Privacy Policy

Information we collect and how we use it

We collect information you provide directly (account details, repository connections, task requests) and information generated through service usage (container execution logs, AI interaction data, OAuth tokens for connected services which are encrypted and stored in secure, enterprise-grade databases).

We process your code repositories solely to execute requested tasks within isolated containerized environments. Private repository content is never used for AI model training or service improvement. Repository data is processed temporarily during task execution and is later permanently deleted from our systems within 30 days of task completion.

We facilitate connections to third-party AI providers (OpenAI, Anthropic, Google) using your own API credentials. Your code and prompts are sent to these providers under your own account and terms with those providers. We do not control or guarantee the data handling practices of third-party AI providers when accessed through your credentials.

Data retention and deletion

Repository content: Deleted within 30 days of task completion
Container execution logs: Retained for 30 days for debugging purposes
Account information: Retained while your account is active
OAuth tokens: Retained until you revoke authorization

You can request immediate deletion of all data by contacting dev@blocks.team or deleting your account through your dashboard.

Third-party integrations and OAuth

We connect to your authorized services (GitHub, GitLab, Slack, etc.) using OAuth protocols. We request only minimal necessary permissions and never access services beyond your explicitly granted scope. OAuth tokens are encrypted in transit and at rest.

Connected services may have their own privacy policies governing data shared through our integrations. Review the privacy policies of services you authorize.

Data security and sandboxed environments

Your code executes in isolated containerized environments that prevent cross-user data access. Containers run in a managed, serverless compute environment with automatic scaling and isolation guarantees.

We may monitor containerized environments and network traffic patterns for the limited purpose of detecting abuse, malware, or security threats. Such monitoring does not involve reviewing your code content except where necessary to investigate suspected security incidents.

We implement industry-standard encryption for data in transit and at rest, regular security audits, and continuous monitoring for unauthorized access attempts.

Your privacy rights

You have rights to access, correct, delete, or export your data. EU residents have additional rights under GDPR including data portability and processing objection. California residents can opt-out of data "sales" (though we do not sell personal information).

Contact dev@blocks.team to exercise privacy rights or report privacy concerns.

International data transfers

We process data in the United States and may transfer data internationally to our AI service providers. All transfers use Standard Contractual Clauses or other appropriate safeguards under applicable privacy laws.

Contact information

All questions: dev@blocks.team

We will notify users of significant privacy policy changes via email and dashboard notifications.