Please read before creating an account. This explains what Midcore collects, why, and your choices.
This Privacy Policy describes how NeuroBazar Inc. (“NeuroBazar,” “we,” “us,” or “our”) collects, uses, discloses, stores, and protects personal data in connection with the Midcore platform, website at midcore.dev, desktop application, APIs, AI-assisted workflows, and related services (collectively, the “Service”). You must review and acknowledge this policy before creating an account or using authenticated features.
When you create an account, we collect your name, email address, and authentication credentials. If you sign up via a third-party provider (GitHub, Google, or SSO), we receive your profile information as authorized by that provider. For paid plans, we collect billing details through our payment processor — we never store full credit card numbers on our servers.
We collect anonymized analytics about how you interact with the Service, including features used, session duration, error reports, and performance metrics. This data helps us improve the product. You can opt out of non-essential telemetry in Settings.
When using the cloud-hosted Service, your code and project files may be transmitted to our servers for AI processing (code completions, chat, agent actions). This data is encrypted in transit via TLS 1.3. How long we retain this data depends on your privacy mode — see Privacy Mode below.
We automatically collect device type, operating system, browser version, IP address, and general location (country/region level). This information is used for security, fraud prevention, and service optimization.
We use the information we collect to:
We do not sell your personal data. We do not use your private code to train AI models unless you explicitly opt in to a research program.
Midcore uses large language models (LLMs) to provide AI-powered features including code completion, chat assistance, autonomous agents, and code review. When you use these features on the cloud plan:
Midcore offers a dedicated Privacy Mode that provides enhanced data protection:
Requests are routed to providers and infrastructure configured for stronger retention limits where available. Provider-side storage is minimized, and only the data needed to process the request is sent. Codebase indexing uses limited project context designed to support product functionality without broad disclosure.
Additional model providers may be available. Some providers may temporarily process or cache request data under their own enterprise data processing terms. We work to disclose provider behavior clearly where model choice affects retention.
Enterprise customers may be able to enforce stricter privacy controls across their organization through administrative settings and written agreements.
We take the security of your data seriously:
For more details about our security practices, visit our Security page.
We retain different types of data for different periods:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion |
| Code / AI prompts (Privacy Mode) | Not stored beyond request processing |
| Code / AI prompts (Standard Mode) | Up to 30 days for quality improvement, then deleted |
| Usage analytics | 24 months (aggregated and anonymized) |
| Billing records | 7 years (legal requirement) |
| Security logs | 12 months |
You can request deletion of your data at any time by contacting us or through your account settings. We will process deletion requests within 30 days, subject to legal retention requirements.
We use the following categories of third-party services:
We maintain data processing agreements with all sub-processors. A current list of sub-processors is available in our Data Processing Agreement.
Depending on your location, you may have the following rights under applicable data protection laws (including GDPR and CCPA):
To exercise any of these rights, contact us at legal@midcore.dev. We will respond within 30 days (or sooner where required by law).
For California residents: Under the CCPA, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information.
For EU/EEA residents: Our legal basis for processing personal data is typically contract performance (providing the Service), legitimate interest (improving the Service), or your consent. You may lodge a complaint with your local data protection authority.
The Service is not directed to individuals under 18 or under the age of majority in their jurisdiction. We do not knowingly collect personal information from children. If we learn that a user does not meet the eligibility requirements, we may investigate, delete the personal data, and close the account. If you believe we have collected data from a child, please contact us at legal@midcore.dev.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by posting a prominent notice on our website at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or our data practices, contact us:
See also: Terms of Service · Security · Data Processing Agreement