Legal

Privacy Policy

Effective April 26, 2026

Overview

Operon (“we”, “us”, “our”) builds a command center for AI-assisted development. This policy explains what data we collect when you use the Operon desktop application and web dashboard at operonapp.dev, how we use it, and the controls you have over it.

Data we collect

Account data

When you create an account we collect your email address and, if you sign in via OAuth, the name and avatar provided by GitHub or Google. We never see or store your OAuth passwords.

Session metadata (opt-in cloud sync)

If you enable cloud sync, Operon uploads session metadata to our Supabase-hosted database: event traces, task titles, decisions, token counts, and session names. Your source code is never uploaded. Sync is off by default and can be disabled at any time from Settings.

Waitlist

If you submit your email on the waitlist form we store that address solely to send you an access invite. We do not share it with third parties or send marketing email beyond the invite.

Usage telemetry (opt-in)

The desktop app includes an opt-in error reporter (Sentry). It captures stack traces and device metadata when the app crashes. It is disabled by default; you opt in from the Settings page and can revoke consent at any time.

Log data

Our web servers automatically record your IP address, browser user-agent, and the pages you visit. We retain this for up to 30 days for security and abuse-prevention purposes.

How we use your data

  • Authenticate you and maintain your session
  • Sync session metadata across your devices when you opt in
  • Send you a waitlist invite or approval notification
  • Diagnose crashes and improve reliability (opt-in telemetry only)
  • Detect and prevent abuse of the waitlist and API endpoints

We do not sell your data. We do not use it for advertising.

Data storage and security

Account data and opt-in sync records are stored in Supabase (hosted on AWS infrastructure in the EU). All data is encrypted in transit (TLS) and at rest. Row Level Security policies ensure each user can only read their own records.

Local session data on your machine is stored in a SQLite database inside your application data directory. We have no access to this data unless you enable sync.

Third-party services

  • Supabase — database and authentication (privacy policy)
  • Resend — transactional email for access invites (privacy policy)
  • Sentry — opt-in crash reporting (privacy policy)
  • Dodo Payments — payment processing. We never see or store your card details.

Your rights

You can request a copy of your data, ask us to correct inaccuracies, or ask us to delete your account and all associated data at any time by emailing hello@operonapp.dev. We will respond within 30 days. If you are in the EU or UK you also have the right to lodge a complaint with your local supervisory authority.

Cookies

We use a single session cookie (operon_status) to cache your account approval state for up to 2 minutes so the middleware does not hit the database on every request. We do not use advertising or analytics cookies.

Children

Operon is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has submitted data to us, contact us at hello@operonapp.dev and we will delete it.

Changes to this policy

We may update this policy as the product evolves. Material changes will be announced on the changelog page and, where required, by email. Continued use after the effective date constitutes acceptance of the revised policy.

Contact

Questions about this policy: hello@operonapp.dev