Security & Privacy
We built this tool for developers who care about what happens to their data. The short answer: nothing reaches our servers because we don't have any.
TL;DR — You're Safe
Your API keys, prompts, generated content, and project files never leave your browser. All storage is local (localStorage + IndexedDB). Network requests go directly from your browser to Pollinations.ai. We see nothing.
API Keys Never Leave Your Device
Your Pollinations API key is stored exclusively in your browser's localStorage. It is injected directly into requests from your browser to gen.pollinations.ai — no proxy, no relay, no middleman. We have zero visibility into your key.
All Data Stored Locally
Projects, chat history, commits, agent configurations, and IDE sessions are stored in IndexedDB inside your browser. This data never leaves your machine unless you explicitly push to GitHub using our optional OAuth integration.
No Backend — We Don't Run One
This entire application is a static Next.js site served via Vercel's CDN. There is no application server, no database, no analytics backend. The only server calls your browser makes are directly to Pollinations.ai and GitHub's OAuth endpoint.
No Tracking, No Analytics
We don't run Google Analytics, Mixpanel, Sentry, or any third-party tracking script. There are no cookies set by us. Your usage patterns, prompts, and generated content are completely invisible to us.
GitHub OAuth is Scoped and Transparent
The optional GitHub sign-in uses a short-lived httpOnly cookie that is exchanged once and then deleted. The token is stored in IndexedDB on your device. We request only repo and read:user scopes — enough to push code, nothing more.
Open Source — Verify Everything
Every line of code running in your browser is publicly auditable on GitHub. There are no minified secrets, no obfuscated tracking, no hidden network calls. If something looks wrong, open an issue or a PR.
Data Flow Map
| From | To | What | Status |
|---|---|---|---|
| Your Browser | gen.pollinations.ai | AI generation requests (with your API key) | Safe |
| Your Browser | GitHub OAuth | Optional sign-in — short-lived code exchange only | Safe |
| Your Browser | GitHub API | Optional: push code to your own repos | Safe |
| Your Browser | Our Servers | Nothing — we have no application server | Safe |
| Your Browser | Third Parties | Nothing — no analytics, no ads, no tracking | Safe |
What We Store & Where
pollina_keyYour Pollinations API key
Auth to gen.pollinations.ai
pollina_gh_userGitHub username + avatar URL
Fast login fast-path UI only
pollina_ide_v2Projects, files, commits, chat history, agent config
Full IDE persistence between sessions
ide_gh_auth (temp)GitHub OAuth token — cleared immediately after read
One-time handoff from OAuth callback
You can clear all stored data at any time: Settings → Clear All Data in the IDE, or simply clear your browser storage. Clearing removes everything — projects, history, API key — with no server-side residue because nothing is server-side.
Responsible Disclosure
Found a security issue? Please report it via GitHub Issues or reach out on Discord (BLUEGAMINGGM). We take security reports seriously and will respond promptly.