Nogic
Last updated: Feb 6, 2026

Privacy Policy

1. Introduction

Nogic, Inc. (“Nogic”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services.

2. Services Covered

This Privacy Policy applies to all Nogic products and services, including:

  • Nogic CLI: The command-line interface used to index, sync, and manage your codebase graph.
  • Nogic Extension: The extension available on the VS Code Marketplace, Open VSX Registry, and compatible with any VS Code-based editor or fork, including but not limited to Cursor, Windsurf, Antigravity, and others.
  • Nogic MCP: The Model Context Protocol server that provides code intelligence to AI agents and MCP-compatible tools.
  • Nogic Web Dashboard: The website at nogic.dev, including account management, API key management, and documentation at docs.nogic.dev.

Collectively referred to as the “Services.”

3. Information We Collect

3.1 Account Information

When you create an account or sign in, we collect:

  • Email address and name (provided via our authentication provider)
  • API keys you generate (stored as irreversible cryptographic hashes on our servers; only a short prefix is retained for display purposes)

3.2 Code Structure Metadata

When you use the Nogic CLI or Extension to sync your codebase, we collect and process structural metadata about your code. This includes:

  • Relative file paths within your project
  • Function, class, and method names and their qualified paths
  • Function signatures, parameters, and return type annotations
  • Start and end line numbers of definitions
  • Decorator names and docstrings
  • Import statements and module references
  • Call graph relationships (which functions call which other functions)
  • Class inheritance and interface implementation relationships
  • Framework-specific patterns (e.g., API route definitions, data models)

This metadata is stored in our graph database and is used to power code intelligence features such as symbol search, dependency analysis, impact assessment, and relationship visualization.

3.3 Source Code Processing

During sync and indexing operations, source code content is transmitted to our servers over encrypted connections (TLS) for the purpose of parsing and extracting the structural metadata described in Section 3.2. Source code is processed in memory and is not persisted as raw source code in our databases. Only the extracted structural metadata and relationships are stored.

Additionally, code text snippets (such as function signatures and summaries) may be sent to third-party embedding providers to generate vector representations used for semantic search functionality. See Section 6 for details on third-party service providers.

3.4 Local Processing by the Extension

The Nogic Extension performs code parsing and analysis locally on your machine using tree-sitter and language-specific parsers. This local analysis generates a SQLite database stored on your device containing file structure, symbol definitions, and relationships. This locally-stored data is not transmitted to our servers unless you explicitly initiate a sync operation via the CLI.

3.5 Telemetry Data

We collect anonymous telemetry data to understand usage patterns and improve our Services. Telemetry is fully optional and can be disabled at any time. For full details on what telemetry is collected and how to opt out, see our Telemetry page.

Telemetry collected by the CLI includes:

  • CLI version, operating system, and runtime version
  • Anonymous machine identifier (a cryptographic hash, not your actual machine name)
  • Event names such as login, init, and sync completion status

Telemetry collected by the Extension includes:

  • Extension version number
  • Commands invoked and feature usage events
  • Performance metrics (e.g., sync duration, aggregate file and symbol counts)
  • Workspace size category (small, medium, or large; not actual file names)
  • Anonymized error reports (error type and context only, no stack traces)

3.6 Technical and Usage Data

When you visit our website or use the dashboard, we may collect:

  • IP address, browser type, device information, and operating system
  • Pages visited and interactions with our website
  • Cookies and similar tracking technologies (see Section 10)

3.7 Project Metadata

We collect basic project-level metadata, including:

  • Project name (as chosen by you during initialization)
  • A cryptographic hash of your machine identifier and project directory path (used to associate your local project with your account; the actual directory path is not stored)
  • Timestamps of project creation, last sync, and last update

4. Information We Do Not Collect

Nogic does not collect or store:

  • Environment variables, secrets, API keys, or credentials from your codebase
  • Git history, commit messages, or version control metadata
  • Build artifacts, compiled binaries, or output files
  • Files outside of supported source code types (e.g., images, binaries, configuration files are excluded)
  • Personal information of other developers in your codebase (e.g., names in code comments)
  • File contents in telemetry data (all file paths are sanitized before transmission)

5. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve our code intelligence Services
  • Build and serve your project's code graph, including symbol search, dependency analysis, and impact assessment
  • Generate vector embeddings for semantic code search
  • Authenticate your identity and manage API access
  • Analyze anonymous usage patterns to enhance user experience and prioritize development
  • Detect, prevent, and address technical issues and abuse
  • Send you updates, announcements, and relevant communications
  • Respond to your inquiries and provide customer support

6. Third-Party Service Providers

We use the following third-party services to operate our platform. Data shared with these providers is limited to what is necessary for their specific function:

  • OpenAI: Code text snippets (such as function signatures and summaries, truncated to a maximum length) are sent to OpenAI's embedding API to generate vector representations for semantic search. This data is subject to OpenAI's API data usage policies, which state that API inputs are not used to train their models.
  • PostHog: Anonymous CLI telemetry events (event names and aggregate properties only) are sent to PostHog for product analytics.
  • Azure Application Insights: Anonymous extension telemetry (feature usage and performance metrics) is sent to Microsoft Azure Application Insights. Data is retained for 90 days.
  • WorkOS: Authentication and identity management for web dashboard sign-in. When you sign in, WorkOS processes your email address, name, and profile picture (if provided by your identity provider). WorkOS may also collect IP address and login timestamps for security purposes. Data handling is subject to WorkOS's Privacy Policy.

7. Data Sharing and Disclosure

We do not sell your personal information or code data. We may share your information only in the following circumstances:

  • With the third-party service providers listed in Section 6, solely for the purposes described
  • To comply with legal obligations or respond to lawful requests from public authorities
  • To protect our rights, privacy, safety, or property, or that of our users
  • In connection with a merger, acquisition, or sale of assets (you will be notified of any change in ownership or use of your data)

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data in transit is encrypted using TLS
  • API keys are stored as salted SHA-256 hashes and are never stored in plaintext on our servers
  • Local configuration files are stored with restrictive file permissions (owner-only read/write)
  • User data is isolated by project and owner at the database level
  • Anonymous identifiers use irreversible cryptographic hashing

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

9. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide you with our Services. You may delete your data at any time:

  • Project deletion: Deleting a project via the CLI or dashboard permanently removes all associated graph data, metadata, and relationships from our servers.
  • Selective file removal: You can remove specific files from your project graph without deleting the entire project.
  • API key revocation: Revoked API keys are deactivated immediately and cannot be used to access your data.
  • Account deletion: Contact us at support@nogic.dev to request full account deletion, including all associated projects and data.

Telemetry data is retained for up to 90 days (Extension telemetry via Azure Application Insights) or as determined by our analytics provider's retention policies (CLI telemetry via PostHog).

10. Cookies and Tracking

We may use cookies and similar tracking technologies on our website to collect and store information about your interactions. You can control cookies through your browser settings. Our extension and CLI do not use cookies.

11. Telemetry Opt-Out

All telemetry in Nogic is optional and can be disabled. For complete instructions, visit our Telemetry page.

In summary:

  • CLI: Run nogic telemetry disable.
  • Extension: Set "nogic.telemetry.enabled": false in your editor settings, or disable VS Code's global telemetry.

12. Local Storage

Nogic stores the following data locally on your machine:

  • CLI configuration (~/.nogic/): API key, anonymous machine identifier, project mappings, and sync state database. Configuration files are stored with restrictive file permissions.
  • Project configuration (.nogic/ in your project root): Project identifier and name. This directory can safely be added to version control or excluded via .gitignore.
  • Extension database: A SQLite database containing locally-parsed code structure (symbols, relationships, file tree). This data does not contain raw source code and is stored in your editor's extension storage directory.

13. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal information and all associated project data
  • Object to or restrict processing of your data
  • Request data portability
  • Withdraw consent at any time

To exercise any of these rights, please contact us at support@nogic.dev.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date. Material changes may also be communicated via email or in-product notices.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at support@nogic.dev.