Privacy Policy

Last updated April 6, 2026
The short version: Your source code never leaves your machine. Eidon does not sell your data, does not train on your data, and does not collect telemetry. The only external calls are the ones you already make to your own LLM provider.

This Privacy Policy ("Policy") applies to services provided by Eidon ("we", "us", or "Eidon") including our website at eidon.dev (the "Site"), the Eidon CLI, and any related applications or services (collectively, the "Services"). It explains what information we collect, how we use it, and the choices you have.

We encourage you to read this Policy in full. By using our Services, you acknowledge and agree to the practices described here. We may update this Policy from time to time and will notify you by posting the revised version on this page. Continued use after changes are posted constitutes acceptance.

Our Core Privacy Principle

Eidon is a local-first tool. All codebase analysis runs entirely on your machine. Your source code, AST data, dependency graphs, and analysis results are stored locally in ~/.eidon/ and are never transmitted to Eidon servers. We have no ability to access, read, or inspect your code.

The only external call Eidon makes on your behalf is to the LLM provider you choose during setup (OpenRouter, OpenAI, Anthropic, or a local Ollama instance). Those calls go directly from your machine to the provider you selected. We are not an intermediary.

What Information We Collect

Account Information

To create an account, we collect your email address. We use OTP-based authentication. We do not store passwords. Your email is used to generate your license key and to send you one-time login codes.

Payment Information

If you subscribe to a paid plan, payment is processed by Stripe. We store your email address and Stripe subscription ID. We do not store credit card numbers, CVVs, or full billing details. Stripe's handling of your payment information is governed by Stripe's Privacy Policy.

License Validation

Your license is an offline-verifiable token (ES256 JWT). Eidon checks for revocation at most once every 24 hours by sending only your license key to api.eidon.dev. No source code, file names, repository names, or analysis data is transmitted. If the check fails (e.g. you're offline), Eidon continues to work normally.

Quota Checks

Before running an analysis, Eidon sends your repository ID and file count to our API to verify your plan's limits. No file contents, file names, or code is included in this request.

Temporary Authentication Data

OTP codes are stored in hashed form on our servers and automatically deleted after use or expiration. Failed login attempts are tracked (up to 3 per code) for abuse prevention.

Information Collected Automatically

When you visit eidon.dev, standard web server logs may record your IP address, browser type, and referring page. We do not use analytics services, tracking pixels, or advertising cookies on our website.

What We Do Not Collect

How We Use Your Information

Who We Share Your Information With

We share personal information only with a limited number of service providers who help us operate the Services, including payment processing, transactional email delivery, database hosting, and website hosting. These providers are contractually obligated to use your information only for the purpose of providing their service to us.

We do not sell, rent, or trade your personal information. We do not share your data with advertisers. We do not use your data for training machine learning models.

For the complete list of providers, the data each one processes, and their locations, see our Subprocessors page.

We may also disclose your information if required by law, legal process, or a government request, or to protect the rights, property, or safety of Eidon, our users, or the public.

Data Storage and Retention

On Your Machine

All analysis data is stored in ~/.eidon/ on your local filesystem. You have full control over this data. Deleting this directory removes all local Eidon data permanently.

On Our Servers

We store your email address, license key, subscription status, and quota records. OTP codes are deleted automatically after use or expiration. If you delete your account, we remove your personal information within 30 days, except where retention is required by law.

Security

All communication with Eidon servers uses TLS encryption. License tokens use ES256 (ECDSA P-256) cryptographic signatures. CLI binaries are verified with SHA-256 checksums at install time. Our API endpoints are rate-limited (30 requests per hour per IP).

No system is perfectly secure. If you discover a vulnerability, please report it to security@eidon.dev.

Cookies

The Eidon website uses only essential cookies required for authentication and session management. We do not use marketing cookies, analytics cookies, or third-party tracking cookies.

Children

Eidon is not directed at individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child under 16, contact us at support@eidon.dev and we will delete it immediately.

Your Rights

Depending on your jurisdiction, you may have the right to:

To exercise any of these rights, contact us at support@eidon.dev. We will respond within 30 days.

International Data Transfers

Eidon operates from the United States. If you use our Services from outside the U.S., your account information (email, license key, subscription data) may be transferred to and stored in the United States. Your source code and analysis data remain on your machine and are not transferred anywhere.

Changes to This Policy

We may update this Policy to reflect changes in our practices or for legal, regulatory, or operational reasons. We will post the revised Policy on this page with an updated date. Material changes will be communicated via the email address associated with your account.

Contact

If you have questions about this Policy or how we handle your data:

Related

Terms of Service Subprocessors