Privacy Policy

Privacy PolicyTerms of Service

Introduction

Momenta Softwares Inc. (“Momenta Softwares,” “we,” “us,” or “our”) – the company behind Potpie – is committed to respecting your privacy and protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal data in connection with your use of Potpie’s software platform, application programming interface (API), Slack application, Visual Studio Code extension, our website (potpie.ai), and related services (collectively, the “Service”). It also describes your rights and choices regarding your personal data and how you can contact us with questions or requests. Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have been informed of and consent to our practices regarding your personal information and data.

Scope: This Privacy Policy covers personal data we collect from users of the Service and from other individuals who interact with us (for example, by contacting support or visiting our website). It does not apply to the privacy practices of third parties that we do not own or control, including other websites or services that may be linked to our Service. In addition, this Privacy Policy does not address our privacy practices relating to job applicants, employees, or contractors, nor does it cover data that is not subject to applicable privacy laws (such as de-identified or aggregated data). This Privacy Policy is not a contract and does not create any legal rights or obligations beyond those that already exist under applicable law.

Note on On-Premises Deployments: Potpie can be deployed in on-premises or self-hosted environments for enterprise customers. In such cases, Momenta Softwares may act purely as a data processor on behalf of the customer, and this Privacy Policy would not apply to personal data handled solely within the customer’s environment. The customer’s own agreements and privacy policies govern in those situations. For example, if your employer or organization deploys Potpie on-premises for your use, that organization is responsible for managing any personal data processed in the on-prem deployment.

1. Personal Data We Collect

The types of personal data we collect depend on how you interact with us and the Service. We collect information in three main ways: (A) personal data you provide to us directly; (B) data collected automatically when you use the Service; and (C) data we receive from third-party sources.

A. Personal Data You Provide

We ask for and collect personal information directly from you when you use our Service. This includes:

  • Account Information: When you register for a Potpie account or subscribe to our Service, we collect identifiers such as your name and email address. If you sign up using single sign-on (SSO) with a third-party account (for example, by logging in with your GitHub account), we receive basic profile details from that provider (like your GitHub username and associated email) but do not receive your third-party password. We use your account information to create and administer your account, to authenticate you when you log in, and to contact you about account-related matters.
  • Authentication Tokens: If you connect your GitHub account or other third-party accounts to Potpie, we may store OAuth tokens or similar credentials provided by those services. For example, with your permission, Potpie may store a GitHub access token to enable features like repository access or code analysis. These tokens are received via secure OAuth flows and allow us to perform actions on your behalf (such as reading code you authorize us to access), but they do not give us access to your login credentials on those third-party platforms.
  • User Inputs and Content: We collect the content you input into the Service. This includes any code, text, commands, queries, or other data you provide when using Potpie’s platform, Slack bot, VSCode extension, or API (collectively, your "Inputs"). For example, this covers code snippets you ask Potpie to analyze, prompts or questions you submit, and any files or data you choose to upload to the Service. We also collect the AI-generated responses and suggestions (“Suggestions”) returned to you, as well as any feedback you provide on those Suggestions. Please note: Your Inputs may contain personal data (for instance, if you include personal information in a prompt or code comment). By providing Inputs, you acknowledge that we will process that information as described in this Policy.
  • Feedback and Communications: If you contact us or participate in surveys or user research, we collect the information you choose to share. This includes feedback submitted through forms or surveys (for example, via our feedback tool powered by Formbricks), emails or chat messages you send to our support team, and any other communications or content you send us. This may also include metadata like the time and date of your communication. We use this information to respond to your inquiries, address issues, and improve our products and services. For example, when you fill out a feedback form about your experience, our survey provider shares your responses with us, and we may follow up to better assist you or act on your suggestions.
  • Payment Information: If you purchase a paid plan or make other financial transactions through the Service, we (or our third-party payment processor) will collect information needed to process the payment. This may include your name, billing address, and payment details. Please note: We use a third-party payment processor (Stripe) to handle payments on our behalf. We do not store your full payment card information. Any sensitive financial information (such as your credit card number or bank account details) that you provide for a purchase is submitted directly to Stripe and not retained on our systems.. Stripe may provide us with limited information related to your payment, such as a confirmation of payment, the last four digits of your card for reference, or a billing address for invoice purposes. Stripe’s use of your personal data is governed by Stripe’s own privacy policy. (You can find Stripe’s privacy policy on their website.) We maintain records of your transactions (e.g., subscription level, payment dates, and amounts) for accounting, subscription management, and customer support.

