Privacy Policy

Subagents, Inc. (“Subagents,” “we,” “us,” or “our”) operates the Morphcode AI coding assistant and related services. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our products and services.

By using Morphcode or any Subagents services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: Email address, name, and authentication credentials when you create an account.
• Payment Information: Billing details processed through our payment processor (Stripe). We do not store complete credit card numbers.
• Code and Project Data: Source code, file contents, and project context you share with Morphcode during coding sessions.
• Communications: Support requests, feedback, and correspondence you send us.

1.2 Information Collected Automatically

• Usage Data: Commands executed, features used, session duration, and interaction patterns.
• Device Information: Operating system, IDE version, Morphcode version, and system configuration.
• Log Data: Error logs, performance metrics, and diagnostic information.
• IP Address: For security, fraud prevention, and approximate geolocation.

1.3 Code Data Processing

When you use Morphcode, we process code context to provide AI assistance. By default, we do not retain your code after processing unless you explicitly opt-in to data retention for improved suggestions. Enterprise customers can configure zero-retention policies.

2. How We Use Your Information

• Provide Services: Process code, generate suggestions, and deliver AI-powered coding assistance.
• Improve Products: Analyze usage patterns to enhance accuracy, speed, and user experience.
• Security: Detect, prevent, and respond to security threats, abuse, and fraudulent activity.
• Communications: Send service updates, security alerts, and (with consent) product announcements.
• Legal Compliance: Fulfill legal obligations and respond to lawful requests.

3. AI Model Training

We do not train AI models on your private code by default. Your code is processed only to generate real-time suggestions and is not used to train or improve our base models unless:

• You explicitly opt-in to contribute anonymized data for model improvement.
• You are using a free tier that requires data contribution (if applicable).

Enterprise and paid plans include contractual guarantees against model training on customer data.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

• Service Providers: Cloud infrastructure (AWS, GCP), payment processing (Stripe), analytics, and support tools under strict data protection agreements.
• AI Model Providers: Code context is sent to AI providers (e.g., Anthropic, OpenAI) to generate responses. These providers are contractually bound not to train on your data.
• Legal Requirements: When required by law, court order, or governmental authority.
• Business Transfers: In connection with mergers, acquisitions, or asset sales, with continued protection of your data.

5. Data Security

We implement industry-standard security measures including:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• SOC 2 Type II certified infrastructure
• Regular third-party security audits and penetration testing
• Role-based access controls and audit logging

6. Data Retention

We retain data only as long as necessary:

• Code context: Deleted immediately after processing (default) or per your retention settings.
• Account data: Retained while your account is active and for 30 days after deletion request.
• Usage analytics: Aggregated and anonymized data may be retained indefinitely.
• Legal holds: Data may be retained longer when required by law or pending litigation.

7. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your personal data.
• Portability: Receive your data in a portable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: Withdraw consent where processing is consent-based.

To exercise these rights, contact us at privacy@subagents.com. We respond to requests within 30 days.

8. International Data Transfers

We process data in the United States and other countries where our service providers operate. For transfers from the EU/EEA/UK, we rely on Standard Contractual Clauses (SCCs) and ensure adequate protection through contractual safeguards. Enterprise customers may request data residency in specific regions.

9. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the CCPA and CPRA:

• Right to know what personal information is collected, used, and disclosed.
• Right to delete personal information (with exceptions).
• Right to opt-out of “sale” or “sharing” of personal information. We do not sell personal information.
• Right to non-discrimination for exercising privacy rights.
• Right to limit use of sensitive personal information.

10. Children's Privacy

Morphcode is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn we have collected data from a child under 16, we will delete it promptly.

11. Cookies and Tracking

We use essential cookies and similar technologies for:

• Authentication and session management
• Security and fraud prevention
• Analytics (with consent where required)

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice on our website. Continued use after changes constitutes acceptance of the revised policy.

13. Contact Us

For questions about this Privacy Policy or our data practices: