Privacy Policy

Last Updated: December 30, 2025

Our Commitment to Privacy

Critiq is a desktop application that runs entirely on your local machine. We fundamentally believe that your code and development workflow are private, and we've built Critiq to respect that principle.

What We Don't Collect

Critiq does not collect, transmit, or store:

• Your source code or repository contents
• Git commit history, branches, or metadata
• File names, paths, or directory structures
• Usage analytics or telemetry data
• Crash reports or error logs
• AI prompts or responses
• Language server protocol (LSP) data
• Any personally identifiable information from the application

What We Do Collect

Payment and License Information

When you purchase Critiq, payment processing is handled by Lemon Squeezy, our merchant of record. Lemon Squeezy collects:

• Your email address (for license delivery and receipts)
• Payment information (processed securely by Lemon Squeezy, we never see your payment details)
• Billing address (if required for tax purposes)
• License key associated with your purchase

Lemon Squeezy's privacy policy can be found at: https://www.lemonsqueezy.com/privacy

License Validation

When you activate Critiq with your license key, the application makes a secure API call to Lemon Squeezy to validate that the license is legitimate and active. This validation request includes:

• Your license key
• No other information is transmitted during validation

License validation occurs only when you first activate the software or when explicitly re-validating your license. Critiq does not "phone home" during normal operation.

Website Analytics

Our marketing website (getcritiq.dev) does not use tracking cookies or analytics services. We do not track your browsing behavior or collect visitor data.

Third-Party Services

AI Providers

If you choose to use Critiq's AI features, you must provide your own API key for your chosen AI provider (Claude, ChatGPT, Gemini, or custom). When you use AI features:

• Your API key is stored locally on your machine only
• AI prompts and code context are sent directly from your machine to your chosen AI provider
• We never see, store, or have access to your AI interactions
• Refer to your AI provider's privacy policy for how they handle data

Git Provider OAuth (GitHub, GitLab, Bitbucket)

Critiq lets you connect GitHub, GitLab, and Bitbucket via OAuth using apps we own. During OAuth, the provider shares basic profile info (e.g., username and email) with our app. We do not send this data to our servers; we display it locally and store the OAuth tokens only in your system keychain for cloning/fetch/push and PR APIs directly from your machine. Repo data stays local—we do not proxy or store your repositories.

Licensing

When you activate a Critiq license, we call our licensing provider (Lemon Squeezy) and pass your license key and a hashed machine identifier as the instance name. This identifier helps manage activation slots. We do not receive or store your machine identifiers or license keys on our servers; the call goes directly from the app to our licensing function and then to Lemon Squeezy. We also store a hashed machine identifier locally to prevent sharing activation files between machines.

Supabase Edge Functions

Certain features (license activation, checkout, lead capture, and OAuth token exchange for GitHub/GitLab/Bitbucket) are proxied through Supabase Edge Functions we control. These functions may log basic request metadata (e.g., timestamp, IP, user agent) for security and abuse prevention. We do not persist or analyze your code, repo contents, or AI data through Supabase; only the minimal data needed for the specific function (e.g., license key for activation, OAuth code for token exchange) is forwarded to the downstream provider.

Git and Language Servers

Critiq integrates with your local git installation and language servers. All operations are performed locally. Critiq does not intercept, modify, or transmit any data from these integrations.

Data Storage

All application data is stored locally on your machine, including:

• Application settings and preferences
• Your AI provider API keys (stored in your system's secure credential storage)
• Your license key
• LSP server configurations

This data never leaves your machine unless you explicitly choose to sync it using your own backup or sync solutions.

Security

Because Critiq operates entirely locally and doesn't transmit your code or usage data, the security of your code and workflow is under your control. We recommend:

• Keeping your operating system and Critiq up to date
• Using secure credential storage for your git and API keys
• Following your organization's security best practices for local development tools

Children's Privacy

Critiq is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify users by updating the "Last Updated" date at the top of this policy. Your continued use of Critiq after changes are posted constitutes acceptance of the updated policy.

Your Rights

Because we don't collect or store your usage data, there is no user data for us to access, modify, or delete. For payment and license data held by Lemon Squeezy, you may contact them directly to exercise your data rights under GDPR, CCPA, or other applicable privacy laws.

Data Protection and Jurisdiction

Critiq is operated from Denmark and complies with the European Union's General Data Protection Regulation (GDPR). For any data protection matters, the Danish Data Protection Authority (Datatilsynet) has jurisdiction. While we process minimal personal data as described in this policy, we are committed to maintaining the highest standards of data protection and privacy.

Contact

If you have questions about this Privacy Policy or Critiq's privacy practices, please contact us at hello@getcritiq.dev.