Linzumi Open app

Linzumi Privacy Policy

Last updated: June 7, 2026

This Privacy Policy explains how Linzumi, Inc. ("Linzumi", "we", "us") collects, uses, discloses, and protects personal information when people use Linzumi's public website, waitlist, hosted application, mobile applications, backend APIs, WebSocket services, GitHub integration, agent workflows, and related services (the "Service").

1. Scope

This Privacy Policy applies to:

  • Linzumi websites, including linzumi.com.
  • Linzumi hosted application, including app.linzumi.com.
  • Linzumi backend services, including HTTP API and WebSocket services at serve.linzumi.com.
  • Linzumi mobile applications.
  • Linzumi GitHub integration, including the Linzumi GitHub App and GitHub OAuth authorization flows.
  • Waitlist, onboarding, support, and administrative communications.

This Privacy Policy does not apply to third-party services that Linzumi does not control.

2. Personal Information We Collect

Account And Identity Information

We may collect:

  • Name.
  • Email address.
  • User ID.
  • Organization, team, or workspace membership.
  • Authentication identifiers and session information.
  • Single sign-on identifiers from providers you use to sign in, such as GitHub and Google.
  • Passkey registration and authentication metadata.
  • Email verification codes, passwordless login codes, and related delivery metadata.
  • Session tokens, refresh tokens, CSRF tokens, and other security credentials or token-derived metadata.
  • GitHub account, organization, repository, and installation identifiers.

GitHub Integration Information

If you install the Linzumi GitHub App or authorize Linzumi through GitHub OAuth, we may collect and process GitHub data according to the permissions you grant, including:

  • Repository metadata.
  • Pull request titles, numbers, states, branches, authors, reviewers, comments, and related metadata.
  • Issue titles, numbers, states, labels, assignees, comments, and related metadata.
  • Check runs, check suites, action/workflow run metadata, and commit statuses.
  • Repository contents, commits, branches, releases, and merges when the relevant permission is granted.
  • Installation and webhook delivery metadata.

Depending on the features you enable and the permissions you grant, Linzumi may both read GitHub data and write to GitHub on your behalf. Write operations may include opening, updating, or merging pull requests, posting pull request or review comments, and updating related repository state. Linzumi performs write operations only where you have granted the necessary permissions and enabled a feature that uses them.

Customer Content

We may collect content you provide to, generate with, or connect to the Service, including:

  • Project names, specs, documents, notes, chats, prompts, instructions, and feedback.
  • Workspace files, generated artifacts, diffs, review logs, agent progress, and project metadata.
  • Voice or audio recordings you submit for dictation or transcription, and the resulting transcripts.
  • Uploaded images, generated images, image prompts, and image metadata.
  • Repository-derived code or content processed through an integration.

Usage, Device, And Log Information

We may collect:

  • IP address.
  • Browser and device information.
  • Push notification tokens and related device or browser push metadata.
  • Pages and features used.
  • API and WebSocket activity.
  • Errors, diagnostics, performance data, product analytics, and security logs, including information processed through Sentry and Superlog.
  • Timestamps, request metadata, and operational telemetry.

Communications

We may collect information you provide through:

  • Waitlist forms.
  • Support requests.
  • Sales or onboarding communications.
  • Feedback forms.
  • Slack or other operational notifications when configured.

Public Website And Hosted App Information

When you visit linzumi.com, use app.linzumi.com, or call services at serve.linzumi.com, we may collect:

  • Pages visited, referring URLs, and approximate timestamps.
  • Browser, device, IP address, and network metadata.
  • Session, authentication, and CSRF/security information.
  • Waitlist email submissions and form metadata.
  • Frontend error, performance, and diagnostic information.
  • API request metadata and WebSocket connection metadata.
  • Passkey, session, token, email-code, device, and security-event metadata used to authenticate users and protect accounts.

3. Sources Of Personal Information

We collect personal information:

  • Directly from you.
  • From your organization or workspace administrator.
  • From single sign-on and OAuth providers you use to sign in, such as GitHub and Google.
  • From GitHub when you install the GitHub App or authorize Linzumi through GitHub.
  • From external services you choose to connect to the Service.
  • From service providers that help us operate the Service.
  • Automatically through logs, cookies, local storage, and similar technologies.

