ronda
Start Now

Legal

Privacy Policy

Last updated June 19, 2026

ronda lets you change a real web app in plain language and ship the change as a GitHub pull request. This policy explains what data ronda collects to do that, how it is used and stored, and the third parties it is shared with. It reflects how the product actually works today.

Data we collect

We collect only what we need to run the service:

  • Account details: your email address, and a password hash if you sign up with a password. If you sign in with GitHub, we store the GitHub OAuth access token issued to ronda so we can read and write the repositories you connect.

  • Connected repository data: metadata about the GitHub repositories you connect (such as repository name and structure) and the source files ronda reads and edits when you ask for a change.

  • Edit instructions and session data: the plain-language instructions you type, and the session state ronda keeps while a change is in progress.

  • Your Anthropic API key: ronda is bring-your-own-key. The Anthropic API key you provide is encrypted at rest with AES-256-GCM, and only the last four characters are shown back to you in the interface.

  • Billing details: if you subscribe to a paid plan, payment is processed by Stripe. We do not store your full card number.

  • Usage and product analytics: we record events such as page views and key product actions to understand how ronda is used and to improve it.

How we use your data

We use your data to authenticate you, connect your GitHub repositories, apply the changes you request, generate pull requests, process billing on paid plans, and operate and improve the service. We do not sell your data.

Storage and security

Your data is stored in our PostgreSQL database hosted on our infrastructure. Sensitive values, including your Anthropic API key and other credentials, are encrypted at rest with AES-256-GCM. Access to production systems is restricted to ronda operators.

Third parties we share with

ronda relies on a small number of providers to deliver the service. Each receives only the data needed for its function:

  • Anthropic: when you request a change, your instructions and relevant source code are sent to the Anthropic API using your own API key. Your use of Anthropic is governed by Anthropic's terms and privacy policy.

  • GitHub: ronda reads and writes the repositories you connect through the GitHub OAuth access token you grant. Your use of GitHub is governed by GitHub's terms and privacy policy.

  • Stripe: handles payment and subscription processing for paid plans.

  • PostHog: provides product analytics for the events described above.

Data retention

We keep your account, project, and session data for as long as your account is active. You can disconnect a repository or delete your Anthropic API key at any time, which removes the stored value. When you ask us to delete your account, we remove your personal data, subject to any records we are required to keep for legal or accounting reasons.

Your rights

You can access, correct, or delete your personal data by contacting us at the address below. We will respond to verified requests within a reasonable time.

Contact

Questions about this policy or your data can be sent to the email address below. For general support, visit our support page.

Email[email protected]Visit the support page