Privacy & AI transparency
What Hydrate processes, why, for how long, where it goes, and the exact AI systems involved. Written to satisfy UK GDPR, EU GDPR, and the EU AI Act's transparency obligations (Articles 50 + 52).
Effective: 2026-04-18 · Sedasoft Ltd, United Kingdom · v1
1. Who we are
Sedasoft Ltd (“Sedasoft”, “we”, “us”) is a UK-registered private limited company and the data controller for data processed through the gethydrate.dev website and the Hydrate hosted services. On the Free tier, data never leaves your machine — there is no controller relationship because no data is transmitted to us. See § 3.
Contact for privacy matters: hello@gethydrate.dev. A dedicated data-protection address (privacy@gethydrate.dev) will replace this one before the Pro tier launches.
2. What Hydrate does with your data
Hydrate is an episodic-memory layer for Claude Code. It watches each Claude Code session you run, extracts structured facts from the transcript, and injects relevant facts back into future sessions. The relevant question for privacy is: where does that extraction happen, and what data is involved?
Three categories of data are involved:
- Session transcripts. The prompts you sent and the responses Claude Code produced. These can contain source code, file paths, commit messages, design discussions, and anything else you typed. They may include personal data if you paste or dictate it.
- Extracted facts. Short atomic statements derived from the transcript by an LLM (e.g. “pricing tiers are Free / Pro / Team”).
- Metadata. Timestamps, project slugs, cost / token counts used for the dashboard.
3. What happens at each tier
Free tier — no data leaves your machine
The Free tier is fully local. hydrate-server listens on
localhost:8089, writes to SQLite in ~/.hydrate/, and makes
zero outbound network calls. There is no telemetry, no error reporting, no
analytics, no phone-home.
Exception — LLM extraction. If you opt in to fact extraction (which is off by default on Free — the alternative is embedding-only retrieval, which is weaker but fully offline), the dehydrate and capture flows call an LLM. You choose the provider:
- Anthropic (using your own
ANTHROPIC_API_KEY) — transcripts are sent to Anthropic under your existing Anthropic terms. We never see the data or your key. - OpenAI (using your own
OPENAI_API_KEY) — same model: your data, your contract with OpenAI. - Local LLM (your own LM Studio / Ollama / compatible endpoint) — no third party involved.
Even in this exception, we (Sedasoft) do not process your data. You control the data flow end-to-end.
Pro tier — local + user-chosen file
Same as Free, plus hydrate backup produces a passphrase-encrypted
bundle file which you save wherever you want (external drive, personal cloud,
Time Machine, iCloud). We never hold it. The passphrase is never transmitted.
Pro also adds a license-validation phone-home, once per week, containing only: your Stripe customer ID, your license JWT, a hash of your machine fingerprint for abuse detection, and an Unix timestamp. No session content. No facts. No cost data.
Team tier — shared project memory
Team tier (not yet live; currently a waitlist) will synchronise project-scoped facts across authorised teammates. When it ships, sync will be end-to-end encrypted with a team-level key held only by team members; we will host the opaque ciphertext only. We will update this notice with the exact cryptographic model before Team opens to public sign-up.
Enterprise — self-hosted or single-tenant managed
Enterprise customers either self-host the entire Hydrate stack (Docker Compose or Helm, under their own infrastructure) or opt in to a single-tenant managed instance hosted in their preferred region. In the self-hosted case, Sedasoft has no controller/processor relationship with the customer’s Hydrate data. In the managed case, standard enterprise data-processing terms apply and are negotiated in the contract.
4. AI systems we use — EU AI Act transparency
Under Article 50 of the EU AI Act, we must disclose to users the AI systems involved in delivering the product. Hydrate uses the following:
| Component | AI system | What it does | Where it runs |
|---|---|---|---|
| Dehydrate extraction | User’s choice: Anthropic Claude Haiku, OpenAI GPT-4o-mini, or a local OSS model | Reads prose from your CLAUDE.md + docs/; returns structured facts | Wherever the user’s chosen provider runs |
| Session fact extraction (capture) | Same — user’s choice, from the above | Reads the session transcript at exit; returns structured facts | Same |
| Embedding (for retrieval) | all-MiniLM-L6-v2 (ONNX, bundled) by default; optional swap to OpenAI text-embedding-3-small or Voyage voyage-3 | Produces a 384-dim (default) or 1024/1536-dim vector per fact for nearest-neighbour retrieval | Bundled ONNX runs on your machine; OpenAI/Voyage swap opts into their cloud |
| Injection (at prompt time) | None. Injection is a vector-similarity lookup + string substitution. No generative AI is invoked here. | Hydrate surfaces relevant facts into Claude Code’s context | Your machine only |
Hydrate itself is not a high-risk AI system under Annex III of the AI Act. It does not make decisions about people, employment, credit, education, law enforcement, essential services, or migration. It is a productivity tool for software developers.
