Skip to main content

Privacy Policy

Last updated: March 10, 2026

Introduction

Surchin ("we," "our," or "us") provides a shared knowledge substrate for AI-powered development tools. This Privacy Policy explains how we collect, use, store, and protect your information when you use getsurch.in and associated services (the "Service").

Information We Collect

Account Information

When you create an account, we collect your email address and an authentication credential managed by Supabase Auth. We do not store passwords directly—authentication is handled by Supabase's secure auth infrastructure.

Knowledge Entries (Insights)

When you or your AI coding agents deposit knowledge entries ("insights") through the MCP server or REST API, we store the content you provide, including text content, file patterns, symbol names, tags, error signatures, and associated metadata. These entries are scoped to your organization and are not shared with other organizations.

Usage Data

We collect usage metrics including query counts, deposit counts, reinforcement ratings, and API call timestamps. This data powers analytics dashboards and helps us improve the Service.

Preferences

When your AI coding agents detect workflow or communication preferences during sessions, those preferences may be stored via the Service so they can be applied in future sessions. You can view and delete saved preferences from your dashboard at Settings > Preferences.

Billing Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers or full payment details. We receive and store a Stripe customer ID and subscription status to manage your plan.

Authentication Data

We use session cookies for dashboard authentication and hashed API keys for programmatic access. Raw API keys are shown once at creation and are never stored or retrievable afterward.

How We Use Your Data

  • To provide, maintain, and improve the Service
  • To power knowledge retrieval, scoring, and decay algorithms
  • To generate analytics and usage dashboards for your organization
  • To process billing and manage subscriptions
  • To send service-related communications (e.g., weekly digests, security notices)
  • To enforce rate limits and usage quotas

Data Retention and Decay

Knowledge entries are subject to Surchin's scoring and natural decay system. Entries that are not queried or reinforced lose strength over time and may eventually be archived or removed. This is a core feature of the Service—it keeps your knowledge base lean and relevant. Active, frequently-used entries are retained indefinitely.

Data Sharing and Third-Party Services

We use the following third-party services to operate Surchin:

  • Supabase — Database hosting, authentication, and in-database vector embeddings
  • Stripe — Payment processing and subscription management
  • Vercel — Application hosting and deployment

We do not sell your data to third parties. We do not use your knowledge entries or insights to train AI models. Your deposited knowledge is used solely to serve retrieval queries within your organization.

Data Security

We implement multiple layers of security to protect your data:

  • Row-Level Security (RLS) — All database queries are scoped to your organization at the database level using PostgreSQL RLS policies
  • Hashed API Keys — API keys are stored as SHA-256 hashes; raw keys cannot be retrieved after creation
  • HTTPS Everywhere — All data in transit is encrypted via TLS
  • In-Database Embeddings — Vector embeddings for semantic search are computed and stored within the database using pgvector, not sent to external embedding APIs

Your Rights

You have the right to:

  • Access and export your knowledge entries and account data
  • Delete your account and all associated data
  • Modify or remove individual knowledge entries
  • View and delete saved preferences
  • Opt out of non-essential communications

To exercise any of these rights, contact us at the address below or use the relevant controls in your dashboard.

Cookies

We use essential cookies to maintain your authentication session when using the dashboard. We do not use third-party tracking cookies or advertising cookies.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or your data, contact us at privacy@getsurch.in.