4. How We Use Personal Information

We use personal information to:

  • Provide, operate, secure, and maintain the Service.
  • Authenticate users and manage access.
  • Connect and operate GitHub integrations, including reading from and, where enabled, writing to GitHub on your behalf.
  • Generate, summarize, analyze, review, transcribe, or transform Customer Content through AI-assisted workflows.
  • Store projects, workspaces, generated artifacts, images, and related metadata.
  • Send push notifications and operational communications.
  • Respond to support, waitlist, sales, and administrative requests.
  • Monitor performance, debug issues, prevent abuse, and protect security.
  • Improve the Service and develop new features.
  • Comply with law and enforce our terms.

5. AI Processing

Linzumi may send Customer Content, prompts, messages, code, repository snippets, files, audio, images, metadata, and context to AI providers and external AI/token services to provide requested AI features. Linzumi may reach these providers directly and/or through model-routing providers, and Linzumi reserves the right to add, remove, change, or route between providers as the Service evolves. By using AI features, you authorize Linzumi to route Customer Content and related metadata to the providers and external services Linzumi selects to provide, secure, meter, and improve those features. AI providers and external services may include OpenAI, OpenRouter, Anthropic, Google/Gemini, Cerebras, Groq, Wafer, and future providers listed on our subprocessor page.

Unless otherwise agreed in writing, Linzumi does not use Customer Content to train Linzumi foundation models.

Each model provider has its own terms, data-handling controls, retention settings, and abuse-monitoring practices, and the provider's own terms control Linzumi's use of that provider.

Users should avoid submitting secrets, credentials, regulated sensitive data, or highly sensitive personal information unless Linzumi documentation expressly supports that use.

6. How We Disclose Personal Information

We may disclose personal information to:

  • Service providers and subprocessors that host, store, process, secure, analyze, or support the Service.
  • AI providers when needed to provide AI features.
  • GitHub when you use GitHub integration features or when webhook/API flows require communication with GitHub.
  • Your organization administrators and authorized workspace members.
  • Professional advisors, auditors, insurers, and legal providers.
  • Authorities or third parties when required by law or necessary to protect rights, safety, security, or the Service.
  • Successors in connection with a merger, acquisition, financing, reorganization, or sale of assets.

We do not sell personal information for money, and we do not use advertising cookies or cross-context behavioral advertising on Linzumi-controlled domains. We may use operational logging, product analytics, error monitoring, and security tools to provide and improve the Service.

7. Subprocessors

Linzumi's current subprocessor list is published at https://serve.linzumi.com/subprocessors. We may update the list as the Service evolves.

You authorize Linzumi to use and route data to subprocessors, model providers, model-routing providers, token services, infrastructure providers, and other service providers as needed to provide, secure, meter, support, and improve the Service. Linzumi may add, remove, change, or route between providers as the Service evolves. Linzumi will update the subprocessor list from time to time and may provide additional notice of material changes where reasonably practicable. Where a Data Processing Addendum or signed agreement applies, subprocessor change notice and objection rights are governed by that agreement.

Expected subprocessors include:

  • GitHub.
  • OpenAI.
  • Google/Gemini.
  • Anthropic.
  • Cerebras.
  • Groq.
  • Wafer.
  • OpenRouter.
  • InstantDB.
  • Amazon Web Services.
  • Netlify.
  • Resend.
  • Slack.
  • Sentry.
  • Superlog.
  • Apple.
  • Tailscale.

See https://serve.linzumi.com/subprocessors for details.

8. Cookies And Similar Technologies

We may use cookies, local storage, and similar technologies to:

  • Keep users signed in.
  • Remember preferences.
  • Secure sessions.
  • Understand usage and diagnose issues.

The Cookie Policy at https://serve.linzumi.com/cookie-policy provides more detail about cookies and local storage used on Linzumi websites and applications.

Linzumi does not intentionally use advertising cookies on Linzumi-controlled domains. To our current knowledge, GitHub, InstantDB, Netlify, Sentry, Superlog, and support tools do not set advertising cookies on linzumi.com, app.linzumi.com, or serve.linzumi.com as part of Linzumi's current product configuration.

9. Retention

We retain personal information for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, secure the Service, and maintain business records.

Project content, workspace data, and GitHub-derived data may be retained while the relevant account, project, workspace, repository connection, or integration remains active, and may be retained after deactivation where reasonably necessary for backup, security, legal, audit, abuse-prevention, or operational purposes. Some GitHub-derived data may be cached indefinitely unless and until Customer deletes the relevant project, disconnects the integration, requests deletion, or Linzumi adopts a shorter retention period.

