Privacy Policy
Effective: 2026-05-25
This policy explains what data kernelCAD ("we", "us") collects when you use the kernelCAD website (kernelcad.com), the hosted Studio (app.kernelcad.com), the hosted MCP server (mcp.kernelcad.com), and the kernelcad tooling — and how we use it.
What we collect
- Account & identity. When you sign in, we authenticate you through Google via Supabase Auth and store your email address and account identifier.
- Usage & generated content. CAD models you generate with the built-in hosted agent — your prompt and the resulting
.kcad.tssource — are stored so we can show your history and enforce free-tier limits. - Billing. If you subscribe, payment is processed by Stripe. We never receive or store your card details; we store only your subscription status.
- Analytics. We use Cloudflare Web Analytics for aggregate visitor counts — no cookies, no IP storage.
Bring-your-own-Claude (MCP)
When you connect your own Claude (or another agent) to mcp.kernelcad.com/mcp, your prompts are processed by your AI provider (e.g. Anthropic) — not by us. We receive only the resulting tool calls needed to run modeling, introspection, and review, and we do not store your conversation. Connecting your own agent requires only a sign-in to authorize access to your account.
Built-in hosted agent
If you use the built-in hosted "generate" capability, the prompt you submit is sent to our LLM provider (DeepInfra, running open models) to produce CAD source. We do not sell your prompts and do not use them to train our own models.
How we use your data
- To provide and operate the service (authentication, generation, exports, project storage).
- To enforce free-tier quotas and process subscriptions.
- To respond to support requests and improve the product.
Third parties / processors
We rely on: Supabase (authentication + database), Stripe (payments), DeepInfra (LLM inference for hosted generation), Cloudflare (hosting, CDN, anonymous analytics), and Hetzner (server hosting). Each processes data only to provide its service to kernelCAD.
Public projects
Projects you choose to make public are accessible to anyone with the link. Private projects are restricted to your account (a paid feature).
Data retention
Account data is retained while your account is active. Anonymous (signed-out) generations are temporary and purged automatically (within ~24 hours). You can request deletion of your account and associated data at any time.
Your rights
You may request access to, correction of, or deletion of your personal data, and you may object to or restrict certain processing. Depending on your location, you may have additional rights under the GDPR or CCPA. To exercise any of these, email us at the address below.
Security
Authentication uses OAuth 2.1; data is encrypted in transit (HTTPS/TLS). Access tokens are scoped and revocable.
Children
kernelCAD is not directed to children under 16 and we do not knowingly collect their data.
Changes
We may update this policy; material changes will be reflected by the effective date above.
Contact
Questions or data requests: [email protected].