B. Personal Data Collected Automatically

When you use our Service (including our website, app, or extensions), we and our third-party partners automatically collect certain information about your device, usage of the Service, and how you interact with us. This data helps us understand performance, fix bugs, and improve the user experience. We typically collect this information through the use of cookies, software development kits (SDKs), and other tracking technologies. Information we collect automatically includes:

  • Device and Network Information: We collect information about the device and network you use to access the Service, such as your device’s make and model, operating system, browser type, IP address, and Internet service provider. We also record certain unique identifiers associated with your device or browser (for example, a device ID or cookie ID) to recognize you across sessions or devices. This device and network data helps us troubleshoot compatibility issues, secure the Service (e.g., by detecting unusual login locations), and optimize our Service’s performance for different hardware and network environments.
  • Usage Data and Analytics: We collect data about how you use and navigate our Service. This includes timestamps of logins and actions, features or pages you access, the portions of code or documents you interact with, and your interactions with our user interface (such as buttons clicked or commands invoked). We use an analytics platform (PostHog) to help capture and analyze some of this usage information. PostHog may use cookies or similar technologies to gather data on user interactions, and it provides us with aggregated insights such as how often certain features are used and the general geographic distribution of our users (based on IP-derived location). This usage data helps us understand what parts of our Service are most useful, to diagnose issues in the user flow, and to guide product improvements.
  • Error and Performance Data: When errors occur in our application or extensions, or when we monitor the performance of our system, we collect diagnostic data. For instance, we use Sentry (an error monitoring service) to automatically capture error reports, stack traces, and relevant device information when the software encounters an exception. These error reports can include details about the state of the application leading up to the issue (e.g., which function was running, or a snippet of code where the error happened) and your device or environment (such as the OS version or memory usage). We also use New Relic and similar tools to track performance metrics like response times, load averages, and resource usage of our Service. These tools may collect information such as query execution times or API latency and associate it with timestamp, your user ID (or a pseudonymous ID), and IP address. We collect error and performance data to debug problems, ensure stability, and improve the efficiency of our Service.
  • Cookies and Similar Technologies: We use cookies (small data files stored on your device) and related technologies (such as web beacons and local storage) to facilitate the automatic data collection described above. For example, our web dashboard and website use first-party cookies to keep you logged in and to remember your preferences, and our analytics provider (PostHog) uses cookies or similar identifiers to distinguish unique users for analytics purposes. We do not use cookies for advertising purposes, and our use of cookies is limited to what is necessary for functionality and analytics. You have the ability to control or block cookies through your browser settings. However, note that if you disable or delete cookies, some parts of our Service (like the web login session or analytics features) may not function properly. Because our use of cookies is minimal and strictly for the Service’s legitimate functions, we do not display a separate cookie consent banner. By using our Service, you agree to our use of cookies and similar technologies for the purposes described in this Privacy Policy.

C. Personal Data from Third-Party Sources

In some cases, we obtain personal data from third parties or other sources in addition to what you provide directly and what we collect automatically. These sources include:

