Lawkitt Privacy Policy
Last Updated: August 25, 2025
This Privacy Policy explains how Lawkitt ("Lawkitt," "we," "our," or "us") collects, uses, and shares information when you:
- browse any page under lawkitt.com (the Marketing Site); and/or
- create an account for, sign in to, or otherwise use Lawkitt at lawkitt.com or through the Lawkitt extension while authenticated to that account (the Cloud Service).
Quick Summary
- Your source code never transits Lawkitt servers. It stays on your device and is sent directly—via a client‑to‑provider TLS connection—to the third‑party AI model you select. Lawkitt never stores, inspects, or trains on your code.
- Prompts and chat snippets are collected by default in Lawkitt Cloud so you can search and re‑use past conversations. Organization admins can disable this collection at any time.
- We collect only the data needed to operate Lawkitt Cloud, do not sell customer data, and do not use your content to train models.
1. Information We Collect
| Category | Examples | Source |
|---|---|---|
| Account Information | Name, email, organization, auth tokens | You |
| Workspace Configuration | Org settings, allow‑lists, rules files, modes, dashboards | You / Extension (when signed in) |
| Prompts, Chat Snippets & Token Counts | Text prompts, model outputs, token counts | Extension (when signed in) |
| Usage Data | Feature clicks, error logs, performance metrics (captured via PostHog) | Services automatically (PostHog) |
| Payment Data | Tokenized card details, billing address, invoices | Payment processor (Stripe) |
| Marketing Data | Cookies, IP address, browser type, page views, voluntary form submissions (e.g., newsletter or wait‑list sign‑ups) | Marketing Site automatically / You |
2. How We Use Information
- Operate & secure Roo Code Cloud (authentication, completions, abuse prevention)
- Provide support & improve features (debugging, analytics, product decisions)
- Process payments & manage subscriptions
- Send product updates and roadmap communications (opt‑out available)
3. Where Your Data Goes (And Doesn't)
| Data | Sent To | Not Sent To |
|---|---|---|
| Code & files you work on | Your chosen model provider (direct client → provider TLS) | Lawkitt servers; ad networks; model‑training pipelines |
| Prompts, chat snippets & token counts (Cloud) | Lawkitt Cloud (encrypted at rest) | Any third‑party |
| Workspace Configuration | Lawkitt Cloud (encrypted at rest) | Any third-party |
| Usage & Telemetry | PostHog (self‑hosted analytics platform) | Ad networks or data brokers |
| Payment Data | Stripe (PCI‑DSS Level 1) | Lawkitt servers (we store only the Stripe customer ID) |
4. Data Retention
- Source Code: Never stored on Lawkitt servers.
- Prompts & Chat Snippets: Persist in your Cloud workspace until you or your organization admin deletes them or disables collection.
- Operational Logs & Analytics: Retained only as needed to operate and secure Lawkitt Cloud.
5. Your Choices
- Manage cookies: You can block or delete cookies in your browser settings; some site features may not function without them.
- Disable prompt collection in Organization settings.
- Delete your Cloud account at any time from Security Settings inside Lawkitt Cloud.
6. Security Practices
We use TLS for all data in transit, AES‑256 encryption at rest, least‑privilege IAM, continuous monitoring, routine penetration testing, and maintain a SOC 2 program.
7. Updates to This Policy
If our privacy practices change, we will update this policy and note the new Last Updated date at the top. For material changes that affect Cloud workspaces, we will also email registered workspace owners before the changes take effect.
8. Contact Us
Questions or concerns? Email privacy@lawkitt.com.