Legal

Privacy Policy

Effective date: February 17, 2026

Overview

Spatial ("we", "our", or "us") provides an AI-native coding platform — including the Spatial desktop application and web dashboard. This policy explains what data we collect, why we collect it, and how we handle it.

We built Spatial with a strong preference for keeping your code on your machine. Where data does leave your device, we are explicit about it below.

Information we collect

Account information

When you create an account, we collect your email address and, optionally, your name. We use this to authenticate you, send service-related communications, and manage your subscription.

Usage data

We record metadata about your use of the service: model requests, token counts, session counts, and feature interactions. This data is used to enforce plan limits, improve the product, and generate your usage dashboard. We do not log the content of your prompts or the code the agent produces.

Code context sent to AI providers

When you use Spatial's AI features, relevant portions of your code — the files, selections, or context you provide — are transmitted to one or more third-party AI model providers (such as Anthropic, OpenAI, Google, and others) to generate a response. We do not store these payloads on our servers. However, the AI providers' own data handling policies apply. See "Third-party AI providers" below.

Payment information

Billing is handled by Stripe. We do not store your card number or full payment details. We receive and store a Stripe customer ID, subscription status, and billing history so we can manage your plan.

API keys

If you choose to bring your own API keys, those keys are stored encrypted at rest and are never logged or transmitted beyond what is necessary to authenticate requests to the respective provider on your behalf.

Technical and device data

When you use the web dashboard, we collect standard server logs: IP address, browser user-agent, and request timestamps. These are used for security, abuse prevention, and debugging. Logs are retained for 90 days.

How we use your information

  • To provide and maintain the service, including authenticating your account and enforcing plan limits
  • To process billing and manage subscriptions
  • To send transactional emails (account verification, password resets, billing receipts)
  • To monitor for abuse, security incidents, and service reliability issues
  • To improve the product using aggregated, anonymized usage patterns

We do not sell your data. We do not use your data for advertising.

Third-party AI providers

Spatial routes AI requests through multiple model providers depending on your plan and the model you select. Current providers include Anthropic, OpenAI, Google, Meta, Mistral, xAI, DeepSeek, and OpenRouter. Each provider has its own privacy policy and data retention practices. We strongly recommend reviewing the privacy policies of the providers whose models you use.

By using Spatial's AI features, you acknowledge that code context submitted to those features will be processed by the selected provider. Do not submit code that contains secrets, credentials, or data you are not authorized to share with third parties.

Data sharing

We share your data only in these circumstances:

  • AI providers — code context is transmitted to the model provider you have selected, as described above
  • Stripe — payment processing
  • Legal obligations — if required by law, court order, or to protect the rights and safety of users or the public
  • Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction

Data retention

We retain account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or needed for legitimate business purposes (such as billing dispute resolution).

Usage metadata (token counts, session counts) may be retained in aggregate, anonymized form indefinitely for product improvement purposes.

Security

We use industry-standard security practices: encryption in transit (TLS), encryption at rest for sensitive values (API keys, tokens), and access controls limiting which team members can access production data. No system is perfectly secure; we will notify you promptly if a breach affects your data.

Your rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your account and associated data
  • Export your data in a portable format
  • Opt out of non-essential communications

To exercise any of these rights, email us at legal@spatial.dev.

Cookies

We use essential cookies to maintain your session and remember your preferences (theme, locale). We do not use third-party tracking or advertising cookies.

Children's privacy

Spatial is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

Changes to this policy

We may update this policy as the product evolves. We will notify you of material changes via email or a prominent notice in the app at least 14 days before they take effect. The effective date at the top of this page reflects the most recent update.

Contact

Questions about this policy? Email us at legal@spatial.dev.