Privacy Policy

Last updated 3 June 2026

This policy explains what Spiderbrain collects, why, and how you stay in control. Spiderbrain is a product of Perform Digital Private Limited. Plain language, no dark patterns. Questions: contact@perform.digital.

1. Who we are (data controller)

Spiderbrain is a product of Perform Digital Private Limited, a company registered in India (CIN U72900UP2019PTC121932). Perform Digital Private Limited is the data controller responsible for your personal data and decides how and why it is processed. You can reach us at contact@perform.digital.

2. What this policy covers

This covers the Spiderbrain desktop app, the command line tool, the MCP server, the spiderbrain.ai website, the Webby assistant, account sign in, and the cloud and team features. It does not cover the third-party tools you connect Spiderbrain to (your AI client, your code host, your editor), which have their own privacy policies.

3. Local first: what stays on your device

In local mode, Spiderbrain builds your brain on your own machine from your files. Your source code and project contents stay on your device. They are not uploaded to us. The only things that leave your device are your sign-in identity and, if you turn it on, content-free usage counts. Cloud and team features (saving a brain to the cloud, sharing it with a team) only send data when you choose to use them.

4. What we collect and why

• Account data. When you sign in we store your email, name and plan through Supabase. There is no password to store. If you sign in with Google, we receive your name, email address and profile picture from your Google account and use them only to create and secure your account and personalize the app. We never use Google user data for advertising, and we never sell it.
• Usage analytics. Pages viewed, which call to action you click, referrer and campaign tags, country and device type. Collected first-party (our own Cloudflare Worker) and, with your consent, through Google Analytics 4. A first-party identifier kept in your browser counts visits and is not a third-party cookie.
• Product telemetry (opt-in). If you allow it in the app, we collect content-free counts of actions (for example, a brain was built, a query ran). This never includes your code or file contents, and you can switch it off at any time.
• Webby assistant. The messages you send to Webby, any contact details you share, and support tickets you raise. We use these to answer you, follow up, and improve the assistant. Webby is powered by a third-party AI provider (Anthropic); your messages are sent to that provider to generate replies and are not used to train its models. Please do not paste passwords or source code into Webby.
• Referrals. If you arrive through a referral link, we record the referral code so credit is applied correctly.
• Payments. When you buy a paid plan, payment is handled by Razorpay, including for international payments. We receive confirmation and limited billing details (such as the plan, amount, and a token or the last digits of the instrument). We do not see or store your full card number.

Spiderbrain's use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements.

5. Legal bases (for EEA and UK users)

• Contract: to provide your account, the app, and the features you ask for.
• Consent: analytics, optional telemetry, and any marketing. You can withdraw consent at any time.
• Legitimate interests: keeping the service secure, preventing abuse, and improving the product.

6. Who we share data with

We do not sell your personal data. We share it with service providers who process it on our behalf, under contract:

• Supabase: identity, account and analytics storage (EU region).
• Cloudflare: website hosting and edge delivery.
• Google Analytics 4: aggregate website analytics, only with your consent.
• Anthropic: powers the Webby assistant by processing your chat messages to generate replies.
• Resend: transactional email, such as support ticket confirmations.
• Razorpay: payment processing, including international payments.

7. International data transfers

Account and analytics data tied to your account are stored in the European Union (Supabase). Spiderbrain is operated from India by Perform Digital Private Limited, and some of our providers are outside the European Economic Area. In particular, payments are processed by Razorpay in India, and some providers (such as Cloudflare and Anthropic) operate in the United States.

India does not currently have an EU adequacy decision. Where we transfer the personal data of EEA or UK users outside the EEA or UK (including to India for payments), we rely on Standard Contractual Clauses (and the equivalent UK safeguards) with those providers to protect your data.

8. How long we keep it

• Purely anonymous analytics events are pruned after 30 days.
• Account, subscription and account-linked data (including Webby conversations and tickets tied to your account) are kept while your account exists, and for a limited period afterwards where needed for legal, tax and accounting reasons.
• Payment records are retained as required by Indian tax and financial law.
• Ask us to delete your account and we remove your personal data, except where we are required to keep records by law.

9. Your rights

Depending on where you live, you can ask us to give you access to your data, correct it, delete it, export it, restrict or object to its processing, and withdraw consent. EEA and UK users have these rights under the GDPR; users in India have rights under the Digital Personal Data Protection Act, 2023; California residents have rights under the CCPA and CPRA. To exercise any of these, email contact@perform.digital and we will action it within the time the law allows. You may also lodge a complaint with your local data protection authority.

10. Cookies and local storage

We use four categories. You choose which to allow, and you can change your mind any time via Cookie settings.

• Strictly necessary: sign-in, security and remembering your consent. Always on.
• Functional: remembers small choices so we do not repeat prompts.
• Analytics: first-party analytics and Google Analytics 4, in aggregate.
• Marketing: reserved for future attribution tags. Nothing loads here today.

Until you grant Analytics, Google Analytics runs in Google's cookieless consent mode and our first-party analytics does not record.

11. Data security

Sign-in is handled by Google or one-time email codes, so there is no password for us to store. Data in transit is encrypted over HTTPS. Account data sits in Supabase behind access controls. In local mode, your project data never leaves your device.

12. Children

Spiderbrain is not directed at children. We do not knowingly collect data from anyone under 16, or the minimum age in your country. If you believe a child has given us personal data, contact us and we will delete it.

13. Changes to this policy

We will update this policy as the product evolves. We will post the new version here and update the date above; significant changes will be notified in the app or by email.

14. Contact

Perform Digital Private Limited. Email contact@perform.digital. Spiderbrain is a product of Perform Digital. See also our Terms of Service.

This policy describes our current practices and will evolve as the product does. It is provided in good faith.