Legal

Privacy Policy

How CanyonTechs collects, uses, and protects your information.

Effective: May 1, 2026 · Last updated: May 19, 2026

1. Overview

Canyon Technologies, LLC ("CanyonTechs", "we", "our") operates the CanyonTechs AI / AME platform (the "Service"). This Privacy Policy explains what information we collect when you use the Service, how we use and share it, and the choices you have. By creating an account or otherwise using the Service, you agree to the practices described here.

This policy applies to the marketing website, the AME web console, the API, and the open-source agents we publish (log-agent, Vector bundle, AWS scripts) when they are configured to transmit data to our Service.

2. Information we collect

2.1 Account information

When you sign up we collect your name, work email, password (stored as a salted hash), and — if provided — your company name. If you authenticate with GitHub or Google we receive the basic profile fields those providers expose (display name, email, avatar URL).

2.2 Workspace and project metadata

Repository URLs, branch names, language selection, integration credentials (GitHub / GitLab / Jira tokens), Context7 keys, and any other configuration you provide. Credentials are encrypted at rest using AES-256.

2.3 Log and incident data

Log lines, stack traces, and exception payloads transmitted to the /api/ingestion/logs or /api/parser/ endpoints, including any contextual metadata your agent attaches (hostname, service name, trace IDs, timestamps).

2.4 Usage and telemetry

Standard server logs (IP address, user agent, request path, timestamps), product analytics events (which pages you visit in the console, which actions you trigger), and aggregated remediation outcomes (success rate, latency).

3. How we use information

  • Operate the Service. Detect incidents, run remediation agents, open pull requests, and file tickets on your behalf.
  • Improve product quality. Aggregate, de-identified incident patterns help us improve our parsers, prompts, and agent reasoning. We never train third-party models on your logs or source code.
  • Account management. Authentication, billing, customer support, and security notifications.
  • Legal & safety. Investigate abuse, enforce our Terms, and comply with applicable laws.

4. How we handle source code and logs

Source code is treated as the most sensitive data we touch.

  • Ephemeral clones. Repositories are cloned into a per-run sandbox, used by the agent, and deleted immediately after the remediation completes (success or failure).
  • No code at rest. We do not persist full source code beyond the lifetime of a single remediation run. The only artifacts we retain are: the incident ID, the file path and line range that the agent modified, the diff, the resulting PR URL, and agent step logs.
  • LLM transit. When the agent calls an LLM, the relevant code snippets are sent to the model provider you have configured (your own API key, or, if you opt in, the model provider we operate). We do not log or persist that traffic.
  • Log payloads. Raw log lines are retained for the duration of your plan's audit window (see §6). You can purge specific incidents or all log payloads from the console at any time.

5. Third-party services

We use a small set of sub-processors to operate the Service. By using the Service you authorize the relevant data flows below:

  • Cloud hosting. AWS (compute, storage, networking) in the regions you select at workspace creation.
  • Email. Postmark, for transactional email (sign-up, password reset, security notifications).
  • Payments. Stripe, for paid plans. We never see or store full card numbers.
  • Error tracking. Sentry, for product diagnostics. Stack traces are scrubbed of obvious secrets before they leave your browser.
  • Model providers. Whichever LLM endpoint you configure for your workspace (OpenAI, Anthropic, Azure OpenAI, self-hosted, etc.). Your API key is used directly — we are a pass-through.
  • Integrations you enable. GitHub, GitLab, Jira, Context7. Tokens you supply are stored encrypted and used only for the actions you authorize.

6. Retention

  • Account data: retained while your account is active and for 30 days after account deletion.
  • Incident metadata & agent step logs: 7 days (Starter), 90 days (Professional), indefinite or per contract (Enterprise).
  • Raw log payloads: same as your plan's audit window above, or until you delete them — whichever is sooner.
  • Source code clones: deleted within minutes of the remediation run finishing.
  • Billing records: retained for 7 years as required by tax law.

7. Your rights

Depending on your jurisdiction (GDPR, CCPA, UK GDPR, and similar regimes) you may have the right to access, correct, port, restrict processing of, or delete your personal information. You can exercise most rights directly inside the console — your settings page exposes export and deletion tools. For requests we cannot service through the product, email [email protected] and we will respond within 30 days.

If you are an EU/UK data subject and want to lodge a complaint with a supervisory authority, you have the right to do so. We are happy to provide our Data Protection Officer's contact details on request.

8. Security

We encrypt data in transit (TLS 1.2+) and at rest (AES-256). Production access is gated by SSO with MFA, scoped IAM roles, and complete audit logging. See our Security & Compliance page for our current SOC 2 status, sub-processor list, and incident response commitments.

No system is perfectly secure. If you discover a vulnerability, please report it to [email protected] — we run a responsible disclosure program.

9. Children

The Service is intended for engineering professionals and is not directed at children under 16. We do not knowingly collect information from anyone under 16.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email to your account address and posted at the top of this page at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

11. Contact

Questions about this policy? Reach us at [email protected].

Canyon Technologies, LLC
Attn: Privacy
340 S Lemon Ave #1234
Walnut, CA 91789, USA

This document is informational and is not legal advice. If you need to vet our practices against a specific compliance regime, contact us — we are happy to provide a DPA, sub-processor list, and security questionnaire.