Legal

Privacy Policy

Last updated: April 12, 2026

Infercast ("we", "us", "our") provides AI telemetry intelligence for engineering teams. This policy explains what data we collect, why, and how we protect it. We believe in transparency and minimal data collection.

1 Data We Collect

Account Information

When you create an account, we collect your name, email address, and organization name. If you sign in via Google OAuth, we receive your name and email from Google. We do not access your Google contacts, calendar, or any other Google service data.

Telemetry Data

Infercast collects usage metrics from AI coding tools (Claude Code, Codex CLI, Gemini CLI) via the OpenTelemetry protocol. This includes: token counts (input, output, cache), model identifiers, session metadata, timestamps, and cost calculations. We calculate costs server-side using our own pricing engine — we never trust client-reported cost data.

Prompt Content (Opt-In Only)

Organizations can optionally enable prompt capture. When enabled, prompt content is sanitized through our PII redaction pipeline before storage, which strips emails, API keys, secrets, and 20+ sensitive patterns. Prompt capture is disabled by default and must be explicitly enabled by an organization administrator.

Engineering Metrics

If you connect a GitHub integration, we collect pull request metadata (titles, merge times, line counts, review turnaround). We do not read source code or file contents.

IP Addresses & Geolocation

We process developer IP addresses to derive approximate city-level location for the globe visualization. IP addresses are not stored long-term. Geolocation is performed via OpenStreetMap's Nominatim service.

2 How We Use Your Data

  • Dashboards & Analytics — to display cost breakdowns, usage trends, and developer activity in your organization's dashboard.
  • Alerts — to evaluate budget thresholds and anomaly detection rules you configure.
  • AI Insights — to generate usage pattern analysis and optimization recommendations for your team.
  • Product improvement — aggregated, anonymized metrics to improve Infercast. We never sell individual data.

3 Data Storage & Retention

Account data (users, organizations, settings) is stored in PostgreSQL with encryption at rest. Telemetry metrics are stored in ClickHouse with configurable retention periods:

Data Type Default Retention Configurable
Usage metrics 365 days Yes (Enterprise)
Request logs 90 days Yes (Enterprise)
Prompt content 30 days Yes
Audit logs 365 days No

4 Data Sharing

We do not sell your data. We do not share your data with third parties for advertising. We use the following service providers to operate Infercast:

  • Stripe — payment processing (receives only billing information)
  • Sentry — error tracking (receives anonymized error reports, no PII)

Your telemetry data is never sent to these providers. It stays within our infrastructure.

5 Your Rights

You can exercise the following rights at any time from your account settings or by contacting us:

  • Access — export all your organization's data in CSV or JSON format.
  • Deletion — request complete erasure of your account and all associated data, including telemetry stored in ClickHouse. GDPR erasure requests are processed within 30 days.
  • Portability — download your data in a machine-readable format at any time.
  • Correction — update or correct your account information from Settings.

6 Security

We use industry-standard security measures including: TLS encryption in transit, encryption at rest for sensitive fields, rate limiting on all endpoints, role-based access controls, and audit logging of administrative actions. Passwords are hashed with bcrypt. API keys are stored as SHA-256 digests — we never store raw keys.

7 Cookies

We use a single session cookie (_infercast_session) for authentication. We do not use advertising cookies, tracking pixels, or third-party analytics. We do not use Google Analytics.

8 Changes to This Policy

We'll notify you of material changes via email or an in-app notice at least 30 days before they take effect. Minor clarifications may be made without notice.

Questions about your data?

Contact Us