Privacy Policy

We collect three categories of data:

• Account information — when you sign in with Google or GitHub, the OAuth provider sends us your name, email, avatar URL, and a stable provider ID. We don’t see your password.
• Workspace content — the API keys, projects, designs, prompts, files, and Skills you create or upload while using the product.
• Operational data — basic logs (IP address, user agent, request timestamps, error traces) needed to run the service securely and debug problems.

We use the data above to:

• Authenticate you and keep your session secure;
• Store and render your projects, Skills, and settings inside your workspace;
• Relay your prompts and files to the AI provider whose key you’ve added so the agent can respond;
• Detect abuse, prevent fraud, and protect the integrity of the service and its users;
• Communicate critical product updates (security, account, terms).

We do not sell your personal information, and we do not use your projects, prompts, or Skills to train AI models.

API keys you add are encrypted at rest using AES-256-GCM with a key held outside the application database. Only the encrypted ciphertext is persisted — the decrypted key exists in memory only for the moment a request is made to the corresponding provider, and is never logged, displayed in full, or returned to the browser after the initial save.

You can rotate or delete a stored key at any time from the API Keys section of the workspace.

Laude Design is a bring-your-own-key product. When the agent runs, your prompts, Skills, and any files you attach are sent to the provider whose key you’ve added — for example, Anthropic (Claude), OpenAI (GPT), or Google (Gemini). Their handling of that data is governed by their own privacy policies and data-retention settings, not ours.

Before adding a key, please review the provider’s policy and configure any data-controls they offer (such as opting out of training).

We share data only in narrow circumstances:

• AI providers you’ve connected, as described above;
• Infrastructure providers (hosting, database, error monitoring) acting as processors under contract, with access limited to what they need to run the service;
• Other users, but only for content you explicitly mark public — such as a Skill you publish to the community library;
• Legal authorities, when required by valid legal process or to protect the rights and safety of users.

We keep your account and workspace content for as long as your account is active. When you delete a project, Skill, or API key, it is removed from active systems immediately and purged from backups within 30 days. When you delete your account, we delete your workspace content within 30 days, except where we’re required to retain limited records for legal or security reasons.

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. You can:

• View and edit your profile and stored keys directly in the workspace;
• Delete your account from the workspace settings;
• Reach out via the contact channel below for any other request.

If you’d rather hold the data yourself, you can self-host Laude Design from the open-source repository.

We use cookies and browser local storage to keep you signed in, remember UI preferences (such as sidebar state and the model you last selected), and maintain CSRF protection on form submissions. We do not use third-party advertising or cross-site tracking cookies.

We use industry-standard practices to protect your data — TLS in transit, AES-256-GCM for stored API keys, scoped database access, and least-privilege production access. No system is perfectly secure, so we encourage you to use a strong sign-in provider and to report any suspected vulnerability through the GitHub repository.

Laude Design is not directed to children under 13 (or the local minimum age of digital consent). If you believe a child has given us personal information, please contact us so we can remove it.

Laude Design and its infrastructure providers may process your data in countries other than your own. Where required, we rely on standard contractual clauses or equivalent safeguards for these transfers.

As the product evolves we may update this policy. When we make material changes we’ll update the “Last updated” date above and, where appropriate, notify you in-product before the change takes effect.

Questions or privacy requests can be sent by opening an issue on the Laude Design repository. See our Terms of Service for the rules that govern your use of the product.