Privacy Policy

Last updated: December 20, 2024

Summary: Your code stays on your devices. We do not see your conversations with AI. Cloud relay only sees encrypted data that we cannot read.

1. Introduction

Duilio ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our macOS and iOS applications (collectively, the "Service").

2. Information We Collect

2.1 Account Information

When you create an account for Cloud mode, we collect:

  • Email address
  • Display name (optional)
  • Authentication data from Apple Sign-In (if used)

2.2 Device Information

We collect basic device information for pairing and debugging:

  • Device type (macOS, iOS)
  • Operating system version
  • App version

2.3 Payment Information

For paid subscriptions, payment is processed by Stripe or Apple. We receive subscription status and customer identifiers. We do not store your credit card number or full payment details.

3. Information We Do NOT Collect

  • Your code – Files and code on your machine never leave your devices
  • Your AI conversations – Messages between you and AI models are not accessible to us
  • Your API keys – Your API keys are stored only on your devices in the system Keychain
  • Command output – Terminal output and tool results stay on your network

4. How We Use Information

We use collected information to:

  • Provide and maintain the Duilio service
  • Process your subscription and billing
  • Send important service updates (no marketing emails without consent)
  • Debug and improve the app

5. End-to-End Encryption

When using Cloud mode, all messages between your iOS device and Mac are encrypted using industry-standard encryption (Curve25519 key exchange and AES-256-GCM). Our servers only see encrypted data and cannot read your messages. The cloud relay temporarily routes encrypted messages between your devices. Messages are not stored permanently on our servers.

6. Third-Party Services

Duilio integrates with the following third-party services:

  • Supabase – Authentication and real-time messaging for Cloud mode
  • Stripe – Payment processing for subscriptions
  • Apple – Sign in with Apple and App Store payments
  • LLM Providers – AI services (you bring your own API key)

Each of these services has their own privacy policy that governs their use of data.

7. Data Retention

  • Account data is retained while your account is active
  • Cloud relay messages are ephemeral and not stored permanently
  • Local audit logs are stored only on your Mac and can be cleared at any time

8. Your Rights

You have the right to:

  • Access your account information
  • Delete your account and associated data
  • Export your data
  • Opt out of optional communications

To exercise these rights, contact us at info@duilio.cloud.

9. Children's Privacy

Duilio is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

10. Security

We implement appropriate security measures including:

  • End-to-end encryption for Cloud mode
  • Secure Keychain storage for sensitive data
  • Row-level security on our database
  • Regular security reviews

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at: info@duilio.cloud