Privacy Policy
Effective Date: May 18, 2026
High Agency, Inc. ("we," "our," or "us") values your privacy. This Privacy Policy explains what information we collect, why we collect it, and how you can control it.
1. What we collect
When you use Pencil, we collect:
Mandatory information
- Your email address
- Your role or job title
- Your primary AI coding tool
- A short description of how you plan to use Pencil
Optional information
- Your company URL
- Your LinkedIn or X (Twitter) profile URL
Service operation & security data. We collect limited device and log data (e.g., IP address, browser/IDE version, OS, timestamps). If you use our IDE/Editor extensions, we process authentication tokens and minimal usage/diagnostic events required to operate core features. We do not collect your source code or keystrokes.
Onboarding forms. Where we use third-party forms (e.g., Google Forms) to collect access requests, we collect the fields you submit there (which may include the items above).
Inputs & Outputs (content) — how they flow. Pencil processes content you submit ("Inputs") and generates results ("Outputs") through two different technical paths, depending on the feature:
- Text-based AI features (e.g., code generation, design assistance, chat completions). Inputs and Outputs are exchanged directly between your device and the third-party AI provider (such as Anthropic or OpenAI). They do not pass through, and are not accessible to, High Agency, Inc. servers at any time.
- Image generation features (e.g., Reve Image, Google Gemini Nano Banana, Unsplash). Requests and any content you intentionally submit are transmitted through High Agency, Inc. servers to the relevant third-party image provider. We forward this content in real time and do not store, record, log, or cache it on our servers.
Any local storage of Inputs or Outputs occurs solely on your device (e.g., browser localStorage or OS filesystem) for your convenience.
2. How we use your information
We use your information to:
- Let you sign in and personalize your onboarding
- Improve Pencil based on how people actually use it
- Communicate about updates, new features, or policy changes
- Keep our systems secure and reliable
We also use questionnaire responses to prioritize access, operate the extension(s), authenticate requests, and prevent abuse and fraud.
3. Legal bases (EEA/UK)
Where GDPR/UK GDPR applies, we rely on: Consent (e.g., marketing emails, optional form fields), Legitimate interests (service operation, security, abuse/fraud prevention, product improvement/analytics), Contract (providing requested access and features), and Legal obligations (responding to lawful requests).
4. Analytics
We use PostHog (US Cloud) to understand how people use Pencil.
What we collect. PostHog collects usage data (e.g., clicks, time spent in features, device/browser information, and error logs). In our implementation, these events are linked to your profile so we can provide product analytics, support, and security. We do not use analytics for advertising. We may also create aggregated or anonymized statistics that no longer identify you.
What we do not collect. Our PostHog implementation is configured to exclude user Inputs and Outputs from analytics events. This means no prompts, no AI-generated content, and no source code are captured by analytics. We use analytics only to understand feature usage, performance, reliability, and security signals — not to track your personal activity outside of Pencil.
No sale of data. We do not sell or rent your data.
International transfers. PostHog is hosted in the United States. For users in the EEA/UK, we rely on appropriate transfer safeguards (Standard Contractual Clauses, and for the UK, the UK Addendum/IDTA).
4a. Third-party image providers
Pencil uses third-party services to generate or source images, including Reve Image (reve.art), Google Gemini Nano Banana, and Unsplash. We may change or add providers over time.
How the image flow works. Image-related features operate differently from text-based AI features. When you use image generation or stock-image features, your request and any content you intentionally submit are transmitted through High Agency, Inc. servers to the relevant third-party image provider. This transmission is the minimum technically necessary to fulfill your request and is performed in real time. We do not store, record, log, or cache this content on our servers — it is forwarded to the third-party provider and the response is returned to you along the same path.
Third-party retention. Once forwarded, content is subject to the third-party provider's own terms, privacy policies, and retention practices. We do not control, and are not responsible for, those practices. Your use of third-party services is also subject to the providers' own licensing terms, including any attribution or usage requirements.
International transfers. Image providers may process data outside the EEA/UK. We rely on appropriate transfer safeguards (e.g., Standard Contractual Clauses) where required.
