Privacy
What leaves your machine. Short answer: your prompts and keys don't.
Principles
- Your API key never leaves your machine. It lives in the OS keychain (Windows Credentials / macOS Keychain / libsecret on Linux). Hypex reads it to sign LLM requests you initiate — nothing else.
- Your prompts and the model's replies never hit Hypex servers. Every LLM call goes straight from your IDE to the provider you chose.
- File contents, tool arguments, and tool results never leave your machine.
What DOES leave your machine
When signed out (default)
- Nothing. Hypex makes zero outbound requests of its own in anonymous mode. The only network traffic is the LLM calls you trigger (directly to Anthropic / OpenAI / OpenRouter / xAI) or Ollama (localhost).
When signed in
After each chat turn, the IDE posts this metadata to hypex.pages.dev/api/usage/record:
- Timestamp
- Model id (e.g.
grok-4-fast-reasoning) - Provider id (
xai) - Input / output / cached / cache-write token counts
- Estimated cost (client-computed)
That's it. No user-content fields, no paths, no repo names.
Additional traffic while signed in:
GET /account/meon sign-in and once every ~hour to refresh plan statusGET /usage/checkbefore each turn to enforce the daily capPOST /usage/incrementafter each successful turn to bump the counterGET /account/wallet+GET /account/sessionswhen you open/accountin the browser
Session tokens
A sign-in issues a 32-byte base64url token stored in the IDE SecretStorage. 30-day TTL, bumped on every resolve. You can see and revoke sessions on /account → Devices. Signing out revokes the token server-side and wipes it locally.
Magic-link codes
6-digit CSPRNG, 15-minute TTL, one-shot (consumed on first verify). Requesting a new code invalidates all prior pending codes for the email. Rate-limited 5 codes / hour / email and 10 / hour / IP.
Cookies + local storage
- Cloudflare Pages sets a cookie for bot-challenge purposes only. Hypex itself sets zero analytics / tracking cookies.
- The browser session stores your token in
localStorage['hypex.session.token']so returning visits go straight to/account. Clearing site data signs you out.
Retention
| Data | Retention |
|---|---|
| Daily usage buckets | 400 days (auto-expire, no manual rollover) |
| Session tokens | 30 days TTL, refreshed on use |
| Per-provider aggregates | Lifetime (one row per provider per user) |
| Per-model aggregates | Lifetime (one row per model per user) |
| Magic-link pending codes | 15 minutes or until consumed |
| Rate-limit counters | 1 hour |
Account deletion
Email mre011512@gmail.com with the subject "Delete my account" from the address you signed up with. We wipe every key prefixed with your email from KV within 72 hours and email a confirmation.
Third parties
- Cloudflare — hosts the website + the worker (KV storage). GDPR/CCPA compliant. Their privacy policy.
- Resend — sends magic-link emails. Only your email address + the code body transit their infra. Their privacy policy.
- Stripe — billing (when a paid plan is active). You interact with Stripe Checkout directly; we never see your card. Their privacy policy.
Audit
The IDE extension's network code is in extensions/hypex-agent/src/providers/, src/account.ts, and src/costTracker.ts — open source, grep fetch( for the complete list of outbound calls.