Devkat App for iOS

Privacy Policy

Effective date: May 4, 2026

Devkat ("we", "our", "the app") turns your AI coding sessions into shareable visual cards. This policy explains what data we collect, how we use it, and the controls you have.

1. Data We Collect

Account credentials. When you sign up we store your email address and a securely hashed password via Supabase Auth. We never see or store your plaintext password.

Session statistics. When you push a session from your machine, we receive aggregate stats only: duration, lines added/removed, file count, token usage, model name, and timestamps. We do not receive source code, file contents, file paths, environment variables, or prompt/response text.

Device information. We may collect basic device identifiers (iOS version, device model) for crash reporting and analytics. This data is anonymised and cannot be linked to your source code.

2. Data We Never Collect

Source code or diffs. Devkat's CLI parser computes statistics locally on your machine. Raw code never leaves your device.

File paths. Paths are counted but not transmitted. The "Scope" stat is a number, not a list of filenames.

Secrets or credentials. The CLI does not read .env files, API keys, or tokens from your codebase. A pre-flight scan strips any secrets that might appear in session metadata before upload.

Prompt or response text. The content of your conversations with AI assistants is never sent to our servers.

3. How We Use Your Data

Display your sessions. Statistics are stored so you can view your session history and generate overlay cards within the app.

Improve the product. We may use anonymised, aggregate usage patterns (e.g. average session length across all users) to improve Devkat. We will never sell individual data or share it with third parties for advertising.

4. Image Composition & Sharing

Overlay cards are rendered entirely on your device. When you copy or save an image, it goes to your local clipboard or camera roll. Devkat does not upload, store, or have access to the images you create. What you share and where you share it is entirely your choice.

5. Data Storage & Security

Your session data is stored in Supabase (hosted on AWS) with row-level security — each user can only access their own records. Auth tokens are stored in your device's Keychain. All network communication uses TLS 1.2+.

6. Data Retention & Deletion

You can delete your account at any time from Settings. When you delete your account, all associated session data is permanently removed from our servers. There is no recovery period — deletion is immediate and irreversible.

7. Third-Party Services

Supabase — authentication and database hosting.
Apple — app distribution, crash reporting via Xcode Organizer.

We do not use any third-party analytics SDKs, advertising networks, or tracking pixels.

8. Children's Privacy

Devkat is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you through the app or via email. Your continued use of Devkat after changes take effect constitutes acceptance of the updated policy.

10. Contact

Questions or concerns? Reach us at xavier@alleykat.app.