  • Third-Party Authentication Providers: If you choose to log in or register using a third-party identity provider (such as GitHub via Firebase Authentication), that provider will share certain personal data with us to authenticate you. As noted above, we receive unique identifiers and profile information like your GitHub username and associated email from the OAuth process. We do not receive your GitHub password or any OAuth credentials beyond the tokens needed for authentication. This information from the identity provider allows us to identify you in our system and grant you access to your Potpie account without creating a separate password.
  • Integrated Third-Party Services (Slack and Others): If you use Potpie through third-party platforms or integrations – for example, our Slack app – we may receive personal data from that platform to enable the integration. When you add the Potpie bot to your Slack workspace, Slack may send us information such as your Slack user ID, display name, or the content of messages you direct to the Potpie bot. Similarly, if our Service interacts with other services at your request, we will receive whatever data those services send to us as needed. We use this information to perform the requested integrations and provide the Service functionality within those third-party environments. Any data we receive from third-party platforms will be handled according to this Privacy Policy, and we encourage you to review the privacy settings and policies of any platforms you use with Potpie.
  • Analytics and Service Providers: We partner with certain service providers that collect data on our behalf and share it with us. For example, our analytics providers (such as PostHog) collect usage and event data through our Service and then provide us with aggregated or raw data insights. Similarly, our error tracking and performance monitoring services (Sentry, New Relic) gather diagnostic information and make it available to our engineering team. In addition, if we ask for your feedback via a survey or form hosted by a third party (like Formbricks), that third party will collect your responses and then share them with us. These service providers act at our direction: they gather information so that we can use it for the purposes described in this Policy (analytics, error fixing, feedback, etc.), and they are contractually prohibited from using the personal data they collect for any purpose other than providing their services to us.
  • Payment Processor: As described above, our payment transactions are handled by Stripe. When you make a payment or update your billing details, Stripe will collect your payment information and may share certain details with us. This can include your name, email, and billing address, the type of payment method used (e.g., Visa ending in 1234), subscription status, and payment confirmations or failures. We receive this information to keep our records updated (for example, to know that you have paid for a subscription or that a payment method has expired). We do not receive or store your full credit card number or bank account number from Stripe, aside from perhaps the last four digits or a token for reference, as needed for record-keeping and customer support.
  • Other Sources: We may also collect personal data about you from other sources, including publicly available sources, third-party data providers, brand partnerships, or through transactions such as mergers and acquisitions.
  • Inferences: We may generate inferences or predictions about you and your interests and preferences based on the other personal data we collect and the interactions we have with you.

2. How We Use Personal Data

We use the personal data we collect for a variety of purposes in order to operate, improve, and protect our Service, as well as to communicate with you. In particular, we may use your personal data for the following purposes:

  • To provide and maintain the Service, including features that enhance functionality and user experience.
  • To create, manage, and administer your account, including facilitating payments and responding to inquiries.
  • To improve and develop the Service and conduct research, including debugging and identifying or repairing issues.
  • To communicate with you, including sending updates, service notifications, and information about the Service.
  • To prevent, detect, and investigate fraud, abuse, security incidents, and violations of our Terms of Service.
  • To comply with legal obligations and protect the rights, safety, privacy, and property of users, Momenta Softwares, or third parties.
  • To investigate and resolve disputes or security issues.
  • To enforce our Terms of Service and other applicable agreements.
  • Other Purposes with Consent: We may use your personal data for any other purpose that you specifically direct or consent to. If we want to process your data in ways not covered by this Privacy Policy, we will provide an explanation at the time and request your consent when required. For instance, if you participate in a beta feature or research project that involves additional data collection, we will let you know and handle that data according to any additional terms provided.

We may also aggregate or de-identify personal data so that it no longer identifies you, and use that information to analyze how the Service is used, improve features, or conduct research. We will maintain such information in its de-identified form and not attempt to re-identify it, except as required by law.

Use of Data for AI Model Training and Improvement

To improve the performance of our AI models, we may use de-identified user Inputs and Suggestions to fine-tune our internal systems. This helps enhance response accuracy and user experience. At this time, we do not offer an opt-out mechanism for this internal use of your data on free-tier plans.

However, for users on the Pro Plan, we do not use your Inputs or Suggestions for model training. This is a core privacy feature we are committed to maintaining as we continue to evolve the platform.

We consider model improvement to be an integral part of providing and maintaining the Service. We notify users of this practice (for example, via this Privacy Policy and in our documentation), and by using the Service, you acknowledge that your data may be used in this manner unless you're on a Pro Plan.

