Privacy Policy

Last updated: June 16, 2026

This is a plain-language summary of how Dry Codes works. It is not legal advice, and it does not replace any separate agreement you may have with us.

Introduction

Dry Codes, operated by Maximilian Nussbaumer, indexes your code so AI agents can find and reuse it instead of repeating it. This policy explains what we collect, why we collect it, and what we do (and do not) keep.

What we collect

• GitHub identity. When you use "Sign in with GitHub", we receive your GitHub user id, login, and email.
• GitHub access and refresh tokens. Stored encrypted at rest, used only to read the repositories you connect.
• A derived search index of your connected repositories. Tokens, token sequences, file paths, and line numbers, plus vector embeddings computed from your code.
• Usage counters. Request and indexing counts, used for plan limits and billing.
• Billing data via Stripe. We store customer and subscription identifiers. We never store your card number.

We do not store your source code

We fetch your file contents only transiently to compute the derived index and embeddings, then discard the file contents. Only the derived index, the embeddings, and metadata are persisted. We never keep copies of your source files, and the dry_audit tool analyzes a repository in memory without persisting anything.

How we use it

We use the data above to build and serve your search and duplication index and MCP endpoints, enforce your plan's limits, process billing, and operate and secure the service.

Where your data lives

Everything runs on Cloudflare (Workers, KV, D1, Vectorize, Workers AI), so your index, embeddings, and metadata are stored and processed on Cloudflare's global network.

Our subprocessors are:

• Cloudflare (hosting, storage, AI).
• GitHub (authentication and reading the repositories you authorize).
• Stripe (payments).

We do not sell your personal information.

Public repositories

If you choose to index a public repository, its derived index is included in the shared public corpus (available at /mcp/public) so others can search it. Private repositories are isolated per account and are never shared across accounts.

Security

Your credentials are encrypted at rest, each account's data is isolated, and access to your endpoints is controlled by capability tokens, API keys, or OAuth.

Retention and deletion

You can disconnect GitHub or delete your account at any time. Doing so removes your index, your embeddings, and your stored tokens.

Your rights

You can access, correct, export, or delete your data. Contact us and we will help.

Changes to this policy

We may update this policy from time to time. When we do, we will revise the "last updated" date above.

Contact

Questions about this document? Email us at legal@dry.codes.