Legal
Privacy Policy
Draft. Last updated 2026-04-22
This is a plain-English draft that describes our current posture. A formal, counsel-reviewed policy ships alongside our first paid contracts. Enterprise prospects can request the full draft and DPA at founders@heimwall.ai.
What HeimWall collects
Redacted metadata only. Each classification event contains a category label (Secret, PII, ProprietaryCode, CustomerData, Other), a severity (Info → Critical), a timestamp, the originating tool (Cursor / Claude Code / Copilot / Windsurf), a character count, and a SHA-256 hash of the prompt for deduplication. Account data we hold: org name, user email, role, org-assigned seat. For waitlist signups, we hold your email and role only.
What HeimWall does not collect
Raw prompt bodies. File contents. Keystroke streams. Screen contents. Clipboard history. IDE file paths. Commit contents. Browsing history. These never leave your machine by default, and are not transmitted, logged, or stored in HeimWall's cloud. Investigation Mode is the sole exception. See the FAQ for the gating controls and audit trail that apply.
How long we keep data
Hot: 90 days of per-event metadata is queryable at full fidelity. Cold: 180 days additional, compressed and archive-priced. Beyond 270 days, only aggregated org-level trends are retained (no per-engineer attribution). Customers on Enterprise can configure shorter retention. Investigation Mode records are retained for the agreed legal-hold period per contract.
Sharing and subprocessors
HeimWall does not sell data. Subprocessors are disclosed in our Subprocessors page (in preparation) and include Supabase (primary database), ClickHouse Cloud (analytics), Clerk (auth), Vercel (dashboard hosting), Fly.io (API hosting), Resend (transactional email), and Anthropic (AI features via their zero-retention endpoint). Each is bound by a DPA.
Your rights
Access, correction, deletion, and export requests are supported for every user. Email founders@heimwall.ai. We reply within five business days. GDPR, CCPA, and AB 1651 rights are honored.
Contact
Privacy questions: founders@heimwall.ai. General inquiries: founders@heimwall.ai.