Your code stays yours. We keep the spec, not the source.

Ejector (“Ejector,” “we,” “us”) operates the service at ejector.dev, which analyzes web apps and platforms you connect and produces an agent-callable API for them. This policy covers the website, dashboard, and proxy API.

We collect only what's needed to operate Ejector for you:

• Account. Your email and, if you sign in with GitHub, your GitHub account identity. Authentication is handled by Supabase Auth — we never see or store your password.
• Connected sources. The GitHub repo URL, platform account (e.g. Shopify, Stripe, Notion), or live URL you connect. For private repos, a scoped access token, stored encrypted.
• Generated artifacts. The OpenAPI 3.1 spec and MCP tool definitions we generate from your app. This is what your agents consume.
• Server-side credentials (managed-proxy users only). API keys and secrets you add so the proxy can act as your app — encrypted at rest, write-only from the UI.
• Usage & activity. Per-call metadata for metering and your activity view: which endpoint an agent called, when, and the response status. Not the secret values involved.
• Billing. If you subscribe, we store a Stripe customer ID and your plan. Card details go directly to Stripe — we never receive or store them.

• Your source code. Analysis runs on a throwaway snapshot in an isolated worker and the snapshot is deleted as soon as the spec is produced. We keep the spec, not the code.
• Capture login credentials. If you capture an authenticated app by providing a login, those credentials are held in memory only for that capture run and are never written to disk or our database.
• The contents of proxied payloadsbeyond what's needed to route and meter the call. We don't mine the data your agents read or write.

• To run the service — analyze your app, serve specs/MCP, and proxy agent calls.
• To meter agent calls for your plan and bill accurately.
• To secure your account and credentials, and to debug failures you report.
• To send essential service messages (billing, security, and account notices).

We do not use your code, specs, credentials, or proxied data to train machine learning models, and we do not sell or rent your data to anyone.

We rely on a small set of trusted infrastructure providers, each handling a specific job:

• Supabase — authentication and the primary database (Postgres with row-level security).
• Vercel — hosting for the web app and the public proxy/spec API.
• Railway — the isolated analysis worker (network capture runs here).
• Stripe — subscription billing and payments (PCI-handled by Stripe).
• GitHub — fetching the source you connect (over the GitHub API).

If we use an LLM to auto-describe endpoints, only endpoint signatures and surrounding context are sent — never your secrets — and the provider is contractually barred from training on it.

• Source snapshots: deleted immediately after analysis (seconds to minutes).
• Specs & connection metadata: kept while the source is connected to your account.
• Credentials: kept (encrypted) until you remove them or disconnect the source.
• Usage records: retained as needed for billing and your activity history.

Deleting a source removes its spec and credentials. Deleting your account removes all of the above.

You can access, export, or delete your data at any time from the dashboard, or by emailing us. Delete a single source to remove just its spec and credentials, or delete your account to remove everything we hold for you. Depending on where you live, you may have additional rights under GDPR or CCPA — we honor them regardless of location.

We use first-party session cookies to keep you signed in (via Supabase Auth). We don't run advertising trackers or sell behavioral data. Any analytics we use is privacy-respecting and aggregate.

Encryption, key handling, tenant isolation, and our approach to authorization are described in detail on our Security page.

If we make material changes we'll update the date above and, for significant changes, notify account holders. Questions or requests: privacy@ejector.dev.