Privacy Policy

Last updated: 9 March 2026

Who we are

MD4AI is operated by Testate Technologies Ltd, a company registered in England & Wales. Contact us at richard@mediahq2.com.

What data we collect

  • Account data: email address and hashed password (stored by Supabase Auth).
  • Scan data: Claude Code configuration file names, dependency graphs, skills, software versions, and file contents you explicitly scan. We never read source code, .env values, API keys, or node_modules.
  • Device information: device name, OS type, and project file paths you link.
  • Analytics: we use Google Analytics 4 to collect anonymous usage data (pages visited, session duration, country). This uses cookies — see below.
  • Newsletter: if you subscribe, we store your email address.

How we use your data

  • To provide the MD4AI dashboard and CLI service.
  • To enable team collaboration features (sharing projects with team members).
  • To understand how the product is used and improve it (analytics).
  • To send product updates if you subscribe to the newsletter.

Cookies

We use the following cookies:

  • Essential: Supabase authentication cookies to keep you logged in. These are strictly necessary and do not require consent.
  • Analytics: Google Analytics cookies (_ga, _ga_*) to understand site usage. These are only set if you accept analytics cookies via the consent banner.

Data storage & security

Data is stored in Supabase (hosted on AWS in the EU). All data is transmitted over HTTPS. Database access is controlled by Row Level Security policies — you can only see your own data and data shared with your team.

CLI credentials are stored locally at ~/.md4ai/credentials.json with file permissions restricted to your user account (mode 0600).

Data retention

Your data is retained for as long as your account exists. You can delete your account and all associated data by contacting us at the email above. Scan data is overwritten each time you re-scan a project.

Your rights

Under UK GDPR, you have the right to access, correct, or delete your personal data. You can also object to processing or request data portability. Contact richard@mediahq2.com to exercise any of these rights.

Third parties

  • Supabase — authentication and database hosting.
  • Vercel — web application hosting.
  • Google Analytics — anonymous usage analytics (with consent).
  • Resend — transactional email delivery.
  • npm — CLI distribution.

We do not sell your data to any third party.

Changes

We may update this policy from time to time. Significant changes will be announced via the dashboard or newsletter.

Build: 9fb6a14 · 13 Mar 26, 23:02