We do not share your personal data with any third-party AI training programs; any model training is conducted internally within Momenta Softwares’ controlled environment. If you have questions or concerns, please reach out to us at hello@potpie.ai.

On-Premises and Private Deployments: For enterprise customers who require it, we can offer Potpie in a self-hosted environment where user data does not leave the customer’s infrastructure. In such deployments, model training on user data will either not occur or will be entirely under the customer’s control. Essentially, if you use an on-premises version of Potpie, your Inputs and data remain within your organization’s systems unless explicitly shared with us. This can be an alternative for users who cannot or do not wish to share data for cloud-based model training. Please contact us at hello@potpie.ai for more information about on-premises solutions if needed.

3. How We Share or Disclose Personal Data

We do not sell your personal information to third parties. We only share or disclose personal data in the following circumstances and with appropriate safeguards:

  • Service Providers: We may share personal data with third-party vendors and service providers who perform services for us or on our behalf, to support our business operations and help deliver the Service. This includes companies we use for hosting our infrastructure, cloud storage, database management, email delivery, customer support tools, analytics, error tracking, performance monitoring, payment processing, authentication, and other IT or professional services. These service providers are given access to personal data only to the extent necessary for them to perform their functions, and they are contractually obligated to protect personal data and use it only for the purposes of providing services to us. In particular, key providers we work with include: PostHog, Sentry, and New Relic (which handle analytics, error reporting, and performance data as described above), Resend (which sends emails on our behalf, such as verification codes or notifications), Stripe (which processes payments securely), and Firebase (Google) for authentication and identity management (handling the GitHub OAuth process). These companies may need to process your data (such as storing it on servers, transmitting emails to you, or logging usage events) as part of their services to us, but they are not permitted to use your data for their own unrelated purposes.
  • Affiliates: If Momenta Softwares Inc. ever has affiliate companies (for example, subsidiaries or companies under common ownership), we may share your personal data with those affiliates for purposes consistent with this Privacy Policy. Any affiliate that receives your personal data will be required to handle it with the same level of care and security as we do. (At present, Momenta Softwares does not have any parent or subsidiary companies, but we include this for completeness in the event our corporate structure changes.)
  • Business Transfers: We may take part in or be involved with a business transaction or reorganization, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose, transfer, or assign personal data to a third-party during negotiation of, in connection with, or as an asset in such a business transaction or reorganization. Also, in the unlikely event of our bankruptcy, receivership, or insolvency, your personal data may be disclosed, transferred, or assigned to third parties in connection with the proceedings or disposition of our assets.
  • Legal Compliance and Protection: We may disclose personal data to courts, law enforcement, government authorities, or other third parties when we believe in good faith that such disclosure is necessary to: (i) comply with a legal obligation, law, or regulatory request (such as a subpoena, warrant, or court order); (ii) enforce our Terms of Service or other agreements and policies; (iii) detect, investigate, or prevent fraud, security issues, or other harmful or illegal activities; (iv) protect the rights, property, or safety of Momenta Softwares, our users, our employees, or others; or (v) exercise or defend legal claims.
  • Third-Party Integrations at Your Direction: When our Service integrates with third-party services or platforms (such as Slack, GitHub, or others) and you choose to enable or use those integrations, certain personal data may be shared with or collected by the third party in the process. For example, if you use the Potpie Slack bot, content you provide will naturally be transmitted through Slack’s systems and visible to Slack, and if you direct Potpie to create an issue in your GitHub repository, we will send the necessary information to GitHub to fulfill your request. In such cases, you are directing the transfer of your information to the third party, and the data will be used under the third party’s terms and privacy policy. We recommend reviewing the privacy practices of any third-party services you use with Potpie.
  • With Your Consent: We may share your personal data with other parties if you request us to or if you have given us your explicit consent to do so.
  • De-Identified or Aggregated Data: We may share information that has been aggregated or anonymized in such a way that it no longer can reasonably be used to identify an individual. For example, we might publish usage statistics or share generalized insights with our community or partners. Information that is fully de-identified is not considered personal data, and our use or disclosure of it is not restricted by this Privacy Policy.

