Windcraft

Privacy Policy

Last updated: May 2026

What we collect

  • Account data — email, name, GitHub OAuth metadata (read:user, user:email), hashed password.
  • Project metadata — design tokens, component contracts, rule configurations, sync events. We do not store your source code.
  • Billing — handled by Lemon Squeezy as Merchant of Record. We never see your card.
  • Telemetry — anonymous CLI usage events (command, duration, project id). Opt out by setting WINDCRAFT_TELEMETRY=0.

How we use it

To run the product. We do not sell or share your data.

Storage

  • EU-region Postgres for account + project data
  • EU-region Redis for sessions + webhook idempotency
  • API keys hashed with bcrypt cost 12

GDPR

Export your data any time from /account. Delete your account from the same page — projects soft-delete immediately, all rows are purged within 30 days.

Contact

Questions: hello@windcraft.io