> privacy.md
Privacy Policy
Your code stays yours. We index it to make it searchable and useful to your agents. We do not train on it, sell it, or expose it to other customers.
Effective March 23, 2026. This page covers what we collect, how we process repository data, and what rights you have over it.
tl;dr — Your code stays yours. We index it to make it searchable. We do not train on it, sell it, or show it to other customers. Delete anytime.
1. Who We Are
Maguyva is a code intelligence service operated by UT INTERNATIONAL PTE. LTD., a company registered in Singapore.
2. What We Collect
We collect three categories of data:
- Account data: your name, email address, and GitHub OAuth token (used to access repositories you authorize)
- Code data: your source code (stored to serve file content and power search), abstract syntax trees, symbol graphs, and semantic embeddings derived from your code
- Usage data: which tools you call, timestamps, and aggregate query patterns
Browser Storage. This website stores a small amount of data in your browser’s local storage to remember your theme preference (key: “maguyva-theme”). This data never leaves your browser and is not transmitted to our servers. We do not use cookies for tracking or analytics. Cloudflare, our infrastructure provider, may set functional cookies for security purposes.
3. How We Use It
We use your data to index your code and serve search results, process payments via Stripe, send transactional emails (account confirmations, billing receipts), and compute aggregate usage statistics. We do not use your code to train machine learning models. We do not sell your data.
4. Your Code
When you connect a repository, your source code is stored in our infrastructure to power code intelligence features including file retrieval and search. We parse it into an abstract syntax tree using tree-sitter, generate semantic embeddings via Voyage AI (AST-aware code chunks are sent for embedding generation — not complete files, and no customer-identifiable metadata such as repository names, usernames, or file paths is transmitted), and build a symbol graph of definitions and references. Voyage AI is a MongoDB subsidiary and processes chunks transiently under API terms that prohibit training on customer data. All data is stored in PostgreSQL with tenant isolation via namespace UUIDs. Your data is accessible only to members of your organization. When you disconnect a repository, its source code and all derived data are deleted. When you cancel your account, all code data is purged within 30 days.
5. Third Parties
We use the following services to operate Maguyva:
- Supabase (database hosting, AWS US regions)
- Cloudflare (CDN, edge compute, DNS)
- Voyage AI, a MongoDB subsidiary (embedding generation — receives AST-aware code chunks without customer identifiers, not complete files or repositories)
- Stripe (payment processing)
- GitHub (OAuth authentication and repository access)
6. Data Security
All data is encrypted in transit (TLS 1.2+) and at rest. Repository data is isolated per organization using namespace-scoped access controls. API keys are scoped by permission level (user, developer, service).
7. Your Rights
Under Singapore PDPA and EU GDPR (where applicable), you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data and indexed repositories
- Export your account data
- Object to processing or withdraw consent
8. Data Retention
Active accounts: data is retained while your account is active. Deleted accounts: code data is purged within 30 days, database backups within 90 days. Billing records are retained for 7 years as required by law.
9. Changes and Contact
We will email you about material changes to this policy. For questions or data requests, contact privacy@maguyva.ai.
Questions about our privacy policy? Contact us at privacy@maguyva.ai