Privacy Policy

1. Your code stays local

Canopy runs entirely on your machine. Your source code, file paths, queries, tool call inputs/outputs, index contents, symbol tables, and codebase metadata are never transmitted to Gulf Shield Technologies or any third party. All AST parsing, indexing, search, and MCP tool execution happen locally.

2. What we collect

2.1 License heartbeat

Canopy sends a periodic heartbeat (weekly) to our license server to verify your subscription status. The heartbeat contains only what is needed to check the license:

• License key hash (SHA-256) — we never see your key itself
• Canopy version (e.g., "2.0.2")
• Platform (e.g., "linux-x86_64")
• Machine fingerprint hash (SHA-256 of stable hardware identifiers) — used to detect and evict stale seat bindings when a machine is decommissioned or fingerprints drift. Sent on all tiers.
• Team identifier — Team tier only, used to enforce seat limits within a team.

All identifying values above are irreversible hashes. We never receive raw license keys, raw hardware identifiers, machine names, usernames, IP addresses (beyond Cloudflare's standard operational logs), or any data from the codebase you are indexing.

No source code, file paths, search queries, or tool call data is ever included. The response contains only the license status and a cache-until timestamp. You can inspect the exact payload at any time with canopy config heartbeat show.

Air-Gapped tier binaries have no heartbeat code compiled in. No network calls of any kind occur.

2.2 Purchase and account data

When you purchase or start a trial, we store the following in Cloudflare D1:

• Email address (for license delivery and support)
• License tier and seat count (for feature gating)
• License key hash — SHA-256, not the plaintext key
• Subscription status (for revocation)
• Stripe customer and subscription IDs (for billing support)

2.3 Payment data

All payment processing is handled by Stripe. Card numbers, CVVs, and banking details are entered on Stripe's hosted checkout page. Gulf Shield Technologies never receives or stores raw payment card data. Stripe is a PCI DSS Level 1 Service Provider, the highest compliance tier for payment processors.

3. What we do NOT collect

• Source code or file contents
• File paths or directory structure
• Search queries or tool call logs
• Usage analytics or feature telemetry
• IP addresses beyond Cloudflare's standard operational logs (Cloudflare's Privacy Policy describes their retention; Gulf Shield Technologies does not retain or analyze IPs)
• Location data
• Device identifiers (only irreversible hashes are used for seat binding)

Commitment on future changes. If Gulf Shield Technologies ever changes this Privacy Policy to add new data-collection categories (especially any of the items listed above), we will notify existing Customers by email at least thirty (30) days in advance. Customers who object to material adverse changes may cancel their subscription within 30 days of notice and receive a pro-rata refund for unused service.

4. Local data

Canopy stores configuration and index data locally in the ~/.canopy/ directory. This includes your license information, cached heartbeat responses, user preferences, usage statistics, and per-repository search indexes. None of these files are ever transmitted to Gulf Shield Technologies or any third party. If you contact support, we may ask you to share canopy stats --json output — this is entirely opt-in. Future Canopy features that transmit diagnostic information from your machine will be opt-in by default and disclosed via updates to this Privacy Policy (per Section 3 above).

Delete the ~/.canopy/ directory to remove all Canopy data from your machine.

5. Data retention and deletion

• License records are retained for the duration of the subscription plus five (5) years. This period is based on the Florida statute of limitations for contracts founded on a written instrument (FL Stat. §95.11(2)(b)), ensuring records are available for any potential dispute resolution, chargeback window (Visa/Mastercard chargebacks can reach 540 days), or audit requirement.
• Heartbeat logs are retained for 90 days, then automatically purged.
• Tax and billing records are held by Stripe per their retention policy (typically 7 years) as required for tax reporting. Gulf Shield Technologies does not maintain separate copies of payment card data.
• Local data (~/.canopy/) is entirely under your control. Delete the directory to remove all Canopy data from your machine.

To request deletion of your account data from our systems, email privacy@gulfshieldtech.com from the email address associated with your license (for verification purposes). We will acknowledge deletion requests within ten (10) business days and complete processing within thirty (30) calendar days of receipt, or within one (1) month as required by applicable law (e.g., GDPR Art. 12), whichever is shorter.

6. Your rights

Depending on your jurisdiction (particularly under the EU General Data Protection Regulation, UK Data Protection Act 2018, or California Consumer Privacy Act/CPRA), you may have the right to:

• Access — request a copy of the data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your data (see Section 5)
• Portability — request your data in JSON format via encrypted email or secure download link
• Objection — object to processing of your data

To exercise any of these rights, email privacy@gulfshieldtech.com from the email address associated with your license (for verification). We will acknowledge your request within ten (10) business days and respond substantively within thirty (30) calendar days. If your request is refused (e.g., because we lack data matching your identity or a legal exception applies), we will explain the reason in writing.

7. Third-party services

• Stripe — payment processing (privacy policy)
• Cloudflare — DNS, Pages hosting, Workers compute, D1 database (privacy policy)
• Resend — transactional email delivery (privacy policy)

No other third-party services receive your data. All three providers above are contractually bound as service providers/processors under a written data processing agreement that prohibits them from using personal data for their own purposes, including any use covered by CCPA's "sale" or "share" definitions (Cal. Civ. Code §1798.140).

International data transfers (GDPR Art. 44–46). All Canopy account and license data processed by Cloudflare Workers and D1 is stored in the United States. EU/UK residents: by using Canopy, you consent to the international transfer of your account data to the United States for the purposes described in this policy. Cloudflare's Standard Contractual Clauses (EU Commission Implementing Decision 2021/914) apply automatically through their Data Processing Addendum. No source code, search queries, or codebase content is ever transmitted (see Section 1).

8. Children

Canopy is a developer tool intended for professional use. We do not knowingly collect data from children under thirteen (13), as defined under the US Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §6501), or children under sixteen (16) in the European Union (absent applicable member-state exception, per GDPR Art. 8). If you believe a child has provided us with personal information, contact us and we will delete it.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced via the Canopy blog. The "last updated" date at the top of this page reflects the most recent revision.

10. California Resident Rights (voluntary)

As of 2026, Canopy does not meet the Cal. Civ. Code §1798.140(d)(1) thresholds to qualify as a "business" under the California Consumer Privacy Act (CCPA/CPRA) — we do not have annual revenue above $25 million, process personal information of 100,000+ California residents, or derive 50%+ of revenue from selling/sharing personal information. Accordingly, CCPA does not legally require us to provide certain disclosures.

Nevertheless, as a matter of good practice, we voluntarily extend the following CCPA-style rights to California residents who are Canopy Customers:

• Right to Know — request a disclosure of the personal information we have collected about you (Section 2 above describes our full collection).
• Right to Delete — request deletion of your account information (see Section 5 and Section 6).
• Right to Correct — request correction of inaccurate data (Section 6).
• Right to Opt-Out of Sale/Share — Gulf Shield Technologies does not "sell" or "share" personal information as defined by Cal. Civ. Code §1798.140(ah) (which requires cross-context behavioral advertising). Accordingly, no "Do Not Sell My Personal Information" link is required or provided. This will be updated if our data practices ever change.
• Right to Non-Discrimination — Gulf Shield Technologies will not discriminate against you for exercising any of these rights.

To exercise any of these rights, email privacy@gulfshieldtech.com per the verification process in Section 6.

11. Contact

For privacy questions or data requests:
privacy@gulfshieldtech.com

Gulf Shield Technologies LLC
Florida, United States