Privacy Policy

SteelSpine AI is local-first by design. We collect the minimum data required to operate the service.

Effective date: May 8, 2026 · Last updated: May 8, 2026

1. Who we are

SteelSpine AI is a product of Felps Enterprises Inc., a Canadian corporation registered federally and extra-provincially in Ontario, Canada. Our registered office is in Hamilton, Ontario, Canada. You can reach us at hello@steelspine.ai.

For the purposes of GDPR (EU/UK), we are the data controller for personal data we collect from customers and visitors. For Canadian PIPEDA purposes, we are the organization handling your personal information.

2. The local-first principle

Your captured runs stay on your machine. SteelSpine wraps your AI agents and records what they do. That capture data — stdout, stderr, decision events, hash-chained audit logs — is written to disk on your machine and never transmitted to Felps Enterprises Inc. unless you explicitly choose to share it.

This is the core privacy property of the product. Compliance officers and security teams choose SteelSpine specifically because the audit trail does not leave their environment.

3. What we collect

3.1 Account information

When you sign up for a paid subscription or trial, we collect:

Email address
Name (optional)
Company / organization name (optional)
Country (for tax / compliance purposes)

3.2 Payment information

Payments are processed by Lemon Squeezy, our Merchant of Record. Lemon Squeezy collects and processes your payment details (credit card, billing address, etc.) under their own privacy policy. We receive only a tokenized customer reference, subscription status, and billing-event metadata — never your full card details.

See Lemon Squeezy's privacy policy at lemonsqueezy.com/privacy.

3.3 License validation

The SteelSpine binary validates your license key on startup against Lemon Squeezy's license API. This validation transmits:

Your license key
The originating IP address (used by Lemon Squeezy for fraud / abuse detection)
The product and version being validated

License validation does not transmit any of your captured run data, agent code, prompts, or outputs.

3.4 Crash reports and telemetry

SteelSpine has no telemetry by default. If you opt in to crash reporting (off by default), the crash report includes the stack trace, the SteelSpine version, and your operating system — never your captured run data.

3.5 Website analytics

The steelspine.ai website is hosted on Cloudflare Pages. Cloudflare may log anonymized request metadata (IP address, user-agent, page accessed) for security and abuse prevention. We do not run third-party advertising trackers or behavioral analytics on the website.

3.6 Support correspondence

If you email hello@steelspine.ai, we retain the email contents and your email address to respond to your support request and improve the product.

4. How we use the data

To provide, maintain, and improve the SteelSpine service
To validate your license at runtime
To process payments via Lemon Squeezy
To respond to support and sales inquiries
To meet our tax, accounting, and compliance obligations
To send you product update emails (if you opt in)

We do not sell your personal data. We do not share it with third-party advertisers. We do not use your captured run data to train any model.

5. Third parties we share data with

Lemon Squeezy — payment processing and license API. Privacy policy.
Cloudflare — website hosting (steelspine.ai), email routing (hello@steelspine.ai). Privacy policy.
Tax and accounting providers as required for our financial reporting obligations under Canadian law.
Legal authorities only when required by valid legal process.

6. Where data is stored

Account information and license records are held in our Lemon Squeezy account (Lemon Squeezy operates internationally; data may be stored in the United States). Cloudflare hosting data is held on Cloudflare's global infrastructure. Support emails are held in our Cloudflare Email Routing inbox.

Captured run data, by design, is stored only on your own infrastructure.

7. How long we keep data

Active customer account data: for the life of the account, plus 7 years for tax/accounting compliance
Cancelled accounts: 7 years after cancellation, then deleted
Support emails: up to 3 years
Cloudflare access logs: per Cloudflare's retention policy (typically < 30 days for free tiers)

8. Your rights

Depending on your jurisdiction, you have rights including:

Access — ask what personal data we hold about you
Correction — fix inaccurate or incomplete data
Deletion — request deletion (subject to legal retention obligations)
Portability — receive your data in a machine-readable format
Objection / withdrawal — opt out of marketing emails or product update notices
Lodging a complaint — with your local data protection authority (in Canada, the Office of the Privacy Commissioner; in the EU/UK, your national supervisory authority)

To exercise any of these rights, email us at hello@steelspine.ai. We will respond within 30 days.

9. Children

SteelSpine AI is a B2B developer / compliance tool and is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.

10. Security

We use industry-standard practices to secure account and billing data. Lemon Squeezy is PCI-DSS compliant for payment data. Cloudflare provides TLS encryption for all web traffic. Despite these measures, no system is completely secure; if we discover a security incident affecting your data we will notify you and the appropriate regulators within the timeframes required by law.

11. Changes to this policy

We will post any changes to this Privacy Policy on this page and update the "Last updated" date. For material changes, we will notify active customers by email at least 30 days before the change takes effect.

12. Contact

Felps Enterprises Inc.
Hamilton, Ontario, Canada
Email: hello@steelspine.ai