5. International transfers
If we transfer personal data outside the EEA/UK, we use appropriate safeguards such as EU Standard Contractual Clauses (and, for the UK, the UK Addendum/IDTA) or rely on another valid transfer mechanism.
6. Emails, communication & sub-processors
Email. We use Loops to send onboarding and product communications, and Twilio SendGrid for transactional emails (e.g., access confirmations, account notifications). You can unsubscribe from marketing emails anytime using the link inside the email. Transactional emails necessary to provide the service may still be sent.
Sub-processors. We share personal data with the following categories of sub-processors acting on our instructions:
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel | Application hosting | United States |
| Neon | Database (Postgres) | United States |
| PostHog (US Cloud) | Product analytics | United States |
| Sentry | Error monitoring | United States |
| Twilio SendGrid | Transactional email | United States |
| Loops | Marketing & onboarding email | United States |
| Google (Google Forms) | Onboarding forms | United States |
We may engage additional sub-processors from time to time. An updated list is available on request at hq@pencil.dev.
Data handled. These sub-processors process account data and operational metadata (e.g., email addresses, authentication tokens, usage events, error logs). They do not receive or store text-based Inputs/Outputs from Pencil, which are exchanged directly between your device and third-party AI providers. Image generation requests transit through our infrastructure (Vercel) in real time but are not stored.
Safeguards. We do not sell or rent your data. We enter into data-processing agreements with all sub-processors and require appropriate security measures. International transfers from the EEA/UK rely on Standard Contractual Clauses (and, for the UK, the UK Addendum/IDTA) or another valid transfer mechanism.
Data Processing Agreement (DPA). For regulated, enterprise, or business customers requiring a signed Data Processing Agreement, please contact hq@pencil.dev.
7. How we store and protect data
Inputs and Outputs. Text-based Inputs and Outputs are not stored on our servers — they are exchanged directly between your device and third-party AI providers. Image generation requests transit through our infrastructure in real time and are not stored, recorded, logged, or cached. Inputs and Outputs may be stored locally on your device (e.g., localStorage or filesystem), and you can delete them by clearing local storage or removing local files.
Security. Account data and operational metadata are stored securely using modern encryption (in transit and at rest) and access controls. We keep data only as long as needed to run Pencil or as required by law.
Deletion requests. If you delete your account or ask us to remove your information, we will do so within a reasonable timeframe unless we are legally required to retain it.
Typical retention periods
The retention periods below apply to account data and operational metadata only. They do not include text-based Inputs/Outputs (never stored on our servers) or image generation content (forwarded in real time, not retained).
| Data category | Retention |
|---|---|
| Waitlist / questionnaire data | 24 months, or until you request deletion |
| Diagnostic logs (system errors and crashes; do not contain Inputs/Outputs) | 12 months |
| Marketing contacts | Until you unsubscribe or request deletion |
| Suppression records (to honor unsubscribe) | Retained as required to honor your opt-out |
| Backups | Up to 30 days before they are overwritten |
Where legally required or necessary to establish, exercise, or defend legal claims, we may retain limited data for longer.
8. Your rights
Depending on your location (including the EU/UK), you may have the right to access, rectify, erase, object to or restrict processing, and request data portability. You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal, and you can complain to your local data protection authority. To exercise your rights, contact hq@pencil.dev. We may ask you to verify your identity and will respond within 30 days where required by law.
9. Children
Pencil isn't intended for children under 16, and we don't knowingly collect their information.
10. Changes
We may update this Privacy Policy from time to time.
If we make major changes, we'll post an update here or notify you directly.
11. Contact us
Data controller. For the purposes of GDPR and UK GDPR, the controller of your personal data is High Agency, Inc.
Email: hq@pencil.dev
Mailing address:
High Agency, Inc.
440 N BARRANCA AVE #2993
COVINA, CA 91723
USA
For data subject requests (access, rectification, erasure, portability, objection, restriction, or withdrawal of consent), please contact us at hq@pencil.dev with the subject line "Data Subject Request."