No Selling of Personal Data: We do not sell your personal data to third parties for monetary or other valuable consideration. We also do not share your personal data with third parties for cross-context behavioral advertising or targeted advertising purposes as those terms may be defined under certain privacy laws.

4. Data Retention

We retain your personal data as long as needed to operate the Service, support model improvement, comply with legal obligations, and fulfill business needs. This typically includes keeping data while your account is active and for a reasonable time after.

Certain data—like inputs, logs, and feedback—may be stored indefinitely to support features like history, analytics, and model training. You may request deletion of your data or account at any time, and we will remove it from active systems where feasible. Some data may persist in backups or as required for legal, audit, or compliance purposes.

When data is no longer necessary, we delete, de-identify, or anonymize it in accordance with applicable laws. If you have questions or would like help managing your data, you can contact us at hello@potpie.ai.

5. Data Security

We implement commercially reasonable technical and organizational measures to protect your personal data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures include encryption of data in transit (e.g., using HTTPS for our website and API) and, where applicable, encryption at rest. We regularly review our information collection, storage, and processing practices to prevent unauthorized access to our systems.

That said, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. In the event of a data breach affecting your personal data, we will act promptly to identify, contain, and resolve the issue. If required by law or contract, we will notify you and/or the appropriate authorities immediately or within 6 hours, and share relevant details and recommended next steps.

On-Premises Security: For customers using on-premises deployments of Potpie, the security of personal data in that environment is largely under the control of the deploying organization. We will provide guidance and support to help secure on-prem installations (such as recommended configurations and timely patches), but the customer is responsible for implementing appropriate access controls, network security, and other protections in their environment. Data stored in an on-premises instance is not transmitted to Momenta Softwares under normal operation, so our role in securing that data is limited to the software’s design and any support we provide. If you are using an enterprise/on-prem version of Potpie, please refer to your organization’s IT and security policies for details on how they safeguard your data.

6. Your Rights and Choices

Depending on your location and applicable laws, you may have rights regarding your personal data. We are committed to honoring these rights. They include:

  • Access & Portability: You can request a copy of your personal data in a common, portable format (e.g., CSV or JSON).
  • Correction: You may request that we correct inaccurate or incomplete personal data.
  • Deletion: You can ask us to delete your personal data. Some data may be retained for legal, security, or business reasons. Deleted data may remain in backups temporarily until fully removed.
  • Withdraw Consent: If you’ve consented to data processing (e.g., for marketing), you can withdraw it at any time without affecting prior processing.
  • Object to Processing: In some jurisdictions, you can object to processing based on our legitimate interests. We’ll review and honor valid objections unless we have overriding legal grounds.
  • Restrict Processing: You may request a temporary pause on processing—for example, while we verify accuracy or process deletion.
  • Marketing Opt-Out: You can unsubscribe from marketing emails at any time. However, you’ll still receive essential service-related messages (like billing or security notices).
  • Do Not Track (DNT): Our website does not currently respond to DNT browser signals. We do not engage in behavioral tracking or advertising.
  • No Discrimination: Exercising your privacy rights will not affect the quality or availability of our Service.

Right to Erasure (Right to Be Forgotten)

You have the right to request the deletion of your personal data. Upon receiving a valid request, we will take reasonable steps to erase your personal data from our records, subject to the following conditions:

  • The data is no longer necessary for the purpose for which it was collected or processed;
  • You withdraw your consent (where processing was based on consent);
  • You object to the processing, and there are no overriding legitimate grounds to continue;
  • The data has been unlawfully processed;
  • The data must be erased to comply with a legal obligation.

We may retain certain data if required by law or for legitimate business purposes (e.g., compliance with tax, legal, or regulatory obligations).

To request deletion, please email us at hello@potpie.ai with the subject line “Data Deletion Request.” We will review and respond to your request in accordance with applicable laws.

