Engineering FrameworkEngineering Framework

Privacy Policy

Last updated: March 3, 2026

Overview

Engineering Framework is committed to protecting your privacy. This policy explains what data we collect, why we collect it, how it is used, and how we protect it. We collect only what is necessary to provide the Service and do not sell your data to third parties.

1. Information We Collect

Account and identity information

When you create an account, we receive basic profile information from Auth0 — typically your name, email address, and a unique identifier. We store this to identify your account and associate it with your organizations, projects, and permissions.

Organization and team data

We store the organizations, departments, projects, roles, and memberships you create or are added to within the Service. This is necessary to enforce access control and provide team collaboration features.

Planning artifacts and content

We store planning artifacts, checklist progress, project metadata, repository integration configuration, and any other content you create within the Service. This content belongs to you and is stored to provide the core functionality of the platform.

Usage and technical data

We may collect logs and technical metadata (such as API request timestamps, error events, and session information) to operate and improve the Service. This data is not used for advertising purposes.

2. How We Use Your Information

We use the information we collect to:

  • Authenticate and authorize access to the Service
  • Store and retrieve your planning artifacts, projects, and team configuration
  • Enforce role-based permissions across the UI and MCP server API
  • Generate Claude Code integration snippets (CLAUDE.md, MCP config) scoped to your organization and projects
  • Diagnose issues and improve the reliability of the Service
  • Communicate with you about your account or changes to the Service

3. AI Tools and MCP Integration

The Engineering Framework MCP server enables AI coding tools such as Claude Code to interact with your planning data. When you use this integration, your AI agent is issued a JWT token scoped to your authenticated session. The MCP server enforces the same role-based permissions as the web UI — your agent can only access resources your account has permission to read or modify.

We do not store the content of your AI conversations. We do not send your planning content to any AI provider — that communication happens directly between your AI tool (e.g., Claude Code running locally) and the respective AI provider, governed by their own privacy policy.

4. Third-Party Service Providers

We rely on trusted third-party providers to operate the Service:

  • Auth0 — authentication and identity management. Auth0's privacy policy governs how they handle your login data.
  • Database and hosting providers — your data is stored in a managed PostgreSQL database hosted on infrastructure provided by a reputable cloud provider.
  • OpenFGA — relationship-based access control. Permission tuples that represent your team's role assignments are stored in OpenFGA.

We do not sell your data to any third party or use it for advertising.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your associated data within a reasonable period, except where we are required by law to retain it or where it is necessary for legitimate business purposes (such as resolving disputes or enforcing our terms).

6. Security

We take reasonable technical and organizational measures to protect your data from unauthorized access, loss, or disclosure. These include encrypted connections (HTTPS), JWT token validation for API and MCP access, and fine-grained authorization enforcement via OpenFGA. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the right to access, correct, export, or delete the personal data we hold about you. To exercise these rights, please contact us via our support@engineeringframework.dev. We will respond within a reasonable timeframe.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

9. Contact

If you have questions or concerns about this Privacy Policy or your data, please reach out via our support@engineeringframework.dev.