Skip to main content
Last updated April 28, 2026

Privacy Policy

Please read before creating an account. This explains what Midcore collects, why, and your choices.

This Privacy Policy describes how NeuroBazar Inc. (“NeuroBazar,” “we,” “us,” or “our”) collects, uses, discloses, stores, and protects personal data in connection with the Midcore platform, website at midcore.dev, desktop application, APIs, AI-assisted workflows, and related services (collectively, the “Service”). You must review and acknowledge this policy before creating an account or using authenticated features.

1Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign up via a third-party provider (GitHub, Google, or SSO), we receive your profile information as authorized by that provider. For paid plans, we collect billing details through our payment processor — we never store full credit card numbers on our servers.

Usage Data

We collect anonymized analytics about how you interact with the Service, including features used, session duration, error reports, and performance metrics. This data helps us improve the product. You can opt out of non-essential telemetry in Settings.

Code & Project Data

When using the cloud-hosted Service, your code and project files may be transmitted to our servers for AI processing (code completions, chat, agent actions). This data is encrypted in transit via TLS 1.3. How long we retain this data depends on your privacy mode — see Privacy Mode below.

Device & Technical Information

We automatically collect device type, operating system, browser version, IP address, and general location (country/region level). This information is used for security, fraud prevention, and service optimization.

2How We Use Your Data

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process AI code completions, chat responses, and agent actions
  • Authenticate your identity and manage your account
  • Process payments and manage subscriptions
  • Send transactional emails (account confirmation, billing, security alerts)
  • Detect, prevent, and address security issues and abuse
  • Analyze usage patterns to improve product quality (aggregated, anonymized)
  • Comply with legal obligations

We do not sell your personal data. We do not use your private code to train AI models unless you explicitly opt in to a research program.

3Code Processing & AI

Midcore uses large language models (LLMs) to provide AI-powered features including code completion, chat assistance, autonomous agents, and code review. When you use these features on the cloud plan:

  • Code snippets and context are sent to our inference servers over encrypted connections
  • We may route requests to third-party LLM providers based on model selection and availability
  • With Privacy Mode enabled, providers with zero-data-retention (ZDR) agreements are prioritized
  • Your private code is not used to train foundation models unless you explicitly opt in where such a program is offered
  • For self-hosted and offline deployments, all processing stays on your infrastructure

4Privacy Mode

Midcore offers a dedicated Privacy Mode that provides enhanced data protection:

Privacy Mode (Recommended)

Requests are routed to providers and infrastructure configured for stronger retention limits where available. Provider-side storage is minimized, and only the data needed to process the request is sent. Codebase indexing uses limited project context designed to support product functionality without broad disclosure.

Standard Mode

Additional model providers may be available. Some providers may temporarily process or cache request data under their own enterprise data processing terms. We work to disclose provider behavior clearly where model choice affects retention.

Enterprise customers may be able to enforce stricter privacy controls across their organization through administrative settings and written agreements.

5Data Storage & Security

We take the security of your data seriously:

  • All data is encrypted at rest using AES-256 and in transit using TLS 1.3
  • Infrastructure is hosted on leading cloud providers (AWS, GCP) with SOC 2 Type II certified data centers
  • We maintain administrative, technical, and organizational controls appropriate to the sensitivity of the data
  • Access to production systems is restricted via role-based access controls with mandatory MFA
  • We conduct regular security assessments and maintain an active responsible disclosure program
  • Database backups are encrypted and stored in geographically separate regions

For more details about our security practices, visit our Security page.

6Data Retention

We retain different types of data for different periods:

Data TypeRetention Period
Account informationDuration of account + 30 days after deletion
Code / AI prompts (Privacy Mode)Not stored beyond request processing
Code / AI prompts (Standard Mode)Up to 30 days for quality improvement, then deleted
Usage analytics24 months (aggregated and anonymized)
Billing records7 years (legal requirement)
Security logs12 months

You can request deletion of your data at any time by contacting us or through your account settings. We will process deletion requests within 30 days, subject to legal retention requirements.

7Third-Party Services

We use the following categories of third-party services:

  • LLM Providers — Anthropic, OpenAI, Google (for AI features; governed by data processing agreements)
  • Cloud Infrastructure — AWS, Google Cloud Platform (hosting and storage)
  • Payment Processing — Stripe (payment handling; we never see your full card number)
  • Authentication — GitHub, Google OAuth (optional social login)
  • Analytics — PostHog (self-hosted instance; anonymized product analytics)
  • Email — Resend (transactional emails only)

We maintain data processing agreements with all sub-processors. A current list of sub-processors is available in our Data Processing Agreement.

8Cookies & Tracking

We use cookies and similar technologies for:

Essential Cookies

Session management, authentication, CSRF protection. Cannot be disabled.

Functional Cookies

User preferences, language settings, theme selection. Can be managed in settings.

Analytics Cookies

Anonymized usage patterns via self-hosted PostHog. Can be opted out in settings.

We do not use third-party advertising trackers. We do not sell data to advertisers.

9Your Rights

Depending on your location, you may have the following rights under applicable data protection laws (including GDPR and CCPA):

  • Right to Access — Request a copy of the personal data we hold about you
  • Right to Rectification — Request correction of inaccurate personal data
  • Right to Erasure — Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing — Request limitation of how we process your data
  • Right to Data Portability — Receive your data in a structured, machine-readable format
  • Right to Object — Object to processing based on legitimate interests or direct marketing
  • Right to Withdraw Consent — Withdraw consent at any time where processing is based on consent
  • Right to Non-Discrimination — Exercise your rights without receiving discriminatory treatment (CCPA)

To exercise any of these rights, contact us at legal@midcore.dev. We will respond within 30 days (or sooner where required by law).

For California residents: Under the CCPA, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information.

For EU/EEA residents: Our legal basis for processing personal data is typically contract performance (providing the Service), legitimate interest (improving the Service), or your consent. You may lodge a complaint with your local data protection authority.

10Children's Privacy

The Service is not directed to individuals under 18 or under the age of majority in their jurisdiction. We do not knowingly collect personal information from children. If we learn that a user does not meet the eligibility requirements, we may investigate, delete the personal data, and close the account. If you believe we have collected data from a child, please contact us at legal@midcore.dev.

11Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by posting a prominent notice on our website at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

NeuroBazar Inc.

Email: legal@midcore.dev

Product: Midcore

See also: Terms of Service · Security · Data Processing Agreement