Privacy Policy

Last updated: March 9, 2026

Barrd ("we", "us", "our") operates the barrd.com website and the Barrd service. This policy explains what data we collect, why we collect it, and how we handle it.

1. Data we collect

Account information

When you create an account, we collect your email address, display name, and a hashed password. If you sign in via SSO, we receive your email and name from your identity provider.

Project data

Barrd stores structured metadata you create through the service: projects, tasks, plans, decisions, documents, session states, and context snapshots. We do not store your source code. Barrd only stores what is explicitly sent to the service via the MCP protocol or REST API.

Usage data

We collect basic usage information such as page views, feature usage, and error logs to improve the service. We do not use third-party analytics trackers.

Payment data

Payments are processed by Paddle (paddle.com), our Merchant of Record. Paddle handles all payment information including credit card details, billing addresses, and tax calculations. We do not store your payment card details. We receive from Paddle: transaction IDs, subscription status, and billing amounts for displaying in your account.

2. How we use your data

  • To provide and maintain the Barrd service
  • To authenticate you and secure your account
  • To process payments via Paddle
  • To send transactional emails (account verification, password resets, billing receipts)
  • To respond to support requests
  • To improve the service based on aggregate usage patterns

We do not sell your data. We do not use your project data to train AI models.

3. Data sharing

We share data only with:

  • Paddle — our payment processor and Merchant of Record, to process subscriptions and issue invoices
  • Infrastructure providers — hosting and database services necessary to run Barrd, bound by data processing agreements

We do not share your project data with any other third parties.

4. Data storage and security

Your data is stored on servers located in the European Union. All data is encrypted in transit (TLS) and at rest. We use industry-standard security practices including access controls, audit logging, and regular security reviews.

5. Data retention

Your data is retained for as long as your account is active. If you delete your account, we delete your personal data and project data within 30 days. Anonymized, aggregated data may be retained for analytics purposes.

6. Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a machine-readable format
  • Withdraw consent for data processing
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact us at privacy@barrd.com.

7. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Essential cookies cannot be disabled as they are required for the service to function.

8. Children

Barrd is not directed at children under 16. We do not knowingly collect data from children.

9. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes via email or a notice on the service. Continued use after changes constitutes acceptance.

10. Contact

For privacy-related questions or requests:

Email: privacy@barrd.com