How to Exercise Your Rights

To exercise any of these rights, email us at hello@potpie.ai. Clearly specify your request (e.g., access, correction, deletion). We may verify your identity to protect your data. If we’re unable to fulfill a request, we’ll explain why. You may appeal by replying or emailing us with the subject line “Appeal.”

State-Specific Rights

California and other U.S. states (CCPA/CPRA, etc.): You may request details about:

  • Categories of personal information we collect
  • Sources of that data
  • Business purposes for collecting it
  • Third parties with whom it is shared
  • Whether data was sold or shared for cross-context advertising (we do not do this)

We also don’t use sensitive personal data to infer characteristics. Contact us at hello@potpie.ai to exercise your state privacy rights.

European Data Subject Rights

Although Momenta Softwares does not currently have a formal presence in the EU or UK, our data protection policies are being updated to meet the standards set forth under the General Data Protection Regulation (GDPR) and UK GDPR. We aim to support data rights consistent with these frameworks, including:

  • The right to access, correct, delete, restrict, or object to the processing of your personal data
  • The right to data portability
  • The right to lodge a complaint with a supervisory authority

We encourage you to contact us first so we can help address any concerns. You can reach us at hello@potpie.ai to exercise your data rights.

7. International Data Transfers

Momenta Softwares Inc. is a U.S.-based company, and the majority of our systems and data storage are located in India. If you choose to use the Service from outside India, know that your personal data will likely be transferred to and processed in India. This means your data will be subject to Indian laws and may be accessible to Indian authorities under certain conditions. The data protection laws in India may differ from those in your home country, and may not provide the same level of protection. However, regardless of where your data is processed, we will handle it as described in this Privacy Policy and take appropriate measures to protect it.

In some cases, personal data may also be stored or processed in other countries where we or our service providers maintain facilities. For example, our cloud hosting provider or other vendors might use data centers in the United States, the European Union, Asia, or other regions. We will ensure that if personal data is transferred to another country, adequate safeguards are in place as required by applicable law.

By using Potpie and providing personal data to us, you understand that your data will be transferred to India and possibly other jurisdictions as described. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

If you have questions about our data transfer practices or need more information about the safeguards we use, please contact us at hello@potpie.ai.

8. Children’s Privacy

Potpie is not directed to children and is intended for adult users. We do not knowingly collect personal data from anyone under 13 (or the age defined by local law). If we learn that such data has been collected, we will delete it promptly. If you believe a child has shared personal data with us, please contact us.Parents and guardians: If your child is using Potpie, and you have concerns about their data, feel free to reach out.For users aged 13–17: You should only use the Service with a parent or guardian’s consent. We may require their contact info and may restrict usage for minors.

9. Updates to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. If we make changes, we will change the "Last Updated" date at the top of this Policy. For any material changes – those that substantially affect your rights or how we handle your personal data – we will provide a more prominent notice. We encourage you to review this Privacy Policy periodically to stay informed about our data practices and how we are protecting your information.

Any changes to this Privacy Policy will become effective when posted (unless a later effective date is indicated). Your continued use of the Service after the effective date of the updated Policy will constitute acceptance of the new terms to the extent permitted by law. If you do not agree with any changes to the Privacy Policy, you should stop using the Service and may request that we delete your personal data.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how Momenta Softwares Inc. collects and processes your personal data, please contact us:

Momenta Softwares Inc. (d/b/a Potpie)

8 The Green, Suite R

Dover, County of Kent, Delaware 19901, USA

Email: hello@potpie.ai

We will do our best to address your inquiry promptly and thoroughly. If you are contacting us to exercise a privacy right, please see Section 6 above on how to submit such requests.

Thank you for trusting Potpie with your development workflow. We are committed to protecting your privacy and ensuring that your personal data is handled responsibly.

Pages
HomeCareersContactPricing
Solutions
Debugging AgentTesting AgentLLD AgentQ&A Agent
Resources
BlogCommunityOpen-Source
Join our discord community
Get support, share and connect with AI developers.
Join our community
© Momenta Softwares Inc
Privacy PolicyTerms of services