PricingFAQStoriesChangelog
GitHub Discord
Start free trial

Privacy Policy

Last updated January 7, 2026

This Privacy Policy explains how Ceedar AI Inc. ("Ceedar", "we", "us", or "our") collects, uses, and protects your information when you use the Cyrus service ("Cyrus" or "Service") available at atcyrus.com.

By using Cyrus, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Policy, please do not use the Service.

Questions? Contact us at privacy@atcyrus.com.

Summary of Key Points

  • What we collect: Account information, Linear issues, GitHub repository access, and usage data
  • How we use it: To provide, improve, and support the Cyrus Service
  • Third parties: We integrate with Linear, GitHub, and Anthropic (Claude Code) to provide the Service
  • Data security: We use encryption, isolated environments, and industry-standard security measures
  • Your rights: You can access, correct, delete, or export your data at any time
  • Data location: Data is processed in Canada and the United States

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. How We Share Your Information
  4. Third-Party Service Integrations
  5. Data Security
  6. Data Retention
  7. Your Rights and Choices
  8. International Data Transfers
  9. Children's Privacy
  10. Changes to This Policy
  11. Contact Us

1. Information We Collect

Information You Provide

Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Organization name (if applicable)
  • Linear workspace information (connected via OAuth)
  • GitHub account information (connected via OAuth)

Payment Information

If you subscribe to a paid plan, we collect payment information through our payment processor (Stripe). We do not store complete credit card numbers. Stripe's use of your payment information is governed by their Privacy Policy.

Communications

When you contact us for support or provide feedback, we collect:

  • Your contact information
  • Content of your communications
  • Any attachments or files you share

Information We Receive from Integrations

Linear Data

When you connect your Linear workspace, we receive:

  • Issue titles, descriptions, and attachments
  • Comments and activity on issues assigned to Cyrus
  • Project and team information
  • User information (names, emails) for team members interacting with Cyrus
  • Workspace metadata

GitHub Data

When you connect your GitHub account, we receive:

  • Repository names and metadata
  • Source code (accessed only when processing assigned issues)
  • Branch information
  • Pull request data
  • Commit history relevant to Cyrus-generated changes

Claude Code Processing

When Cyrus processes an issue, the following data may be sent to Anthropic's Claude Code:

  • Issue content and context
  • Relevant source code from your repositories
  • File structure and project configuration
  • Previous conversation context within the task

Information Collected Automatically

Usage Data

We automatically collect:

  • Log data (IP addresses, browser type, access times)
  • Device information (device type, operating system)
  • Service usage patterns (features used, issues processed)
  • Performance metrics and error logs

Cookies and Tracking

We use essential cookies for:

  • Authentication and session management
  • Security and fraud prevention

We may use analytics cookies (with your consent where required) to:

  • Understand how you use the Service
  • Improve our products and services

2. How We Use Your Information

We use your information to:

Provide and Operate the Service

  • Process Linear issues assigned to Cyrus
  • Access and analyze your GitHub repositories
  • Generate code solutions and create pull requests
  • Update Linear with progress and results
  • Manage your account and subscriptions

Improve and Develop the Service

  • Analyze usage patterns to improve functionality
  • Develop new features and capabilities
  • Debug issues and maintain service reliability
  • Train and improve our systems (using aggregated, anonymized data only)

Communicate with You

  • Send service-related notifications
  • Respond to support requests
  • Provide updates about the Service
  • Send marketing communications (with your consent)

Security and Compliance

  • Protect against fraud and abuse
  • Enforce our Terms of Service
  • Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

Service Providers

We share information with service providers who help us operate the Service:

  • Anthropic: AI code generation (Claude Code) - Issue content, relevant source code, task context
  • Linear: Issue tracking integration - Issue updates, status changes, comments
  • GitHub: Repository access and PR creation - Code changes, branch information, PR metadata
  • Stripe: Payment processing - Payment information
  • AWS: Cloud infrastructure - All service data (encrypted)
  • Analytics providers: Service improvement - Anonymized usage data

Legal Requirements

We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights or property
  • Prevent fraud or security threats
  • Protect the safety of users or the public

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your information.

With Your Consent

We may share information with third parties when you give us explicit consent to do so.

4. Third-Party Service Integrations

Linear

Cyrus integrates with Linear to receive issue assignments and provide status updates. When you connect Linear:

  • We access issues assigned to Cyrus and related workspace data
  • We post updates, comments, and status changes
  • Your use of Linear is subject to Linear's Privacy Policy

GitHub

Cyrus integrates with GitHub to access code and create pull requests. When you connect GitHub:

  • We access repositories you authorize
  • We create branches, commits, and pull requests
  • Your use of GitHub is subject to GitHub's Privacy Policy

Anthropic (Claude Code)

Cyrus uses Anthropic's Claude Code to generate solutions. When processing issues:

  • Issue content and relevant code are sent to Claude Code
  • Anthropic may process this data according to their Privacy Policy
  • We use Claude Code's API, which has data handling practices designed for enterprise use