Operational logs, product analytics, and telemetry are retained according to Linzumi's operational needs and provider settings. Waitlist and support communications are retained for business, support, and compliance purposes unless deletion is requested and deletion is required by applicable law.

Some Linzumi systems may use append-only or event-sourced records for reliability, auditing, debugging, security, and product integrity. When deletion is requested, Linzumi may satisfy the request by deleting source records, deleting project/workspace content, removing data from user-facing product surfaces, disconnecting integrations, redacting or tombstoning event payloads, severing identifiers from event records, or de-identifying personal information, rather than rewriting every immutable historical event. Linzumi will not use retained deleted-content remnants for ordinary product display after deletion, but may retain records where permitted or required for legal, security, abuse-prevention, accounting, backup, or operational purposes.

10. Security

We use administrative, technical, and organizational safeguards designed to protect personal information. These may include access controls, environment-separated secrets, encryption in transit, cloud-provider security controls, logging, and limited production access.

No method of transmission or storage is completely secure. You are responsible for protecting your credentials and configuring integration permissions carefully.

11. International Data Transfers

Linzumi and its subprocessors may process personal information in the United States and other countries. Where required, Linzumi will use appropriate transfer mechanisms.

Linzumi primarily targets the United States, but customers and users outside the United States may use the Service. Where required, Linzumi will use appropriate transfer mechanisms for international transfers, such as standard contractual clauses or data processing terms with subprocessors.

12. Privacy Rights

Depending on where you live, you may have rights to:

  • Access personal information.
  • Correct personal information.
  • Delete personal information.
  • Port personal information.
  • Object to or restrict processing.
  • Opt out of certain processing.
  • Limit the use of sensitive personal information.
  • Appeal a privacy request decision.

To exercise rights, contact privacy@linzumi.com. We may need to verify your identity and authority before responding. You may use an authorized agent to submit a request where permitted by law, and we may require verification of the agent's authority. We will not discriminate against you for exercising your privacy rights.

13. California And U.S. State Privacy Notices

This section provides additional information for residents of California and other U.S. states with comprehensive privacy laws. Depending on where you live, you may have the rights described in Section 12.

Categories Of Personal Information We Collect

In the past 12 months, Linzumi may have collected the following categories of personal information, as described in more detail in Section 2:

  • Identifiers, such as name, email address, user ID, account identifiers, and IP address.
  • Account and authentication information, such as single sign-on identifiers, passkey metadata, login codes, and session or token metadata.
  • Commercial information, such as plan, subscription, or transaction metadata where applicable.
  • Internet and network activity, such as usage, device, log, diagnostic, and telemetry data.
  • Customer Content you submit or generate, which may contain personal information about you or others, including audio you submit for transcription.
  • Professional or employment-related information where it appears in account, organization, or repository data.
  • Inferences drawn to operate and improve the Service.

Sensitive Personal Information

Linzumi does not seek to collect sensitive personal information beyond authentication and security credentials (such as login codes, passkeys, and session tokens) used to secure accounts. Linzumi uses this information only to provide and secure the Service and does not use or disclose it for purposes that would require offering a "right to limit" beyond what we already honor. The Service is not intended for other categories of regulated sensitive data unless Linzumi expressly agrees in writing.

Sources And Purposes

The sources of personal information are described in Section 3, and the purposes for which we use it are described in Section 4.

Sale Or Sharing

We do not sell personal information for money, and we do not "share" personal information for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws. We do not knowingly sell or share the personal information of individuals under 16.

Opt-Out Preference Signals

Where required by law, Linzumi will treat recognized opt-out preference signals, such as Global Privacy Control (GPC), as a valid request to opt out of sale or sharing for the applicable browser or device.

Disclosures For A Business Purpose

We may disclose personal information to service providers, subprocessors, and the other recipients listed in Section 6 for the business purposes described in this Privacy Policy.

Exercising Rights And Appeals

To exercise your rights, contact privacy@linzumi.com as described in Section 12. If we deny your request, you may appeal by replying to our response or contacting privacy@linzumi.com, and we will respond as required by applicable law.

14. Children's Privacy

The Service is not directed to children under 13 or to children under the minimum age required in their jurisdiction. We do not knowingly collect personal information from children.

15. Changes

We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the Service, by email, or by other reasonable means.

16. Contact

Linzumi, Inc.
Mailing address available upon request.
Email: privacy@linzumi.com