Privacy Policy

LiveMerge (livemerge.dev) is operated by Andineering. For anything privacy-related, contact andy@andineering.com.

• Account data — email address, display name, and (if you sign in with Google) your Google account's basic profile. Passwords are stored hashed; we never see them in plaintext.
• Workspace content — sessions, reference goals, requests, chat messages, decisions, and task metadata you and your workspace members create.
• Usage data — product events, page views, device and browser information, error reports, and session replays collected via PostHog. Replay recordings mask input fields by default.
• Payment data — when paid plans launch, checkout is handled by Paddle as merchant of record. We receive subscription status and transaction references; we never store card numbers.
• Daemon telemetry — when you pair the livemerge-bridge daemon, we process pairing status, heartbeats, dispatch envelopes, and task results the daemon reports back. We do not scan or upload your local files beyond what the coding agent's results include.

• To run the product — your request text, session history, and prior decisions are sent to Anthropic's Claude API to derive task graphs and conflict analyses. Derived graph state is mirrored to our realtime provider so your team sees live updates.
• To communicate — transactional email only (verification, password reset, workspace invites) via Resend. No marketing email without separate consent.
• To improve and debug — analytics, error tracking, and session replays help us find broken flows during early access.
• To bill — credit consumption is recorded in a per-workspace ledger; payment processing happens at Paddle.

We do not sell your data, and we do not use your content to train AI models.

We rely on these providers to operate the Service:

• Vercel — application hosting (US)
• Supabase — database hosting (AWS ap-northeast-1, Tokyo)
• Anthropic — AI processing of request/session text (US)
• PostHog — analytics, error tracking, session replay (US)
• Resend — transactional email (US)
• Liveblocks — realtime presence and broadcast (EU/US)
• Paddle — payments, merchant of record (UK), once paid plans launch

Using the Service involves transferring data to these providers, including outside your country of residence.

Workspace content is kept while the workspace exists. Deleting a session permanently removes its requests, decisions, chat, task runs, and pairings. To delete your account and associated personal data, email us — we will action it within 30 days, except for records we must keep for legal or billing purposes. Analytics data is retained per PostHog's standard retention.

All traffic is encrypted in transit (TLS). Task dispatches to your daemon are signed with Ed25519 keys so the daemon only executes envelopes originating from our server. Access to production systems is limited to the operator. No system is perfectly secure — report vulnerabilities to andy@andineering.com.

We use cookies for authentication sessions (better-auth) and a first-party analytics identifier (PostHog). We don't run third-party advertising trackers.

Depending on where you live (e.g. GDPR, PIPA), you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. Email andy@andineering.com and we'll respond within 30 days.

The Service is not directed at children under 14 and we do not knowingly collect their data.

We may update this policy as the Service evolves (for example, when paid plans launch). Material changes will be announced in the product or by email. See also our Terms of Service.