privacy policy
last updated may 27, 2026
the short version
- we collect what we need to run implexa: your email and name on signup, plus telemetry about how you use the plugin (tool calls, applied skills, outcomes).
- we do not sell your data. ever.
- we do not train AI models on your prompts.
- you can export or delete your data anytime. email founder@implexa.ai and we will respond within 30 days.
- questions? same email. we read everything.
what we collect
account information
When you sign up at app.implexa.ai we collect:
- email address (required for sign-in and transactional email)
- display name (optional, used in dashboard UI)
- authentication token (when you sign in via OAuth: google, github, or claude.ai)
telemetry from the plugin
When the implexa plugin runs in your Claude Code or Codex session, we record:
- which slash commands you invoke (e.g. /implexa:run)
- which skills you apply, and whether they succeed or fail
- an aggregated inventory of MCP servers you have installed (we use this to score skill compatibility)
- counts and timestamps of plugin activity
We use this to rank skills via SkillRank, bill correctly (free vs paid), and debug issues you report.
prompt context for skill recommendations
When you submit a prompt in Claude Code with implexa active, the plugin sends the prompt text to our backend so we can recommend a matching skill. Specifically:
- if we find a recommendation above our confidence threshold, the prompt is logged alongside the recommendation, keyed by an anonymized user identifier (a salted hash of your user id, not the email).
- if no recommendation matches, the prompt is discarded immediately and not persisted.
- we never use your prompts to train AI models. we never sell or share prompt content with third parties.
work signatures (opt-in, off by default)
You can optionally allow implexa to build a "work signature": an embedded representation of your work patterns across tools and skills over time. This signature improves recommendation quality, especially for ambiguous queries.
Work signatures are off by default. Email founder@implexa.ai to enable or disable.
how we use your data
We use the data we collect to:
- deliver the product (recommend skills, store your library, bill you)
- improve SkillRank, our cross-vendor skill ranking algorithm. Aggregate telemetry, never individual user lookup.
- debug issues you report to support
- send transactional emails (welcome, billing receipts, security alerts)
We do not:
- sell your data to anyone, ever
- train AI models on your prompts or skills
- send marketing emails without explicit opt-in
- share user-level data with Anthropic, OpenAI, or any other vendor unless required by law
who we share data with (sub-processors)
Implexa runs on a small number of trusted infrastructure vendors. Each receives the minimum data needed to deliver their service:
| vendor | purpose | what we share |
|---|---|---|
| Supabase | database hosting (US) | account data, telemetry, skill content |
| Vercel | frontend hosting (US) | anonymized page views, request logs |
| Fly.io | backend hosting (US) | request logs, application data |
| Anthropic | LLM API for skill scoring and recommendations | skill content + prompt context only when needed for a single API call |
| OpenAI | embedding API for semantic search | skill content for embedding generation, not your prompts |
| Stripe | billing and payments | email, payment-method metadata (not card numbers) |
| Resend | transactional email delivery | email address, message body |
| Cloudflare | CDN, DNS, and DDoS protection | request metadata, IP address |
We have data processing agreements with each. If we add a new sub-processor we will update this table and bump the last-updated date at the top of the page.
data retention
- Account data (email, name): as long as your account is active. We delete within 30 days of you closing your account.
- Plugin telemetry (tool calls, applied skills, outcomes): retained for up to 12 months to power SkillRank.
- Prompts that triggered a recommendation: retained for up to 90 days, keyed by anonymized user id only.
- Prompts that did not trigger a recommendation: not persisted to durable storage.
- Backups: rolling 7-day window, then purged.
your rights
At any time you can ask us to:
- show you all the data we have about you
- correct anything inaccurate
- delete your account and all associated data
- export your data in a portable format
- stop processing your data for product improvement
- opt out of telemetry or work-signature collection
Email founder@implexa.ai to exercise any of these. We respond within 30 days.
If you are in the EU, UK, or California you have additional statutory rights under GDPR, UK GDPR, and CCPA respectively. The list above covers all of them.
cookies and tracking
We use cookies sparingly:
- essential cookies for authentication (sign-in state, session token)
- Vercel Analytics: aggregate page views, no personal data, no third-party sharing
- Vercel Speed Insights: aggregate Core Web Vitals from real visits, no personal data
We do not use third-party advertising cookies, social-media trackers, or session-replay tooling.
children
Implexa is not directed at children under 16. We do not knowingly collect data from minors. If you are a parent or guardian and think we have data on your child, email founder@implexa.ai and we will delete it within 7 days.
international transfers
Implexa is based in the United States. If you use the product from outside the US, your data is transferred to and processed in the US. For EU and UK users, this transfer relies on Standard Contractual Clauses (SCCs) approved by the European Commission.
changes to this policy
We update this page when something material changes. The last-updated date at the top reflects the most recent revision. If a change is significant (new sub-processor, expanded data collection, change in how we use your data) we will email you at least 14 days before it takes effect.
contact
One inbox for everything for now (privacy, security, general, press):
For security vulnerabilities please email the address above with the subject line starting [security] so we route it before any other queue. Please do not file public GitHub issues for vulnerabilities.
Postal mail: Implexa Inc., contact via email above for current mailing address.
This privacy policy reflects how Implexa Inc. handles data as of may 27, 2026. It is not legal advice. If you have specific questions about how privacy law applies to you, please consult a qualified attorney.