5. Data Security

We implement robust security measures to protect your information:

Encryption

  • All data is encrypted in transit using TLS/HTTPS
  • Data at rest is encrypted using AES-256

Isolated Environments

  • Each task runs in an isolated Git worktree
  • Parallel issues never conflict or share state
  • Your code is processed in secure, sandboxed environments

Access Controls

  • OAuth-based authentication with Linear and GitHub
  • Webhook signature verification for all incoming requests
  • Role-based access controls for team members
  • Regular access reviews and credential rotation

Infrastructure Security

  • Hosted on AWS with SOC 2 compliant infrastructure
  • Regular security assessments and penetration testing
  • Automated vulnerability scanning
  • Incident response procedures

What We Cannot Guarantee

No method of transmission or storage is 100% secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security.

6. Data Retention

Account Data

We retain your account information for as long as your account is active. Upon account deletion:

  • Personal information is deleted within 30 days
  • Anonymized usage data may be retained indefinitely

Customer Code and Data

  • Active data: Retained while your account is active and you use the Service
  • Upon termination: Deleted within 90 days unless you request earlier deletion or export
  • Backups: May persist in encrypted backups for up to 90 additional days

Logs and Analytics

  • Service logs: Retained for 90 days for debugging and security
  • Analytics data: Retained in anonymized form indefinitely

Legal Requirements

We may retain certain information longer if required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).

7. Your Rights and Choices

Depending on your location, you may have the following rights:

Access and Portability

  • View the personal information we hold about you
  • Export your data in a machine-readable format
  • Request a copy of your data via privacy@atcyrus.com

Correction

  • Update or correct inaccurate information
  • Modify your account details through the Service settings

Deletion

  • Delete your account and associated personal information
  • Request deletion of specific data via privacy@atcyrus.com

Restriction and Objection

  • Restrict processing of your information in certain circumstances
  • Object to processing based on legitimate interests

Withdraw Consent

  • Withdraw consent for optional data processing (such as marketing)
  • Disconnect Linear or GitHub integrations at any time

Marketing Communications

  • Opt out of marketing emails by clicking "unsubscribe" or contacting us
  • Note: You cannot opt out of service-related communications

How to Exercise Your Rights

Contact us at privacy@atcyrus.com to exercise any of these rights. We will respond within 30 days.

Canadian Privacy Rights

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access and correct your personal information.

European Economic Area, UK, and Switzerland

If you are in the EEA, UK, or Switzerland, you have additional rights under GDPR, including:

  • Right to lodge a complaint with your local data protection authority
  • Right to data portability
  • Right to erasure ("right to be forgotten")

We process your data based on:

  • Contract: To provide the Service you requested
  • Legitimate interest: To improve and secure our Service
  • Consent: For marketing and optional features

8. International Data Transfers

Cyrus is operated from Canada. Your information may be transferred to and processed in:

  • Canada (our headquarters)
  • United States (cloud infrastructure and service providers)

For transfers outside your jurisdiction, we use:

  • Standard Contractual Clauses (SCCs) approved by relevant authorities
  • Data Processing Agreements with service providers
  • Other appropriate safeguards as required by law

9. Children's Privacy

The Cyrus Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child, please contact us immediately at privacy@atcyrus.com, and we will delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last updated" date at the top
  • For material changes, we will notify you via email or through the Service
  • The updated policy will be effective as soon as it is posted

We encourage you to review this Policy periodically.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Ceedar AI Inc.
2031 Store Street
Victoria, British Columbia V8T 5L9
Canada

Email: privacy@atcyrus.com

For data protection inquiries from the EU/UK, you may also contact us using the details above.

Data Processing Schedule

If you process personal data using the Cyrus Service, the following terms apply:

Roles and Responsibilities

  • You (the Customer) are the data controller for any personal data in your Customer Data
  • Ceedar acts as a data processor, processing personal data on your behalf

Processing Details

  • Subject matter: Processing to provide the Cyrus Service
  • Duration: Duration of the Agreement
  • Nature and purpose: AI-assisted code generation and issue resolution
  • Types of personal data: Any personal data in Linear issues or GitHub repositories
  • Categories of data subjects: Individuals referenced in Customer Data

Our Obligations as Processor

We will:

  • Process personal data only on your documented instructions
  • Ensure personnel are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Assist you in responding to data subject requests
  • Delete or return personal data upon termination
  • Provide information necessary to demonstrate compliance

Sub-processors

We use the sub-processors listed in Section 3 above. We will notify you of any new sub-processors with an opportunity to object.

Security Measures

We implement the security measures described in Section 5, including:

  • Encryption of data in transit and at rest
  • Isolated processing environments
  • Access controls and authentication
  • Regular security assessments

For a complete Data Processing Agreement, contact legal@atcyrus.com.

Close

Get started with Ceedar

Tell us a bit about your business.

Is your business incorporated?

Does your business have inventory?

You hit a bug! We're working to fix this right away. In the meantime, use this prefilled email to find us directly at hello@ceedar.ai