer and published and operated by Thot Technologies, LLC. The two roles are distinct:
- Author / LicensorCloud Dancer — a company incorporated in Poland (Warsaw). Author of the Celeborn Code software and, for individuals in the EU/EEA, our Article 27 / EU point of contact.
- Publisher / OperatorThot Technologies, LLC — a Delaware limited liability company (United States; Austin, Texas). Operator of the website and hosted services and the data controller for personal data processed through them.
- Contacthello@thot.ai (mark privacy requests "Attn: Privacy")
In this policy, "we", "us", and "our" refer to Thot Technologies, LLC as operator and data controller, except where a section names a different party.
02 Scope of this policy
This policy describes how we handle personal data when you visit thot.ai, when you use the
hosted Celeborn Code board and sync features, and when you contact us. Celeborn Code's command-line tool
runs locally on your machine: by default it stores your project context in a local
.context/ directory and does not transmit it to us. Personal data reaches us
only when you separately connect an account and enable a hosted feature (such as the shared
board or fleet sync), submit a form, or otherwise contact us.
03 Personal data we collect
You give us
- Account & identity data — when you sign in (for example, via GitHub OAuth): your account identifier, username, email, and avatar as provided by the identity provider.
- Contact data — name, email, and message content you submit through contact or feedback forms.
- Workspace content — task cards, project context, and board data you choose to sync to the hosted service.
- Billing data — for paid plans, billing contact details and transaction records (card data is handled by our payment processor, not stored by us).
We collect automatically
- Device & usage data — IP address, browser and device type, pages viewed, referring URLs, and timestamps.
- Diagnostic data — logs and error reports needed to operate and secure the service.
- Cookies & similar technologies — see our Cookie Policy.
We do not knowingly collect special-category data, and we ask that you not submit it through the service.
04 How and why we use data
- To provide, operate, and maintain the website and the Celeborn Code service;
- To authenticate you and keep your account and board secure;
- To sync and display the workspace content you choose to store with us;
- To respond to your enquiries, support requests, and feedback;
- To process payments and manage subscriptions;
- To monitor, debug, and improve performance, reliability, and features;
- To detect, prevent, and address fraud, abuse, and security incidents;
- To comply with legal obligations and enforce our User Agreement.
We do not sell your personal data, and we do not use your private workspace content to train machine-learning models.
05 Legal bases for processing (GDPR)
Where the GDPR applies, we rely on the following legal bases (Article 6):
- Performance of a contract — to deliver the service you have signed up for;
- Legitimate interests — to secure, improve, and operate the service, balanced against your rights;
- Consent — for non-essential cookies and any optional communications (you may withdraw consent at any time);
- Legal obligation — to meet accounting, tax, and other legal requirements.
07 International data transfers
We operate from the United States and work with providers in the US, the EU, and elsewhere. When we transfer personal data out of the EEA, the UK, or Switzerland, we rely on an appropriate safeguard — typically the European Commission's Standard Contractual Clauses (and the UK Addendum) — or another lawful transfer mechanism. You may request a copy of the relevant safeguard using the contact details below.
08 Data retention
We keep personal data only as long as needed for the purposes described here: for the life of your account and a reasonable period afterward, and longer where required to meet legal, accounting, or dispute-resolution obligations. When data is no longer needed, we delete or anonymize it. You can ask us to delete your account data as described in your rights below.
09 Security
We use technical and organizational measures appropriate to the risk — including encryption in transit, access controls, and least-privilege practices — to protect personal data. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security. If a breach affects your rights, we will notify you and the relevant authority as required by law.
10 Your rights (EU / UK / EEA / Switzerland)
If the GDPR or UK GDPR applies to you, you have the right to:
- Access a copy of your personal data;
- Rectify inaccurate or incomplete data;
- Erase your data ("right to be forgotten");
- Restrict or object to certain processing, including profiling;
- Data portability — receive your data in a portable format;
- Withdraw consent at any time, without affecting prior processing;
- Lodge a complaint with your supervisory authority (in Poland, the President of the Personal Data Protection Office, UODO).
To exercise these rights, contact us at hello@thot.ai. We respond within the time limits set by law (generally one month under the GDPR). EU/EEA individuals may also reach our EU point of contact, Cloud Dancer (Warsaw, Poland), via the same address.
11 Your rights (United States)
Depending on your state of residence (for example California under the CCPA/CPRA, and comparable laws in Virginia, Colorado, Connecticut, and other states), you may have the right to:
- Know what personal information we collect, use, and disclose;
- Access and obtain a copy of that information;
- Correct inaccurate information;
- Delete your personal information;
- Opt out of the "sale" or "sharing" of personal information and of targeted advertising;
- Non-discrimination for exercising your rights.
We do not sell your personal information and do not "share" it for cross-context behavioral advertising as those terms are defined under California law. To exercise your rights, contact hello@thot.ai; you may use an authorized agent, and we will verify requests as the law requires.
13 Children's privacy
The service is intended for adults and is not directed to children. We do not knowingly collect personal data from children under 16 (or the age of digital consent in your country, and under 13 in the United States). If you believe a child has provided us personal data, contact us and we will delete it.
14 Changes to this policy
We may update this policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, provide a more prominent notice. Your continued use of the service after an update means you accept the revised policy.
15 How to contact us
- Data controllerThot Technologies, LLC — Austin, Texas, USA
- Author / EU contactCloud Dancer — Warsaw, Poland
- Emailhello@thot.ai ("Attn: Privacy")