Privacy Policy
How Alucify handles your data — explained plainly.
1. Introduction
Alucify, Inc. ("Alucify," "we," "our," or "us") provides an intent engineering platform — a World Model for enterprise software — that makes AI coding agents structurally aware of enterprise codebases. This Privacy Policy describes how we collect, use, disclose, and protect personal information and customer data through:
- Our website at alucify.ai
- The Alucify VS Code Extension
- The Alucify Chrome Extension
- The Alucify web application and MCP server
- Our APIs and backend services
By using any of our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.
2. Key Definitions
| Term | Definition |
|---|---|
| Customer Data | Source code, configuration files, requirements artifacts, and other technical content you provide to Alucify for analysis. |
| AppGraph Data | The semantic graph representations, DSL artifacts (GraphQL, StateCharts, UIDL, Gherkin), and metadata generated by Alucify from your Customer Data. |
| Personal Information | Information that identifies, relates to, or could reasonably be linked to you or your household. |
| Services | All Alucify products, including the website, VS Code Extension, Chrome Extension, web application, APIs, and MCP server. |
| Sub-Processor | A third-party service provider that processes data on our behalf. |
3. Information We Collect
3.1 Account Information
When you register for Alucify, we collect:
- Name and email address
- Organization name and role
- Authentication credentials via GitHub OAuth (we do not store GitHub passwords; we receive an OAuth token scoped to the permissions you approve)
3.2 Customer Data (Source Code and Artifacts)
When you use Alucify to analyze a codebase, we process source code files and repository metadata, requirements documents and design artifacts, and configuration files and project structure. We generate derived data including AppGraph semantic representations, coverage/congruency/impact metrics, simulation results, and adaptive contextualization sub-graphs.
3.3 VS Code Extension Data
The Alucify VS Code Extension collects:
- Workspace file structure and metadata (file names, paths, and language types)
- Source code content for files within the active workspace that you submit for analysis
- Extension usage telemetry (commands invoked, feature usage frequency, error logs)
- VS Code version and extension configuration settings
The VS Code Extension does not collect data from files outside your active workspace unless you explicitly include them.
3.4 Chrome Extension Data
The Chrome Extension only accesses domains you explicitly authorize (e.g., your Jira, Notion, or Confluence instance). You control this list entirely.
The Chrome Extension collects:
- Page content only from domains and URLs you explicitly authorize
- Authentication tokens for your Alucify account
- Extension usage telemetry (features used, error logs)
The Chrome Extension does NOT collect:
- General browsing history or URLs outside authorized domains
- Credentials, cookies, or session tokens for third-party sites
- Content from pages you have not explicitly authorized
- Keystrokes, form inputs, or clipboard data
You can view and modify authorized domains at any time in the extension settings. Revoking a domain immediately stops all data collection from that domain.
3.5 Usage and Technical Data
Across all Services, we automatically collect:
- IP address and approximate geolocation (city/region level)
- Browser or client type, operating system, and device identifiers
- Pages visited on alucify.ai, referral URLs, and session duration
- Feature usage patterns and interaction logs
- Error reports and diagnostic data
3.6 Cookies and Tracking Technologies
On alucify.ai, we use:
- Essential cookies: Required for authentication, session management, and security. Cannot be disabled.
- Analytics cookies: Help us understand how visitors use our site. Can be disabled via our cookie banner.
- Functional cookies: Remember your preferences and settings.
We do not use advertising or targeting cookies. See our Cookie Policy for details.
4. How We Use Your Information
4.1 Customer Data Processing
Your source code and project data are processed exclusively to provide Alucify's core services:
- Generating and maintaining your AppGraph (semantic representation of your application)
- Running deterministic simulations: coverage analysis, congruency checks, and impact propagation
- Computing energy-based fragility and structural health scores
- Providing adaptive contextualization for AI coding agent integration via MCP
- Generating requirements validation reports
4.2 LLM Processing Disclosure
Alucify's architecture uses LLMs at specific, bounded stages. Here is exactly how.
- Semantic interpretation: LLMs transform AST-extracted code structures into canonical DSL forms (e.g., ORM models → GraphQL types, service handlers → StateChart definitions). This involves sending code snippets to LLM providers (Anthropic, OpenAI, and Google).
- Deterministic processing: All graph construction, validation, simulation, coverage, congruency, impact analysis, and energy scoring are performed by our deterministic algorithms — not by LLMs.
- Context generation: When providing context to AI coding agents via MCP, relevant AppGraph sub-graphs are assembled deterministically. The downstream agent's LLM usage is governed by that agent's own privacy policy.
Data sent to LLM providers is:
- Limited to the minimum code snippets necessary for semantic interpretation
- Not used by our LLM providers for model training — we maintain contractual commitments with all providers prohibiting training on customer data
- Processed in accordance with our Data Processing Agreements with each provider
- Transmitted via encrypted connections
4.3 General Business Purposes
We also use information for account management, billing, and customer support; communicating service updates and security notices; improving and optimizing our Services; ensuring security and preventing fraud; and complying with legal obligations.
4.4 What We Never Do With Your Data
- Sell your Personal Information or Customer Data to third parties
- Use your Customer Data to train or fine-tune machine learning models — ours or anyone else's
- Share your Customer Data with other customers or allow cross-tenant data access
- Mine your source code for competitive intelligence
- Display advertising based on your Customer Data
17. Contact Us
If you have questions about this Privacy Policy or how we handle your data:
| General contact | support@alucify.ai |
| Privacy inquiries | privacy@alucify.ai |
| Phone | +1 (669) 246-3567 |
| Mailing address | Alucify, Inc. 438 Cambridge Ave Palo Alto, CA 94306 |
© 2026 Alucify, Inc. All rights reserved.