Legal

Privacy & AI transparency

What Hydrate processes, why, for how long, where it goes, and the exact AI systems involved. Written to satisfy UK GDPR, EU GDPR, and the EU AI Act's transparency obligations (Article 50).

Effective: 2026-04-30 · Sedasoft Ltd, United Kingdom · v3

Your memory stays on your device. Hydrate writes facts to ~/.hydrate/data.db: a SQLite file that only your user account can read. Nothing leaves your machine on Free or Pro. The hydrate-server process listens on loopback only. The boundary is filesystem permissions, not encryption at rest, and we say so on the tin: SQLite stores plain bytes; OS-level permissions are the actual mechanism. There is no telemetry, no cloud sync, no SaaS backend for your data, and no plan to build one.

Teams share project memory through a plain git repository that you control, hosted on whatever you already use (GitHub, GitLab, self-hosted Gitea, a private file server). We never see the contents of that repository.

Sedasoft is therefore not a data processor for your session transcripts, extracted facts, or team canon, under Article 4(8) of the UK GDPR / EU GDPR. Your compliance surface for that content stays entirely inside your own infrastructure choices.

1. Who we are

Sedasoft Ltd (“Sedasoft”, “we”, “us”) is a UK-registered private limited company and the data controller for data processed through the gethydrate.dev website and the Hydrate hosted services. On the Free tier, data never leaves your machine. There is no controller relationship because no data is transmitted to us. See § 3.

Contact for privacy matters: [email protected].

2. What Hydrate does with your data

Hydrate is an episodic-memory layer for AI coding tools. It watches sessions in Claude Code, VS Code Copilot, Mistral Vibe, and any MCP-compatible client (Cursor, Cline, Zed, Gemini CLI). It extracts structured facts from each session transcript and injects relevant facts back into future sessions. The relevant question for privacy is: where does that extraction happen, and what data is involved?

Three categories of data are involved:

Session transcripts. The prompts you sent and the responses the AI assistant produced. These can contain source code, file paths, commit messages, design discussions, and anything else you typed. They may include personal data if you paste or dictate it.
Extracted facts. Short atomic statements derived from the transcript by an LLM (e.g. “pricing tiers are Free / Pro / Team”).
Metadata. Timestamps, project slugs, cost and token counts used for the dashboard.

3. What happens at each tier

Free tier: local store, BYOK extraction, no telemetry

Hydrate itself makes zero outbound calls: no telemetry, no error reporting, no analytics, no phone-home. The LLM extraction calls Hydrate triggers (per-session capture, first-run auto-prime, on-demand hydrate dehydrate) go directly from your machine to your configured provider with your keys; Hydrate's process never sees the request body or the response on the wire.

All LLM-based fact extraction uses your own provider keys (Anthropic, OpenAI, or local via the claude CLI on your PATH). Hydrate doesn't proxy LLM calls or take a cut: you pay your provider directly, on every tier. This applies to Hydrate's per-session capture, the first-run auto-prime from CLAUDE.md, and on-demand hydrate dehydrate invocations equally.

The only network calls Hydrate's hooks make are to your configured LLM provider's API endpoint and to the local Hydrate daemon over loopback (127.0.0.1). Optional enterprise sync to a self-hosted siteengine instance is off by default.

Pro tier: local + BYOK extraction + encrypted backup

Pro adds LLM-based fact extraction, using your own API key (BYOK). You choose the provider:

OpenAI (using your own OPENAI_API_KEY): transcripts are sent to OpenAI under your existing OpenAI terms, governed by OpenAI's Data Processing Addendum. OpenAI does not train on API data. We never see the data or your key.
Anthropic (using your own ANTHROPIC_API_KEY): your data, your contract with Anthropic.
Local LLM (your own LM Studio, Ollama, or compatible endpoint): no third party involved.

Even where a cloud provider is used for extraction, we (Sedasoft) do not process your data. You control the data flow end-to-end.

Pro also adds hydrate backup, which produces a passphrase-encrypted bundle file that you save wherever you want (external drive, personal cloud, Time Machine). We never hold it. The passphrase is never transmitted.

Pro includes a licence-validation phone-home, once per week, containing only: your Stripe customer ID, your licence JWT, a hash of your machine fingerprint for abuse detection, and a Unix timestamp. No session content. No facts. No cost data.

Team tier: git-as-sync, user-controlled repository

Team tier (public waitlist opens 6 May 2026) synchronises project-scoped facts across authorised teammates through a plain git repository that you (or your organisation) own and control. You choose where it lives: a private GitHub repository, an internal GitLab, a self-hosted Gitea, a Gerrit instance, or a bare repo on your own file server. Hydrate is a client of that repo, nothing more.

The team canon (shared facts, project manifest, per-teammate daily JSONL) is committed to that repository by the hydrate CLI in a plain, human-readable format. You can git log, review, revert, or cherry-pick the same way you handle any other source-controlled artefact. There is no opaque ciphertext, no hosted sync service, no Sedasoft-side storage of your team's memory content.

The boundary is structural: we never receive your team's facts. That means we cannot accidentally leak them, we cannot be subpoenaed for them, and they cannot accidentally be included in any training data. The GDPR controller for your team canon is your organisation, not us. Your existing data-protection posture for source-code repositories extends naturally to Hydrate's team feature without any additional relationship with Sedasoft.

Enterprise: self-hosted or single-tenant managed

Enterprise customers either self-host the entire Hydrate stack (Docker Compose or Helm, under their own infrastructure) or opt in to a single-tenant managed instance hosted in their preferred region. In the self-hosted case, Sedasoft has no controller/processor relationship with the customer’s Hydrate data. In the managed case, standard enterprise data-processing terms apply and are negotiated in the contract.

4. AI systems we use (EU AI Act transparency)

Under Article 50 of the EU AI Act (Regulation (EU) 2024/1689), we disclose the AI systems involved in delivering the product. Hydrate uses the following:

Component	AI system	What it does	Where it runs
Session capture (all integrations)	None. The Stop hook and MCP server record the session transcript. No AI is invoked here.	Writes the raw session transcript to `~/.hydrate/hydrate.db`	Your machine only
Fact extraction (Pro)	User’s choice: Anthropic Claude Haiku, OpenAI GPT-4o-mini, or a local OSS model	Reads the session transcript; returns structured facts	Wherever the user’s chosen provider runs
Embedding (for retrieval)	`all-MiniLM-L6-v2` (ONNX, bundled) by default; optional swap to OpenAI `text-embedding-3-small` or Voyage `voyage-3`	Produces a 384-dim (default) or 1024/1536-dim vector per fact for nearest-neighbour retrieval	Bundled ONNX runs on your machine; OpenAI/Voyage swap opts into their cloud
Context injection (at prompt time)	None. Injection is a vector-similarity lookup and string substitution. No generative AI is invoked here.	Hydrate surfaces relevant facts into the AI assistant’s context window	Your machine only

Hydrate itself is not a high-risk AI system under Annex III of the AI Act. It does not make decisions about people, employment, credit, education, law enforcement, essential services, or migration. It is a productivity tool for software developers.

Automated decision-making. Fact extraction classifies short text excerpts into categories (architecture / convention / command / constraint / decision / fact). These classifications are used only to rank facts for retrieval. No decision about any person is made. No profile is built.

Human oversight. You can view every fact Hydrate has stored (hydrate facts list), correct any fact (hydrate facts edit), and delete any fact (hydrate facts forget). You can disable extraction entirely via hydrate config set extract.provider=none.

AI literacy. This notice, the /docs, the /guide, and the EU AI Act assessment are our fulfilment of Article 50. If you find any AI behaviour in Hydrate unclear, email us.

5. Lawful basis (UK GDPR / EU GDPR Article 6)

Free tier: no processing by us, so no lawful basis required on our part. Your chosen LLM provider has its own lawful basis in its own terms.
Pro / Team / Enterprise (subscribed): Article 6(1)(b): processing is necessary for the performance of a contract to which the data subject is party. We process billing and licence data only to the extent necessary to deliver the service you paid for.
Security and abuse prevention: Article 6(1)(f): legitimate interest, balanced against your rights. Applies to the weekly licence phone-home's machine fingerprint hash.
Marketing emails: Article 6(1)(a): consent, via explicit waitlist opt-in. Revocable by clicking unsubscribe in any email.

