Back to Legal Documents

Privacy Policy

Effective Date: July 1, 2025 | Last Updated: July 1, 2025

1. Introduction

Copper Sun Content and Creative, LLC ("Company", "we", "us", "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and protect your information when you use Copper Sun Brass ("Service", "Software", "Brass").

Key Principle

Copper Sun Brass is designed with privacy-by-design architecture, prioritizing local data storage and minimal data collection.

2. Information We Collect

2.1 Information You Provide

  • License Information: Email address associated with license purchases (collected by LemonSqueezy)
  • API Keys: Claude API key for AI functionality (stored locally only)
  • User Preferences: Name, visual theme, verbosity settings (optional, stored locally)

2.2 Automatically Collected Information

  • Project Metadata: File paths, modification timestamps, project structure
  • Analysis Results: Code patterns, TODO items, security findings, complexity metrics
  • Usage Statistics: Number of files analyzed, analysis duration, cache performance
  • Configuration Data: Installation timestamp, setup mode, license activation details

2.3 Information We Do NOT Collect

  • No Analytics: We do not use Google Analytics, Mixpanel, or similar tracking services
  • No Telemetry: We do not automatically transmit usage data to our servers
  • No Behavioral Tracking: We do not track your development patterns or habits
  • No Personal Identification: We do not collect personal information beyond license email

3. How We Use Your Information

Lawful Basis: We process your personal data based on:

  • Contract Performance: To provide the Service you've subscribed to
  • Legitimate Interest: To improve service functionality and security
  • Consent: For optional features like user preferences

3.1 Service Functionality

  • Code Analysis: Analyze your project files for patterns, issues, and recommendations
  • AI Enhancement: Provide context to AI coding assistants like Claude Code
  • License Management: Validate and manage your subscription status
  • Performance Optimization: Cache analysis results to improve response times

3.2 Service Improvement

  • Error Diagnosis: Debug and resolve technical issues
  • Feature Development: Understand usage patterns to improve functionality
  • Quality Assurance: Ensure accurate analysis and recommendations

4. Data Storage and Location

4.1 Local Storage (Primary)

Your Machine: Most data is stored locally on your device:

  • Global Configuration: ~/.brass/config.json (API keys, preferences)
  • Project Data: .brass/ directories in your projects (analysis results, context)
  • Database: ~/.brass/projects/[hash]/ (SQLite database with observations)
  • Cache: ~/.brass/claude_cache/ (cached AI responses)

4.2 File Permissions and Security

  • Secure Storage: Configuration files use 600 permissions (user read/write only)
  • Directory Protection: .brass/ directories use 700 permissions
  • Git Integration: Automatically adds .brass/ to .gitignore to prevent accidental commits

4.3 No Cloud Storage

We do not store your project data, code, or analysis results on our servers.

5. Data Sharing and Third-Party Services

5.1 Claude API (Anthropic)

Purpose: AI-powered code analysis and recommendations
Data Controller Role: You are the data controller for code analysis data; we act as your processor
Data Sent:

  • Code snippets (truncated to ≤500 characters)
  • File paths and project context
  • Analysis requests for recommendations

Data Protection:

  • Your API key is stored locally and used directly with Anthropic
  • We do not store or access your Claude API communications
  • International transfers to Anthropic are covered by Standard Contractual Clauses
  • Subject to Anthropic's Privacy Policy: https://www.anthropic.com/privacy

5.2 LemonSqueezy (Payment Processing)

Purpose: Subscription billing and license management
Data Shared:

  • License key validation requests
  • Instance name ("Brass CLI")

Data Protection:

5.3 No Other Third Parties

We do not share your information with any other third-party services, analytics providers, or data brokers.

6. Data Retention and Deletion

6.1 Retention Periods

  • Project Data: Stored locally until you delete it
  • Analysis Results: Maximum 180-day retention with automatic cleanup (configurable to shorter periods)
  • Cache Data: Claude API responses cached for maximum 24 hours
  • License Data: Retained only while subscription is active, deleted within 30 days of cancellation

6.2 Data Deletion

You have complete control over your data:

  • Manual Deletion: Delete .brass/ directories at any time
  • Uninstall Command: brass uninstall removes all data and credentials
  • Selective Cleanup: Configure retention policies for automatic cleanup

6.3 Account Deletion

To delete all data associated with your account:

  1. Run brass uninstall --all to remove local data
  2. Cancel your subscription through LemonSqueezy
  3. Contact us to remove any remaining license data

7. Data Protection and Security

7.1 Local Security Measures

  • File Permissions: Restricted access to configuration files
  • API Key Protection: Keys stored locally with secure permissions
  • Data Sanitization: Automatic removal of sensitive information from logs

7.2 Privacy Controls

  • Data Anonymization: Personal identifiers hashed or removed from stored data
  • Sanitization Patterns: Automatic detection and removal of:
    • Email addresses
    • API keys and tokens
    • IP addresses
    • File paths (replaced with [FILE_PATH] in logs)

7.3 GDPR Compliance

For users in the European Union:

  • Data Portability: Export your data using built-in commands
  • Right to Deletion: Complete data removal capabilities
  • Data Minimization: We collect only necessary information
  • Transparent Processing: This policy explains all data practices

8. Your Rights and Choices

8.1 Access and Control

You have the right to:

  • Access: View all locally stored data in .brass/ directories
  • Modify: Change preferences and configuration at any time
  • Export: Use built-in export commands for data portability
  • Delete: Remove all data using uninstall commands

8.2 API Key Management

  • Your Responsibility: You control your Claude API key
  • Local Storage: We store your key locally only
  • Removal: Remove API key using brass config commands

8.3 Opt-Out Options

  • Disable Features: Turn off specific analysis features
  • Offline Mode: Use core functionality without AI integration
  • Data Retention: Configure cleanup and retention policies

9. Cookies and Tracking

9.1 Website

Our website (brass.coppersun.dev) does not use:

  • Cookies for tracking
  • Analytics scripts
  • Third-party tracking pixels

9.2 Software

The Copper Sun Brass software does not:

  • Set cookies or tracking files
  • Phone home with usage data
  • Include analytics or telemetry

10. Children's Privacy

Copper Sun Brass is intended for professional developers and is not directed at children under 13. We do not knowingly collect personal information from children under 13.

11. International Data Transfers

Local Data: Since most data is stored locally on your device, there are no international data transfers of your project data or analysis results.

Third-Party Transfers:

  • Claude API: Transfers to Anthropic (US) are protected by Standard Contractual Clauses and Anthropic's adequacy measures
  • LemonSqueezy: License validation transfers subject to LemonSqueezy's international transfer policies

EU Representative: For EU users, inquiries may be directed to our service provider or directly to us at [email protected]

12. Data Breach Notification

In the unlikely event of a data breach affecting our systems (which contain minimal user data), we will:

  • Notify affected users within 72 hours
  • Provide details about the incident and data involved
  • Offer guidance on protective measures

Given our local-first architecture, most user data would not be affected by our system breaches.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification to license holders
  • Updates in the software
  • Posting on our website

Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Information

For privacy-related questions or concerns, contact us at:

Privacy Officer
Copper Sun Content and Creative, LLC
Email: [email protected]
Support: [email protected]

Data Protection Requests:
For GDPR or other data protection requests, please include "Data Protection Request" in your email subject line.

Last Updated: July 1, 2025

Back to Legal Documents
Terms of ServiceAcceptable Use