Home

Privacy Policy

Effective 2026-05-09. Operated by Express Data Management ("we," "us," "our") for the PeriCode product family — Periphery MCP, PeriCode CLI, PeriCode Inside, PeriCode Sidecar, and the website at pericode.ai.

What we collect

PeriCode is local-first by design. The agent loop, vault, memory, MCP traffic, and audit log run on your machine. We do not host your work product. The narrow exceptions:

  • License + billing: when you purchase a paid plan, we collect your email, license-key issuance metadata, and a hardware-fingerprint hash so a single seat does not get reused across machines beyond your plan’s seat limit. Stripe handles payment data on its own infrastructure under its own privacy terms; we never see your card number.
  • Trial tracking: when you start a free trial we record a hardware-fingerprint hash and the trial start date, so the trial cannot be reset by reinstalling. The fingerprint is HMAC-hashed before storage.
  • Site analytics: pericode.ai is hosted on Cloudflare Pages. Cloudflare collects standard request metadata (IP, user agent, referrer) for traffic analysis and abuse prevention. We do not run third-party analytics scripts.
  • Support email: messages you send to hello@pericode.ai or sales@pericode.ai reach our inbox and are retained until your inquiry is resolved.

What we do not collect

  • The contents of your Obsidian vault, your databases, your code, or any documents the agent reads.
  • Your AI provider API keys. Those stay in the plugin’s local data.json file and are sent only to the provider you configured.
  • Your prompts, model responses, or audit log entries. Those are written locally and never transmitted to us.

Where data lives

License and trial records live in Cloudflare D1 (SQLite at the edge), bound to a Cloudflare Worker we operate at api.pericode.dev. Cloudflare’s sub-processor list is at cloudflare.com/cloudflare-customer-subprocessors. Stripe holds payment data; their privacy policy is at stripe.com/privacy.

Your rights

Email hello@pericode.ai to request a copy of any data we hold about you, or to delete it. We will respond within 30 days. EU/UK users have rights under GDPR; California users under CCPA.

Changes to this policy

We will post any material change to this page and update the effective date. We do not retroactively reduce your rights without notifying you by email at the address on file with your license.