MEGA Code ⏐ The Self-evolving AI Coding Infrastructure

Effective Date: February 27, 2026

This Privacy Policy explains how Mind AI (“Company,” “we,” “us,” or “our”) collects, uses, and protects information in connection with Mega Code (the “Service”).

The Service is provided as an AI coding tool and may operate as a plugin or extension within development environments or IDEs.

1. Information We Collect

1.1 Information You Provide

We may collect the following information:

Account identification information (e.g., email address, user ID)
Information voluntarily provided through customer inquiries, feedback, or error reports
Third-party LLM API keys registered under a BYOK (Bring Your Own Key) model

You may register using a Google or GitHub account. In such cases, we collect only the minimum information necessary for account identification and authentication.

We do not request access to your source code repositories by default. If repository access is required to provide specific functionality, we will obtain your explicit consent in advance.

If you register a third-party LLM API key under the BYOK model, the key may be stored for the purpose of providing service functionality and will be processed only to the extent necessary. You may delete or replace your registered API key at any time.

1.2 Information Collected Automatically

During your use of the Service, the following information may be automatically collected or processed:

Plugin and feature usage events
Error logs and diagnostic system metadata
Metadata related to prompts and generated outputs

To the extent necessary for service operation, security, and error response, portions of conversation content entered by you or portions of source code submitted for processing may be processed or stored.

1.3 Information We Do Not Permanently Store

We do not permanently store:

The full text of prompts or conversation content
The full source code submitted to the Service
Contents of private repositories, except where explicitly authorized for a specific feature

We do not intentionally collect sensitive personal information.

Prompts and code may be processed transiently in memory to provide the Service, and limited excerpts may be temporarily retained for security or diagnostic purposes.

2. Purpose of Use

We may use collected information for the following purposes:

Providing and operating the Service
Improving service quality, stability, and performance
Detecting errors, responding to incidents, and analyzing security issues
Analyzing de-identified and aggregated usage patterns for product improvement
Producing de-identified and aggregated statistics for operational analysis and business decision-making
Using data within the scope of user consent or applicable law (e.g., feature improvement, research, new service development)

We do not use personal information, prompts, source code, or Generated Outputs in identifiable form for AI model training, advertising, marketing, or sale to third parties.

This restriction does not apply to de-identified and aggregated data or derivative outputs that cannot identify an individual or specific user.

3. Automatic Generation Features and Data Handling Principles

The Service may generate skills, recommendations, and explanatory content based on de-identified metadata derived from development activity, such as repetitive patterns, structural characteristics, or behavioral signals.

We do not permanently store or reuse raw prompts, source code, or conversation records. We do not analyze or use content in a manner that identifies an individual or specific user.

Automatically generated skills and outputs are applied within the scope of the user’s account or environment. Abstracted, aggregated, and non-identifiable patterns or statistics may be used solely for service improvement, research, or service expansion purposes.

4. Data Storage and Retention

Prompts and Generated Outputs are processed temporarily to provide the Service and are not permanently stored.

However, de-identified and aggregated derivative data—excluding prompt or output content—may be generated and retained for quality improvement or research purposes.

Operational logs and diagnostic data are retained for up to 30 days and then automatically deleted, unless a longer retention period is required by applicable law.

5. API Key and Authentication Information Management

The Service may support the following methods for authentication and AI model invocation:

Access to the Service API through API keys issued by the Company
Use of third-party LLM API keys registered directly by the User (BYOK)

5.1 Service API Keys

API keys issued by the Company are authentication credentials that allow Users to access the Service’s API functionalities. Such keys are managed using encryption or equivalent security measures and are protected during both transmission and storage.

Users are responsible for safeguarding their Service API keys. In the event of loss, unauthorized disclosure, or misuse, Users must promptly notify the Company. The Company may, within a reasonable scope, support revocation and reissuance of such keys.

5.2 Third-Party LLM API Keys (BYOK)

If a User registers a third-party LLM API key under the Bring Your Own Key (BYOK) model, the Company may store such key in encrypted form for the purpose of providing the Service and process it solely to the extent necessary for AI model invocation.

Stored keys are protected during transmission and at rest and are subject to access controls, access logging, and the principle of least privilege in accordance with the Company’s internal security policies.

The Company does not use such keys for purposes other than providing the Service, and will not use them for AI training, advertising, marketing, or independent data analytics purposes.

Users may delete or replace their registered third-party LLM API keys at any time. Upon deletion, the Company will remove such keys from active systems within a reasonable period, subject to applicable laws and internal data retention policies.

Any usage of external LLM services under the BYOK model, including billing and service terms, is governed by the policies of the respective third-party LLM provider.

6. Third-Party Sharing and International Data Transfers

We do not sell personal information. We do not disclose user information externally except as necessary to operate the Service.

To process AI inference requests, minimal input information or metadata may be transmitted to external AI providers acting as independent service providers.

This may result in cross-border data transfers, including:

Transferred Data: Minimum input information or metadata necessary for AI inference
Destination Country: United States or other applicable jurisdictions
Purpose: AI model inference processing
Retention: Deleted immediately after inference processing or subject to the external provider’s privacy policy

Where required by applicable law, appropriate safeguards such as standard contractual clauses or other lawful transfer mechanisms may be implemented.

Data handling by external providers is governed by their respective privacy policies.

If you use the BYOK model, LLM calls are subject to the selected provider’s policies and data processing standards. We do not control those providers’ data practices.

7. Security Measures

We implement technical and organizational safeguards, including:

Encryption of data in transit (TLS/HTTPS)
Access controls and least-privilege principles
System architecture designed to minimize the storage of sensitive information
Internal access logging

No system can guarantee absolute security.

8. Your Rights

Subject to applicable law, you may:

Request access to your personal information
Request correction or deletion of personal information
Request suspension of service use or account deletion

Requests may be submitted to: privacy@wisdomgraph.ai

9. Changes to This Policy

This Privacy Policy may be updated to reflect changes in law, service policy, or functionality. Material changes will be announced in advance through the Service or via separate notice.