6. Retention

Local data (Free / Pro): retained indefinitely on your machine under your control. Deletion is your rm -rf ~/.hydrate/.
Billing records: retained for 7 years after the last charge, as required by UK tax law (HMRC).
Waitlist email: retained until you unsubscribe, or 18 months after the waitlist closes, whichever is sooner.
Support correspondence: retained for 2 years after the last interaction, then deleted.
Stripe customer ID and licence JWT (Pro): retained for the lifetime of your subscription plus 90 days after cancellation, then purged.
Cloudflare access logs: rotated every 24 hours in standard Cloudflare retention. We do not re-ingest them.

7. International transfers & the only signup data we hold

The gethydrate.dev site is hosted on Cloudflare Pages, which is a global CDN. At rest, the site data sits in Cloudflare's EU and US data centres. Cloudflare is covered under the EU-US Data Privacy Framework and provides Standard Contractual Clauses in its DPA.

Stripe processes billing in the US and EU under its DPA with SCCs. If you use OpenAI, Anthropic, or Voyage as your LLM or embedding provider, data transfers to those providers are governed by your direct relationship with them. We are not a party to the transfer.

The one place Sedasoft itself holds any personal data is a Cloudflare D1 database for website signups. Two small tables live there:

waitlist: when you join the public waitlist (from 6 May 2026 onwards), we store your email address, which tier you signed up for, and the timestamp. Retention and erasure are as described in § 6.
early_access: when a journalist, YouTuber, newsletter writer, podcaster, or researcher requests early access via /early-access, we store their name, email, outlet and channel, kind, optional audience size, optional URL, and optional coverage-angle note. Retention and erasure are the same.

To exercise your Article 17 right to erasure against either table, email [email protected]. Deletion is a one-line SQL DELETE against the D1 instance and is actioned within one working day. No other personal data about you is held server-side by us.

8. Your rights

Under UK GDPR and EU GDPR you have the right to:

Access the personal data we hold about you (Article 15).
Rectify inaccurate data (Article 16).
Erase data we hold (Article 17, the “right to be forgotten”). For billing records, this is bounded by our legal retention obligations in § 6.
Restrict processing (Article 18).
Data portability (Article 20): your local data is already portable; hydrate backup produces a standard encrypted bundle.
Object to processing based on legitimate interest (Article 21).
Withdraw consent for marketing at any time (Article 7(3)).
Not be subject to solely automated decision-making (Article 22): Hydrate does not make automated decisions about you.
Lodge a complaint with a supervisory authority. In the UK this is the ICO; in the EU it is your national data-protection authority.

To exercise any of these rights, email [email protected]. We will respond within one month (Article 12(3)).

Erasing your memory

Hydrate's memory is yours. The local store at ~/.hydrate/data.db is plain SQLite under your user account; you do not need to ask us to delete it. The commands the CLI gives you, in increasing breadth:

One fact: hydrate canon remove <id> or hydrate fact remove <id>
One project: hydrate project deactivate <slug> (preserves history) or hydrate project delete <slug> (purges)
All of it: hydrate uninstall --purge

Each command operates on the local SQLite store. There is no server-side record to delete because there is no server-side record. The Article 17 right to erasure against the small server-side billing record described in § 7 is the only thing that needs to come through us.

9. Cookies & tracking

gethydrate.dev uses no analytics cookies, no advertising cookies, and no third-party trackers. The only cookies set are the strictly necessary Cloudflare cookies for security (rate limiting, bot detection), which do not require consent under the ePrivacy Directive.

If you sign in to the Stripe Customer Portal to manage your subscription, Stripe sets its own cookies under its own notice.

10. Data breaches

In the event of a personal-data breach affecting you, we will notify the relevant supervisory authority within 72 hours as required by Article 33 GDPR, and notify affected users without undue delay. Our incident response plan covers P1 to P4 severity classification, the five-step response procedure, and GDPR notification obligations.

11. Changes to this notice

We keep a version history; the current version is noted at the top. Material changes to how we process your data will trigger an email to Pro, Team, and Enterprise customers at least 30 days before the change takes effect. For Free users there is no email channel. Material changes are announced on the blog and in the next Hydrate release's changelog.

12. Contact & feedback

Any question, concern, rights request, or “wait, what does this clause mean”: email [email protected].