Privacy Policy

This Privacy Policy describes how Caliber, a product of Masternode LLC, a North Carolina limited liability company (“we”, “us”), handles information collected through our website, dashboard, APIs, and the Caliber hooks you install in supported AI coding tools (Claude Code, Cursor, Codex CLI).

If your team uses Caliber through an organization account, your employer is the controller of the telemetry generated by your use of AI coding tools; Caliber processes that data on their behalf under our Terms of Service.

We collect three categories of data:

Account data. When you sign up, we collect your name, work email, role (developer/manager), hashed password, team membership, and API keys issued to you. Managers additionally provide a team name and invite codes.

Developer telemetry. When Caliber hooks are installed, we receive events describing your interactions with supported AI coding tools:

• Prompts you submit to the AI tool (the text you wrote, not the AI's response);
• Tool invocation metadata (which tool ran, file paths, and whether a permission prompt appeared);
• Your responses to permission prompts (approve/deny);
• Session identifiers, timestamps, and the source tool (Claude Code, Cursor, or Codex);
• Minimal client metadata such as tool version and hook version.

Product usage. When you use the dashboard, we collect standard server logs (IP address, user agent, pages viewed, request timing) for security, rate limiting, and debugging.

To protect your organization's intellectual property, the Caliber hooks are designed to never transmit:

• AI-generated code or text responses;
• The contents of your source files or diffs;
• Tool output such as command stdout, test results, or compiler logs;
• Post-response events (Stop, PostToolUse, SessionEnd, afterAgentResponse) or anything that would reveal what the AI produced;
• Keystrokes, screen contents, or audio.

If you ever see a field in our API that appears to include this kind of data, please report it to security@caliber.dev. We treat it as a bug.

We use the data we collect to:

• Compute Intelligence Factor scores, signals, and coaching insights for your team;
• Display dashboards, session timelines, and trend analytics to you and your team managers;
• Authenticate your account, issue and rotate API keys, and enforce rate limits;
• Debug, monitor, and improve the reliability and accuracy of the Service;
• Communicate with you about your account, billing, security, and material changes to the Service.

We do not sell your personal information, and we do not use your telemetry to train third-party AI models.

Raw telemetry events are automatically deleted 30 days after ingestion via a database time-to-live index. Computed Intelligence Factor scores and session-level metadata are retained for the life of your account so that managers can see long-term trends. When you close your account, we delete or anonymize your personal data within 30 days, except where we need to retain it to comply with law or resolve disputes.

Inside your team. Managers on your team can see the scores, session-level metadata, and trend analytics of developers on the same team. Developers can see their own data. We do not show one customer's data to another customer.

Service providers. We rely on a small set of subprocessors to run the Service, including:

• MongoDB Atlas — primary database hosting;
• Railway — backend application hosting;
• Vercel — dashboard and marketing site hosting;
• Resend — transactional email delivery.

Each subprocessor is contractually bound to protect the data we share and to use it only to provide services to us.

Legal requests. We may disclose data if required by law, subpoena, or court order, or to protect the rights, safety, or property of Caliber, our customers, or the public.

We protect your data with industry-standard measures including TLS in transit, encrypted storage at rest, hashed passwords, per-developer API keys, rate limiting, and role-based access controls. No system is perfectly secure; if you believe your account has been compromised, contact us immediately at security@caliber.dev.

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can exercise many of these rights directly in the dashboard, or by emailing privacy@caliber.dev. If your data is managed by your employer's Caliber team, we may direct your request to them as the data controller.

Caliber is operated from the United States by Masternode LLC, headquartered in North Carolina. If you access the Service from outside the U.S., you understand that your data will be transferred to and processed in the U.S. and in the regions where our subprocessors operate. We take reasonable steps to ensure your data receives an adequate level of protection wherever it is processed.

The Service is not directed to children under 16, and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us personal data, please contact us and we will delete it.

We may update this Privacy Policy from time to time. If we make a material change, we will provide reasonable notice before the change takes effect, for example by email or via the dashboard. The “Last updated” date at the top of this page reflects the most recent revision.

Questions about this Privacy Policy or our data practices? Reach us at privacy@caliber.dev.