Privacy Policy

1. What LoopGuard collects

When you use LoopGuard with an account, the following metrics are synced to our API:

• —
  Session start time and end time. Used to calculate total active development time per day.
• —
  Number of loops detected per session. A loop is counted as an integer — not the error message or file content.
• —
  Time wasted per loop in milliseconds. The duration between first and last occurrence of a repeated error pattern.
• —
  Number of tokens saved per context copy. Calculated locally from the before/after token count. No file content is sent.
• —
  File type of the file where the loop occurred. For example: "ts", "py", "go". Never the file name or file path.
• —
  Extension version. Used to correlate data with specific releases.
• —
  Error fingerprint (anonymized). A short deterministic fingerprint of the error message text. The original message is never stored in the backend.

2. What LoopGuard never collects

• ✗Source code, file contents, or any part of your codebase
• ✗File names or file paths
• ✗The actual text of error messages (only a one-way hash)
• ✗Keystrokes, clipboard contents, or browser history
• ✗IP address (not logged at the API level)
• ✗Third-party cookies or tracking pixels
• ✗Any data from files you did not explicitly act on inside VS Code

3. Authentication data

If you sign in, we store your email address and a Supabase-managed JWT. Your password is never stored by LoopGuard — authentication is handled entirely by Supabase Auth, which follows industry-standard practices. Your JWT is stored in VS Code SecretStorage, which maps to the OS-level secure keychain (macOS Keychain, Windows Credential Manager, or Linux libsecret).

4. Local processing

All context compression, loop detection, AST parsing, and entropy scoring runs entirely on your local machine inside the VS Code extension process. The Rust binary (loopguard-ctx) runs as a subprocess on your machine and communicates with the extension over stdin/stdout. It has no network access. No code is ever sent to our servers for processing.

5. Data storage and retention

Metrics are stored in a Supabase Postgres database with row-level security. Only you can read your own data. We retain session and loop metrics for 30 days on the free tier and 12 months on Pro. You can delete your account and all associated data at any time by emailing support@loopguard.dev.

6. Third-party services

• —
  Supabase: Database, authentication, and row-level security. Hosted in the EU (Frankfurt). GDPR compliant.
• —
  Vercel: Hosts the web dashboard. No user data is stored on Vercel infrastructure.
• —
  Google OAuth: Optional sign-in method. Only your email address and Google profile name are shared with LoopGuard if you use Google sign-in.

7. Your rights (GDPR / CCPA)

You have the right to:

• →Access all data we hold about you
• →Correct inaccurate data
• →Delete your account and all associated data
• →Export your data in JSON format
• →Opt out of all data collection — simply do not create an account. The extension works fully without one.

To exercise any of these rights, email support@loopguard.dev.

8. Changes to this policy

If we make material changes to what data we collect, we will notify signed-in users by email at least 14 days before the change takes effect. The current version is always available at loopguard.vercel.app/privacy.

9. Contact

Questions or concerns: support@loopguard.dev