Skip to content

Privacy Policy

Last updated: March 6, 2026

This Privacy Policy explains how vem ("vem", "we", "us") collects, uses, and shares information when you use the vem website and the hosted vem Cloud service (the "Service").

Scope

vem includes open-source components (CLI, MCP server, and shared libraries) and a hosted cloud layer for sync, indexing, and search. If you use vem locally without connecting to the Service, information stays on your machine; this policy primarily applies to our website and hosted Service.

Information We Collect

Account and workspace information

  • Email address and authentication identifiers (for sign-in).
  • Workspace data you provide in the product (e.g., organization name, project settings).

Project and repository content you choose to sync or index

vem is local-first. If you connect a repository (for example via a GitHub App) or push snapshots from the CLI, we may receive and store:

  • Memory artifacts stored under .vem/ such as tasks, decisions, changelog entries, and context.
  • Repository metadata (e.g., commit hashes, diffs, branches) to support verification and citations.
  • Repository file contents that you authorize us to index for search (we ignore common build output, skip many binary formats, and apply size limits).

The CLI and services include secret-scanning and redaction logic intended to reduce accidental collection of secrets in snapshots. You are still responsible for ensuring you do not submit sensitive information you do not intend to share.

Commercial information (when enabled)

During MVP, public pricing is not published. If commercial features are enabled later, payments are processed by third-party providers. We receive commercial metadata such as subscription status and customer identifiers; we do not store full payment card numbers.

Usage and device information

We collect standard log data from requests to the Service (e.g., IP address, request metadata, timestamps) for security, debugging, and operational reliability.

How We Use Information

  • Provide, maintain, and improve the Service (sync, indexing, search).
  • Generate embeddings and derived indexes that power semantic search and analytics.
  • Verify "pending" snapshots against Git pushes to mark them "verified" and provide citations.
  • Authenticate users, prevent abuse, and secure the platform.
  • Send transactional emails (e.g., verification and service notices).

AI and Automated Processing

To provide semantic search and certain automation features, we may process parts of your content with machine learning models (for example to create vector embeddings or structured summaries). This processing may be performed using third-party model providers, depending on configuration and deployment.

How We Share Information

We share information only as needed to operate the Service, including:

  • With service providers that help us run the Service (for example: Supabase for authentication, payment providers if enabled, Resend for email delivery, and cloud infrastructure providers for hosting).
  • With Git providers you connect (for example GitHub) to receive webhooks and authorized repository data.
  • With model providers when embeddings or other ML processing is enabled (for example Google Gemini), limited to the content necessary to provide those features.
  • To comply with law, enforce our terms, or protect the rights and safety of users and the Service.

Data Retention

We retain information for as long as necessary to provide the Service, to comply with legal obligations, and to resolve disputes. If you delete your account, we will take steps to delete or de-identify personal information within a reasonable timeframe, subject to technical and legal constraints.

Security

We use reasonable technical and organizational measures designed to protect information. No system is perfectly secure, and we cannot guarantee absolute security.

Cookies and Session Data

We use strictly necessary cookies to manage authentication sessions (via Supabase). These cookies are required for the Service to function and cannot be disabled when using the authenticated product. We do not use tracking, advertising, or analytics cookies.

Your Rights

Depending on your location, you may have rights regarding your personal information under applicable privacy law (including the GDPR and CCPA/CPRA):

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to legal and operational constraints.
  • Portability: Request a machine-readable export of personal information we hold about you.
  • Opt-out of sale or sharing: We do not sell or share personal information for cross-context behavioral advertising.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us via our contact page. We will respond within the timeframe required by applicable law.

Your Choices

  • Access, correction, and deletion requests: contact us and we will work with you to fulfill requests consistent with applicable law.
  • Repository connections: you can disconnect integrations (such as GitHub) to stop future access and indexing.

Contact

Questions about this policy or privacy requests can be submitted via our contact page.