Privacy Policy

Hopsule is a software product developed and operated by Hopsule Inc. (“Hopsule,” “we,” “us,” or “our”). We provide the persistent memory layer for AI-assisted software development - including decisions, memories, capsules, enforcement, and the knowledge graph.

Our platform is a hosted, commercial SaaS product. We serve individual developers, engineering teams, and enterprise organizations.

We collect the following categories of information:

Account information

Name, email address, profile picture, and authentication credentials provided during sign-up. If you sign in via a third-party provider (e.g., GitHub, Google), we receive the profile data they share.

Organization & project data

Organization names, project names, member roles, and configuration settings you create within Hopsule.

Decisions, memories, and metadata

Structured content you or your team create: architectural decisions, project memories, capsules, tags, comments, and task information. These are the core data primitives of Hopsule.

Usage data

Log data such as IP address, browser type, device information, pages viewed, and feature usage - collected to improve the product and ensure security.

What we do not collect

We never collect or store your source code. Hopsule only persists structured decisions, memories, and project metadata. Sensitive file patterns (e.g., .env, *.pem, node_modules) are automatically excluded during any import or discovery process.

We use the data we collect to:

• Provide, operate, and improve the Hopsule platform
• Authenticate users and enforce organization/project access boundaries
• Generate the AI Brain and knowledge graph from your structured decisions and memories
• Surface advisory enforcement warnings (never blocking your workflow)
• Send transactional emails (account verification, decision review notifications)
• Analyze aggregated usage patterns to improve features and performance
• Respond to support requests and communicate product updates

All data is stored in encrypted databases hosted on secure, SOC 2-compliant infrastructure. Specifically:

• At rest: AES-256 encryption for all stored data, including backups. Encryption keys are rotated on a regular schedule.
• In transit: TLS 1.3 for all data transmitted between your tools (IDE, CLI, MCP) and our servers.
• Isolation: Every organization and project is fully isolated at the database level. Cross-tenant access is architecturally impossible.

Enterprise customers may connect their own PostgreSQL database and AI provider API keys (BYOK), ensuring data never leaves their infrastructure.

We use a limited set of third-party services to operate Hopsule. Each is selected for their security posture and compliance standards:

• Authentication: Identity verification and session management
• Cloud hosting: Application and database infrastructure with encryption and compliance certifications
• Analytics: Privacy-respecting, aggregated usage analytics - no individual user tracking for advertising purposes
• Email: Transactional email delivery for account and notification purposes only

We do not share your project content (decisions, memories, capsules) with any third-party service. AI processing occurs only within the context of your own configured AI provider.

We use the following types of cookies:

• Essential cookies: Required for authentication, session management, and security. Cannot be disabled.
• Analytics cookies: Help us understand how you use Hopsule to improve the product. These are anonymized and do not track you across other websites.

We do not use advertising cookies, remarketing pixels, or cross-site tracking. We do not participate in any advertising networks.

Depending on your location, you may have the following rights regarding your personal data:

To exercise any of these rights, please contact us at privacy@hopsule.com. We respond to all requests within 30 days.

Enterprise customers with a Data Processing Agreement (DPA) should refer to the terms outlined in that agreement for additional provisions.

We retain your data for as long as your account is active or as needed to provide the service. Specifically:

• Account data: Retained while your account exists. Deleted within 30 days of account deletion.
• Project data: Decisions, memories, and capsules are retained while the project exists. Deleted when the project or organization is removed.
• Usage logs: Aggregated and anonymized after 90 days. Raw logs deleted after 180 days.
• Backups: Encrypted backups are retained for up to 30 days after data deletion for disaster recovery, then permanently purged.

Hopsule operates infrastructure primarily in the United States and European Union. If your data is transferred outside your country of residence, we ensure it is protected using:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all sub-processors
• Encryption in transit and at rest for all transferred data

Enterprise customers may select their preferred data residency region (EU or US) to meet local compliance requirements.

Hopsule is designed for professional software development teams. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the “Last updated” date at the top of this page
• Notify you via email or an in-app notification if the change is significant
• Provide a summary of what changed for easy reference

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please reach out: