Smoke test required

...

← Back to documentation

Legal

Privacy Policy

Effective date: **[DATE OF FIRST PUBLIC FLIP]**. Last updated: **2026-04-29**.

source: docs/legal/PRIVACY_POLICY.md

This Privacy Policy describes how Ensemble (“we”, “us”, “our”) collects, uses, shares, and protects information when you use our website, dashboard, Studio generator, and related services (collectively, the “Service”).

We operate from British Columbia, Canada and design this policy to be consistent with the Personal Information Protection and Electronic Documents Act (PIPEDA), British Columbia’s Personal Information Protection Act (BC PIPA), and — for visitors located in the European Economic Area or the United Kingdom — the General Data Protection Regulation (GDPR) and UK GDPR.

1. Who we are

Ensemble is a solo-developer creator-platform project. The data controller for purposes of GDPR is the developer of Ensemble. You can reach us at privacy@ensemble.tld.

2. Information we collect

We collect the categories of information described below. We collect only what we need to operate the Service.

2.1 Information you provide directly

  • Email addresses — when you join our waitlist, contact us, or create an account.
  • Account profile information — username, display name, profile bio (when you create an account).
  • GitHub OAuth credentials — when you choose to link your GitHub account, we receive an OAuth access token, the granted scopes, and your GitHub handle. We do not receive your GitHub password.
  • Anthropic BYOK API keys — if you choose to provide your own Anthropic API key for Studio generation, we store it (encrypted at rest) so you can use the generator without re-entering the key on every visit.
  • Studio prompt content — the answers you give to the three first-run questions and any subsequent prompts you submit. This content is transmitted to the Anthropic API to generate your Studio output.
  • Support communications — anything you send us via email or our contact form.

2.2 Information we collect automatically

  • IP addresses — recorded in general server logs and in the /ensemble/cta-clicked JSONL log when you click the “Generate your Studio” button. We use IP for rate-limiting, abuse prevention, and aggregate analytics.
  • Browser metadata — user agent, referrer, and request timestamps in general server logs.
  • Browser localStorage — we store a few small values in your browser: DASHBOARD_TOKEN (your auth token, on devices that have paired with the control panel), your theme preference (ENSEMBLE_THEME, ENSEMBLE_BG), the dismissed-cookie-banner flag (cookie-consent), and the first-run-seen flag (ensemble:first-run-seen). localStorage values stay on your device unless you explicitly send them to us.

2.3 Information we do not collect

  • We do not use third-party advertising cookies.
  • We do not run cross-site tracking scripts.
  • We do not buy or sell personal data.

3. How we use your information

We use information for the following purposes (and only these):

Purpose Categories used Lawful basis (GDPR)
Operating the Service (auth, generating Studios, persisting your work) Account info, GitHub creds, BYOK key, prompt content, IP Contract (Art. 6(1)(b))
Preventing abuse (rate limits, AUP enforcement) IP, request logs Legitimate interest (Art. 6(1)(f))
Communicating product updates (only if you opt in) Email Consent (Art. 6(1)(a))
Responding to support and legal requests Whatever you sent us Legitimate interest / Legal obligation

We do not use your prompt content to train models. We do not share prompt content with anyone other than the third-party processor needed to generate your Studio (currently Anthropic — see §5).

4. Cookies and similar technologies

We use a very small number of strictly-functional storage mechanisms. We do not use third-party advertising cookies or cross-site tracking. See our separate Cookie Policy for the full breakdown.

If you are visiting from the EEA or UK, the cookie banner gives you the opportunity to dismiss the notice; non-essential storage will not load until you do.

5. Third-party processors

We share your information only with the third parties below, and only to the extent needed to operate the Service. Each processor is bound by its own privacy commitments.

Processor What they receive Purpose
Anthropic, PBC (Claude API) Studio prompt content + your BYOK key (when you provide one) Studio generation
GitHub, Inc. OAuth handshake metadata Authenticating your GitHub link
Cloudflare, Inc. (CDN + auth, pending) Request metadata, IP Edge delivery, DDoS protection

We do not share your data with advertisers, data brokers, or analytics networks.

6. International transfers

Your data may be processed in countries other than yours, including the United States (Anthropic, GitHub, Cloudflare). Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.

7. Retention

  • Account data: retained for the lifetime of your account.
  • Server logs: retained 90 days.
  • CTA click logs (/ensemble/cta-clicked): retained 90 days, then aggregated.
  • Deletion requests: processed within 30 days of a verified request.

8. Your rights

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate personal information.
  • Delete your personal information (subject to limited exceptions, e.g. legal hold).
  • Export your personal information in a portable format.
  • Withdraw consent at any time (where we rely on consent).
  • Object to processing based on our legitimate interests.
  • Lodge a complaint with your supervisory authority (in Canada: the Office of the Privacy Commissioner; in BC: the Office of the Information and Privacy Commissioner for BC; in the EEA/UK: your national DPA).

To exercise any right, email privacy@ensemble.tld. We will verify your identity (typically by confirming control of the email on file) before acting.

9. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. Paid plans require the age of majority in your jurisdiction (see Terms of Service).

10. Security

We protect data with reasonable technical and organizational measures — TLS in transit, encryption at rest for sensitive fields (BYOK keys, OAuth tokens), least-privilege access, and limited retention. No system is perfectly secure; if we learn of a breach affecting your information we will notify you in line with applicable law.

11. Changes

If we make material changes to this Privacy Policy, we will notify you via email (where we have one) and post a banner on the dashboard for 30 days. The “Last updated” date at the top is authoritative.

12. Contact

  • Privacy questions / rights requests: privacy@ensemble.tld
  • General contact: hello@ensemble.tld
  • Mailing address: [PHYSICAL MAILING ADDRESS PENDING DOMAIN REGISTRATION]

Subject to attorney review before billing. This Privacy Policy is a templated baseline drafted by the Ensemble team without formal legal counsel. We will engage Canadian privacy counsel to review and refine this policy before charging users for any paid feature. If you spot something off, email privacy@ensemble.tld.