Legal

Privacy Policy

Last updated: May 22, 2026

This Privacy Policy explains what information Sokudo collects when you use our website, our desktop application, and the services that support them, and how we use, store, share, and protect that information.

1. Who we are

"Sokudo" (also referred to as "we", "us", or "our") provides an agentic IDE that lets developers plan, break down, and ship software alongside AI agents. This policy applies to the Sokudo marketing website, the Sokudo desktop application, and the backend services that power them (together, the "Services").

If you have any questions about this policy or how we handle your data, contact us at support@sokudo.dev.

2. Information we collect

We collect only what we need to operate the Services. Specifically:

Account information. When you sign in with a third-party identity provider (GitHub, GitLab, or Bitbucket), we receive your name, email address, profile image, a stable user identifier from that provider, and the OAuth tokens needed to maintain your session. We store this information in our authentication database.

Session information. We create a session record when you sign in. Each session stores the session token, the IP address you signed in from, your browser or desktop user-agent string, and the session's expiry. We use this information to keep you signed in and to detect abuse.

Waitlist information. When you create an account you are automatically added to our private-beta waitlist. We store your account identifier and a status ("pending" or "approved") so we know who has been granted access.

Workspace content. If you use the desktop application, you can create workspaces that contain tasks, chats, notes, custom AI agents, knowledge items, and rules. Most of this content is stored on our servers so that it is available across devices. Specifically, we store:

  • Workspace metadata (name, description, indexing status).
  • Tasks and kanban data (titles, descriptions, labels, columns, comments, activity).
  • Chat history (messages, message blocks, attachments, the AI model selected, and token-usage metadata).
  • Memory entries and summaries generated by agents.
  • Custom agents, rules, and knowledge items you create.

Source-code index. When you index a workspace, your desktop app sends file paths and file contents to our server. The server splits the content into chunks, generates vector embeddings using a third-party embedding model (see "Sub-processors" below), and stores those embeddings in a vector database. We do not retain the original source-code text after the embedding step; only the vector representations and a chunk identifier are kept.

Token-usage metadata. When you run an AI agent through Sokudo, we record metadata about each call: which CLI and model were used, input/output token counts, cache statistics, latency, the workspace and chat it belonged to, and an estimated cost in USD. We do not record the prompt or completion text in this metadata.

Telemetry (opt-in). The desktop application can send anonymous engine telemetry — for example, sandbox-environment startup timings and error categories — to our collector service. Telemetry is off by default until you enable it, can be turned off at any time from inside the desktop app, and is tagged with an anonymous install identifier rather than your user account. Telemetry records are retained for up to 90 days.

Support correspondence. If you email us, we keep your message and our reply so we can follow up.

3. What stays on your device

The Sokudo desktop application is a hybrid local/server product. The following information stays on your machine and is never transmitted to our servers unless you take a specific action that requires it:

  • The contents of files in your local working directory, until you explicitly trigger indexing for that workspace.
  • Drafts of chat messages you have not yet sent.
  • Local development-environment state (containers, sandboxes, Docker Compose files, virtual-machine state).
  • Cached telemetry batches when telemetry is disabled — they are wiped immediately when you opt out.

4. AI providers and your prompts

Sokudo integrates with multiple AI command-line tools (such as Claude Code, OpenAI's Codex CLI, Google's Gemini CLI, and OpenCode). When you send a prompt to an AI agent, the desktop application calls the chosen CLI locally on your machine. That CLI then sends the prompt and any context it needs directly to the underlying provider (Anthropic, OpenAI, Google, etc.) over a connection between your machine and that provider.

Your prompts and the AI's responses are not proxied through Sokudo's servers. We do not receive a copy of the prompt or completion text. Once the AI's response is returned to your machine, the desktop application stores the resulting chat message — including the response text — in your workspace, which is synchronized to our servers as described in section 2.

The terms and privacy policies of those AI providers apply to the requests they receive. You are responsible for choosing which provider to use and for any credentials you supply.

5. How we use information

We use the information described above only to:

  • Authenticate you and keep you signed in.
  • Provide the core product — your workspaces, tasks, chats, and indexed code search.
  • Operate the waitlist and grant access in waves.
  • Measure aggregate token usage and cost so we can size capacity.
  • Diagnose bugs, debug crashes, and improve performance (using opt-in telemetry where available).
  • Detect, investigate, and prevent abuse, fraud, or security incidents.
  • Communicate operational notices (security advisories, downtime, access approvals) by email.
  • Comply with legal obligations.

We do not sell your personal information. We do not use your workspace content, chat history, or indexed code to train AI models — neither our own nor anyone else's.

6. Sub-processors and infrastructure

Sokudo relies on the following categories of sub-processors to run the Services:

  • Identity providers — GitHub, GitLab, and Bitbucket — for OAuth sign-in.
  • Embedding model provider — used to generate vector embeddings of indexed code chunks.
  • Vector database — used to store and query the embeddings produced above.
  • PostgreSQL, Redis, and MongoDB hosting — used to store account data, session data, workspace data, rate-limit state, and (for opt-in telemetry) anonymous engine events.
  • Transactional email provider — used to send account-related email such as email verification and password reset.

We engage each sub-processor under terms that require them to handle data only on our instructions and to keep it secure.

7. Cookies and similar technologies

We use a small number of first-party cookies to keep you signed in. These cookies store your session token and related authentication state. We do not use third-party advertising, tracking, or analytics cookies on this website.

You can clear cookies at any time from your browser. Doing so will sign you out.

8. Data retention

We keep your account information for as long as your account exists. Workspace content, chat history, and indexed embeddings are kept until you delete the relevant workspace or your account. Session records expire automatically. Anonymous telemetry events are deleted after 90 days. If you ask us to delete your account, we will remove your personal information within a reasonable period, except where we are required to keep records to comply with a legal obligation, resolve disputes, or enforce our agreements.

9. Security

We use industry-standard measures to protect your information: encrypted connections (HTTPS), encrypted storage of OAuth tokens at rest, scoped database credentials, rate limiting on authentication endpoints, and least-privilege access controls for our team. No system is perfectly secure, however, and we cannot guarantee absolute security.

10. Your choices and rights

You can:

  • Update your name and profile image with your identity provider — those changes flow back to Sokudo the next time you sign in.
  • Change or disable telemetry from inside the desktop app.
  • Delete individual workspaces, chats, tasks, knowledge items, agents, and rules from the desktop app.
  • Request a copy or deletion of your personal information by emailing support@sokudo.dev.

Depending on where you live, you may also have additional rights — for example, to object to processing, to restrict processing, or to lodge a complaint with a data-protection authority. Email us and we will help.

11. Children

Sokudo is not directed at children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us so we can delete it.

12. International transfers

The Services are operated from infrastructure that may be located in countries other than your own. By using the Services you understand that your information may be transferred to, stored in, and processed in those countries.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of the page, and — if the changes are material — we will notify you by email or in-product before the new version takes effect.

14. Contact us

For any privacy-related question or request, email support@sokudo.dev. We will do our best to respond within a reasonable timeframe.