Privacy Policy

Last updated: June 24, 2026

1. Who we are and what this covers

Circuitry is a private workspace for creating your own content — code, designs, notebooks, workflows and documents. It is a productivity tool, not a social network or a content-sharing or publishing platform. This policy explains what personal data we handle when you use the Circuitry applications, websites and APIs (the “Service”), and your rights over it.

The Service is operated from the United Kingdom by John Wylie, trading as Circuitry (“we”, “us”). We are the data controller for the personal data described below. We comply with the UK GDPR and the Data Protection Act 2018. This policy forms part of our Terms of Service.

2. Information we collect

  • Account information — your name, email address and authentication details when you sign up or sign in (including via Google sign-in, where you choose it).
  • Your content — the code, designs, files, notebooks, workflows, prompts and other material you create or upload. This is yours; see section 4.
  • Billing information — if you buy a paid plan, your subscription and payment status. Card details are handled by our payment processor; we do not store full card numbers.
  • Technical and usage data — logs, device and browser information, IP address, and anonymous, aggregated usage and analytics that help us operate and improve the Service.
  • Support communications — messages you send us and the records of our correspondence.

3. How we use it, and our lawful bases

  • To provide the Service (perform our contract with you) — create and run your account, store and sync your content, and deliver the features you use.
  • To take payment (perform our contract / legal obligation) — process subscriptions and keep accounting records.
  • To secure and improve the Service (our legitimate interests) — prevent fraud and abuse, diagnose problems, and analyse anonymous, aggregated usage.
  • To communicate with you (contract / legitimate interests) — send service notices, security alerts and support replies.
  • Where the law requires it, or with your consent — for anything not covered above; you can withdraw consent at any time.

4. Your content is private

Your content is private and confidential. We do not sell, publish or share it with third parties, except to run the Service for you (for example, sending the input you submit to an AI feature, plugin or integration you choose to use, or making content available to people you choose to share or collaborate with), with your permission, or where the law requires.

We do not use your content to train AI models. Our staff access your content only where reasonably necessary to operate, secure or troubleshoot the Service, prevent fraud or abuse, comply with law, or to provide support you have requested — and where we view a specific document such as a workflow to help you, we do so only with your request or agreement.

Depending on how you use the Service, your content may be stored locally on your own device and, if you save to the cloud or sign in across devices, on our cloud infrastructure (see section 5).

5. Service providers we use

We use a small number of trusted providers to run the Service. They process data only on our instructions, under contract, and only as needed for their function:

  • Supabase — authentication, database and cloud storage for your account and any content you save to the cloud.
  • Vercel — hosting and content delivery for our applications and websites.
  • AI model providers (such as Anthropic, OpenAI and Google) — when you use an AI feature, the input you submit for that feature is sent to the relevant provider to generate a result. If you supply your own provider keys or run a local model, your content goes where you direct it instead.
  • Stripe — payment processing for paid plans.
  • MailerSend — sending transactional email such as sign-up and account messages.

Some providers are based outside the UK, including in the United States. Where personal data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or Addendum and the EU Standard Contractual Clauses. We do not sell your personal data, and we do not share it with advertising networks.

6. How long we keep it

We keep account data for as long as your account is active and for a reasonable period afterwards. Your content is kept until you delete it or close your account, after which it is removed from active systems and cycles out of routine backups. We keep limited records longer where the law requires it — for example billing and accounting records, and a record of which version of our Terms you accepted, kept as legal evidence.

7. Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and limiting who can access content to what is needed to run the Service. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your data and to notify you and the regulator of any breach where the law requires.

8. Your rights

Under UK data protection law you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased;
  • restrict or object to how we process it;
  • receive your data in a portable format;
  • withdraw consent where we rely on it.

To exercise any of these, contact us using section 11. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.

9. Children and education

Circuitry is suitable for use in education by students and teachers. Because it is a private workspace for a user’s own content rather than a social or sharing platform, we collect only the limited personal data needed to provide it.

Where the Service is used by a child, the supervising parent, guardian, teacher or school is responsible for that use and for giving or obtaining any consent required under children’s privacy laws (such as the UK Age Appropriate Design Code and the U.S. Children’s Online Privacy Protection Act). We do not knowingly collect more personal data from a child than is needed to provide the Service. A parent, guardian or school can ask us to access or delete a child’s data using the contact details below.

10. Cookies and local storage

We use cookies and similar technologies that are essential to run the Service — for example to keep you signed in — and to measure anonymous, aggregated usage so we can improve it. We do not use third-party advertising or cross-site tracking cookies. The Service also stores data locally on your device (such as in your browser) to work offline and keep your workspace responsive. You can control cookies through your browser settings.

11. Changes and contact

We may update this policy from time to time. For material changes we will give reasonable notice and update the “Last updated” date above.

Questions or requests about this policy or your data:
Email: privacy@circuitry.dev
Website: https://www.circuitry.dev