Automated decision-making. Fact extraction classifies short text excerpts into categories (architecture / convention / command / constraint / decision / fact). These classifications are used only to rank facts for retrieval. No decision about any person is made. No profile is built.
Human oversight. You can view every fact Hydrate has stored
(hydrate facts list), correct any fact (hydrate facts edit),
and delete any fact (hydrate facts forget). You can disable extraction
entirely via hydrate config set extract.provider=none.
AI literacy. This notice plus the /docs and /guide pages are our fulfilment of Article 4. If you find any AI behaviour in Hydrate unclear, email us.
5. Lawful basis (UK GDPR / EU GDPR Article 6)
- Free tier: no processing by us, so no lawful basis required on our part. Your chosen LLM provider has its own lawful basis in its own terms.
- Pro / Team / Enterprise (subscribed): Article 6(1)(b) — processing is necessary for the performance of a contract to which the data subject is party. We process billing and license data only to the extent necessary to deliver the service you paid for.
- Security and abuse prevention: Article 6(1)(f) — legitimate interest, balanced against your rights. Applies to the weekly license phone-home's machine fingerprint hash.
- Marketing emails: Article 6(1)(a) — consent, via explicit waitlist opt-in. Revocable by clicking unsubscribe in any email.
6. Retention
- Local data (Free / Pro): retained indefinitely on your machine
under your control. Deletion is your
rm -rf ~/.hydrate/. - Billing records: retained for 7 years after the last charge, as required by UK tax law (HMRC).
- Waitlist email: retained until you unsubscribe, or 18 months after the waitlist closes — whichever is sooner.
- Support correspondence: retained for 2 years after the last interaction, then deleted.
- Stripe customer ID + license JWT (Pro): retained for the lifetime of your subscription plus 90 days after cancellation, then purged.
- Cloudflare access logs: rotated every 24 hours in standard Cloudflare retention. We do not re-ingest them.
7. International transfers
The gethydrate.dev site is hosted on Cloudflare Pages, which is a global CDN. At rest, the site data sits in Cloudflare's EU and US data centres. Cloudflare is covered under the EU-US Data Privacy Framework and provides Standard Contractual Clauses in its DPA.
Stripe processes billing in the US / EU under its DPA with SCCs. If you use OpenAI, Anthropic, or Voyage as your LLM or embedding provider, data transfers to those providers are governed by your direct relationship with them — we are not a party to the transfer.
8. Your rights
Under UK GDPR and EU GDPR you have the right to:
- Access the personal data we hold about you (Article 15).
- Rectify inaccurate data (Article 16).
- Erase data we hold (Article 17 / the “right to be forgotten”). For billing records, this is bounded by our legal retention obligations in § 6.
- Restrict processing (Article 18).
- Data portability (Article 20) — your local data is already
portable;
hydrate backupproduces a standard encrypted bundle. - Object to processing based on legitimate interest (Article 21).
- Withdraw consent for marketing at any time (Article 7(3)).
- Not be subject to solely automated decision-making (Article 22) — Hydrate does not make automated decisions about you.
- Lodge a complaint with a supervisory authority — in the UK this is the ICO; in the EU it is your national data-protection authority.
To exercise any of these rights, email hello@gethydrate.dev. We will respond within one month (Article 12(3)).
9. Cookies & tracking
gethydrate.dev uses no analytics cookies, no advertising cookies, and no third-party trackers. The only cookies set are the strictly-necessary Cloudflare cookies for security (rate limiting, bot detection), which do not require consent under the ePrivacy Directive.
If you sign in to the Stripe Customer Portal to manage your subscription, Stripe sets its own cookies under its own notice.
10. Data breaches
In the event of a personal-data breach affecting you, we will notify the relevant supervisory authority within 72 hours as required by Article 33 GDPR, and notify affected users without undue delay. Our breach-response playbook will be published before the Pro tier launches.
11. Changes to this notice
We keep a version history; the current version is noted at the top. Material changes to how we process your data will trigger an email to Pro / Team / Enterprise customers at least 30 days before the change takes effect. For Free users there is no email channel — material changes are announced on the blog and in the next Hydrate release's changelog.
12. Contact & feedback
Any question, concern, rights-request, or “wait, what does this clause mean” — email hello@gethydrate.dev. A dedicated privacy@ inbox will be live before Pro opens.