Stell Privacy Policy
Stell lets you run AI coding agents in a private cloud sandbox from your phone. This policy explains what we collect, why, and what we deliberately do not collect. The short version: your code and your AI-provider credentials live in your own sandbox, not in our databases; we keep only the minimum account and usage records needed to run the service.
What we collect
- Account identifier. When you sign in with Apple we receive a pseudonymous Apple user identifier and, if you choose to share it, your email address. If you sign in with GitHub we use your GitHub account ID and username. This identifier links you to your sandbox and usage record.
- Compute usage. We meter how long your sandbox runs (in seconds), when you claimed your free trial, and your subscription status. This powers the free-trial budget, billing, and abuse prevention.
- Device integrity bits (DeviceCheck). During the free-sandbox claim we send an Apple-generated DeviceCheck token to Apple to read and set two anonymous per-device bits that record whether a free trial was already claimed on the device. We never receive a device serial number, advertising identifier, or any hardware identifier.
- Push notification token. If you allow notifications, we hold your Apple push token (in server memory only) to send you task-finished and trial notifications.
- Purchase verification. If you subscribe to Stell Pro, we receive the Apple-signed transaction (product, expiry, transaction ID) to activate your plan. Payment details never reach us — Apple processes all payments.
What we deliberately do not collect
- Your code. Repositories are cloned into your private sandbox. We do not read, index, analyze, or train on your code or your agent conversations. Traffic between the app and your sandbox passes through our relay encrypted in transit and is not stored there.
- Your credentials. Your GitHub, Anthropic (Claude), and OpenAI (Codex) tokens and API keys are stored only inside your own sandbox so your agents can act on your behalf. They are not stored in our databases.
- Tracking. The app contains no advertising, no third-party analytics SDKs, and no cross-app tracking. We do not sell or share personal data with data brokers.
Third-party services
Running Stell involves these processors, each receiving only what is listed:
- Apple — sign-in, DeviceCheck, push notifications, and payments.
- Fly.io — hosts your sandbox virtual machine and its storage volume.
- Cloudflare — operates the encrypted relay between the app and your sandbox.
- GitHub — repository access, using the token you authorize into your sandbox.
- Anthropic / OpenAI — when your agents run, your prompts and relevant code are sent to the AI provider you connected, under your own account and their terms. Stell does not proxy or store this traffic.
Retention and deletion
- If your free trial ends without an upgrade, your sandbox and its volume are kept for 30 days (so you can resume by upgrading) and then permanently deleted.
- You can delete your account any time in Settings → Delete account. This immediately destroys your sandbox and its storage. A minimal pseudonymous usage record (trial-claimed flag and metered hours) is retained to prevent free-trial abuse; it contains no code, no credentials, and no contact information.
- Push tokens live only in server memory and vanish on restart until the app re-registers.
Security
Each sandbox is an isolated virtual machine reserved for one account. Access requires a cryptographically random pairing code issued to your signed-in app. All connections use TLS. No system is perfectly secure; report concerns to the contact address above.
Children
Stell is a developer tool and is not directed at children under 13 (or the equivalent minimum age in your jurisdiction).
Changes
We will post any material changes to this page and update the effective date. Continued use after changes means you accept the updated policy.