profuncbeta
Back to Home

Privacy Policy

Last updated: March 29, 2026

1. Introduction

profunc ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website, VS Code extension, sign-in flows, billing pages, and related paid or hosted features (collectively, the "Services").

2. Information We Collect

2.1 Product and Profiling Data

When you use profunc for local profiling or backend investigation workflows, the Services may process information such as:

  • Function execution time and performance metrics
  • Call counts, traces, and profiling history
  • Function and class names, signatures, route context, and file context
  • Architecture or system-mapping context generated from your project

Note: A substantial portion of this data is designed to stay on your machine. If you choose hosted, synced, or AI-powered features, relevant portions may be transmitted to us or our service providers so the requested feature can work.

2.2 Code and Workspace Data for AI Features

When you use AI-powered features, we may send limited code or workspace context necessary to generate the requested output, such as:

  • Function and class names from your codebase
  • File structure and architectural information
  • Code snippets, prompts, or surrounding context relevant to the task

We try to limit what is sent to what is reasonably necessary for the feature you invoke. Third-party model providers process this information under their own terms and privacy practices.

2.3 Website and Service Analytics

We may collect analytics and diagnostics information such as:

  • Page views, referrers, and high-level traffic patterns on profunc.dev
  • Browser, device, and runtime information
  • Feature usage statistics and aggregate interaction data
  • Error logs and crash reports

This information helps us understand traffic, troubleshoot issues, and improve the Services. Where practical, we use analytics in aggregate or pseudonymous form.

2.4 Account and Authentication Data

If you sign in or use an account-linked workflow, we may process:

  • Email address
  • Authentication provider identifiers
  • Basic profile information returned by your provider, such as a display name
  • Session and account state needed to keep you signed in

We use this information to authenticate you, maintain your session, and associate product access with the correct account and subscription records.

2.5 Billing and Subscription Data

If you purchase or manage a Pro subscription, we may process:

  • Billing email address
  • Customer, checkout, and subscription identifiers
  • Selected plan, billing status, and subscription history
  • Transaction metadata and limited tax or country information when required

Payment information is handled by our payment processor. We do not store your full card number on our own systems.

2.6 User-Provided API Credentials

If a workflow allows you to provide your own third-party API credentials, such as an OpenAI, Anthropic, Google Gemini, or AWS Bedrock API key, we do not collect those credentials through the marketing site or checkout flow. Whether a specific key remains local or is transmitted will depend on the feature you use and any in-product disclosure shown at the time.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Services
  • Authenticate users and maintain account sessions
  • Process profiling requests and support product workflows
  • Deliver hosted, synced, or AI-powered features
  • Process payments and manage Pro subscriptions
  • Improve the Services, performance, and user experience
  • Send important updates, security alerts, and service notifications
  • Respond to support requests and troubleshoot issues
  • Detect, investigate, and prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations and enforce our terms

4. Data Storage and Security

We use reasonable technical and organizational measures to protect your data, including:

  • Local Storage: Some profiling or investigation data may be stored locally on your machine
  • Cloud Systems: Account, billing, and hosted-feature data may be stored by us or our service providers
  • Secure Transmission: Data sent between systems is transmitted using HTTPS or similar secure channels
  • Access Controls: Administrative access is limited to personnel and vendors who need it to operate or support the Services

No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security.

5. Third-Party Services

We rely on third-party providers to operate portions of the Services. Depending on how you use profunc, these may include:

5.1 Supabase and Authentication Providers

We use Supabase for account-related functionality such as sign-in, session management, and account-linked access. If you authenticate with GitHub or another provider we enable, that provider's own privacy practices also apply.

5.2 Dodo Payments

Pro subscription payments are processed by Dodo Payments. We do not store your full credit card information. Billing data is handled according to Dodo Payments' privacy policy and security standards.

5.3 OpenAI and Model Providers

For AI-powered features, limited code or workspace data may be processed by OpenAI or similar model providers to generate the requested output. Their use of that data is governed by their own terms and privacy practices.

5.4 Website Analytics and Infrastructure

We may use website infrastructure and analytics providers such as Vercel Analytics to understand traffic, reliability, and performance on profunc.dev.

6. Data Sharing and Disclosure

We do not sell or rent your personal information to third parties. We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share your data
  • Service Providers: With trusted third-party providers such as Supabase, authentication providers, Dodo Payments, OpenAI, and analytics or infrastructure vendors to deliver the Services
  • Legal Compliance: To comply with legal obligations, court orders, or government requests
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality agreements
  • Protection: To protect our rights, property, or safety, or that of our users or the public

7. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to certain data processing activities
  • Withdraw Consent: Withdraw consent for data processing where we rely on consent as the legal basis

To exercise these rights, please contact us at [email protected].

7.1 Managing Your Data Locally

You may be able to delete locally stored profiling or investigation data from within the product, such as through a "Clear Data" command or similar local controls, if your version of profunc includes them.

8. Cookies and Tracking Technologies

The website may use cookies or similar storage technologies for authentication, session continuity, security, and analytics. The VS Code extension does not rely on browser cookies, but it may use local editor settings or local storage to remember configuration and preferences.

9. Children's Privacy

profunc is not directed to children under the age of 13, and we do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 13, we will take reasonable steps to delete it.

10. International Data Transfers

If you use the Services from outside the United States, your information may be transferred to and processed in the United States and other countries where we or our service providers operate. We use appropriate safeguards where required by applicable data protection law.

11. Data Retention

We retain personal information only for as long as necessary for the purposes described in this Privacy Policy, including to operate the Services, maintain accounts, manage billing, resolve disputes, enforce agreements, and comply with legal obligations. Locally stored profiling or investigation data generally remains on your machine until you delete it or overwrite it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and may provide additional notice if the changes are material. Your continued use of the Services after the effective date of the updated policy indicates acceptance of the revised policy.

13. GDPR and Similar Regional Rights

If you are located in the European Economic Area, the United Kingdom, or a similar jurisdiction, we may process your data under the following legal bases:

  • Consent: For optional features or interactions where consent is required
  • Performance of Contract: To provide account access, subscriptions, and paid or hosted features
  • Legitimate Interests: To improve the Services, support users, secure the product, and prevent abuse
  • Legal Obligation: To comply with tax, accounting, fraud prevention, and other legal requirements