Privacy Policy

Last updated: April 26, 2026

Compose LLC (“Compose LLC”, “we”, “our”, or “us”) operates Composeably. This Privacy Policy explains how we collect, use, and share information when you use our website and the Composeably platform (collectively, the “Service”), which lets you describe an application in natural language and have a team of AI agents plan, build, review, and deliver it. By using the Service, you agree to the practices described in this policy.

1. Information we collect

Account information

When you sign up, our authentication provider (Clerk) collects your email address, name, password (hashed), and optional profile details. If you sign up via a third-party identity provider (e.g. Google, GitHub), we receive the basic profile information that provider shares with us.

Content you provide

We collect the prompts, descriptions, chat messages, files, screenshots, and project secrets (API keys, environment variables) you submit to the Service so our AI agents can plan and build your application. Project secrets are stored in our database and used only to run your build.

Generated content

We store the source code, build artifacts, agent reasoning logs, plans, reviewer notes, and other outputs the agents produce while working on your project, so you can resume, re-run, or audit a build.

Integrations

If you connect a third-party account (for example, GitHub) we store the OAuth access and refresh tokens needed to push code or interact with that service on your behalf. Tokens are scoped to your organization and used only to perform actions you initiate.

Billing information

Payments are processed by Stripe. We do not receive or store full payment card numbers. We do receive and store: your customer identifier, the credit bundle you purchased, transaction status, and the last four digits / brand of the card as returned by Stripe.

Usage and technical data

We log standard request data (IP address, user agent, timestamps, route), error traces, and aggregate usage metrics (tasks created, credits consumed, agent step durations). This is used for security, debugging, and capacity planning.

Cookies

We use strictly necessary cookies for authentication and session management (set by Clerk), and may use minimal first-party cookies for preferences. We do not set cross-site advertising cookies.

2. How we use information

We do not sell your personal information. We do not use the content you submit, the source code we generate for you, or your project secrets to train foundation models.

3. Sub-processors and third parties

We rely on the following sub-processors to operate the Service. Each receives only the data needed for its function.

We may also disclose information when required by law, to enforce our Terms, or to protect the rights, property, or safety of Composeably, our users, or others.

4. AI processing

To produce a plan, write code, review changes, and deploy, the content you submit is sent to Anthropic’s API and run inside an e2b sandbox. Anthropic processes prompts under its own data-handling commitments and, per its enterprise terms, does not use API submissions to train its models. AI output may be inaccurate or incomplete; you are responsible for reviewing generated code and configurations before relying on them.

5. Data location and transfers

The Service is operated from the United States and our sub-processors may process your data in the United States and other regions. By using the Service you consent to the transfer of your information to these locations.

6. Retention

We retain account, project, build, and billing records for as long as your account is active and for a reasonable period after closure to satisfy tax, accounting, dispute, and legal-defense obligations. You may delete individual projects from the Service at any time, which removes the associated tasks, sandboxes, previews, and source code from our managed storage. Aggregated usage history and audit ledgers (e.g. credit transactions) may be retained after project deletion in a form not directly tied to identifiable content.

7. Security

We use TLS for data in transit, isolate each tenant’s data by organization at the database query layer, run user code only inside ephemeral cloud sandboxes scoped to a single organization, and follow the principle of least privilege for access to production systems. No system is perfectly secure; report suspected vulnerabilities to the contact below.

8. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, to object to or restrict certain processing, and to lodge a complaint with a supervisory authority. To exercise any of these rights, email us at the address below from the email associated with your account. We will respond within the time required by applicable law.

9. Children

The Service is not directed to children under 13 (or under 16 in jurisdictions where that is the applicable threshold), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact us and we will delete it.

10. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated via email or in-product notice. The “Last updated” date at the top reflects the most recent revision.

11. Contact

If you have any questions or concerns about this Privacy Policy or your data, please contact us:

Compose LLC — Composeably
Email: compose@composework.com

See also our Terms of Service.