Privacy Policy

Queued ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use the Queued mobile application and related services.

We are designed for developers. We collect the minimum data necessary to provide the Service and we never sell your personal data to third parties.

Account information: When you create an account, we collect your email address and a hashed password, or your identity from a third-party OAuth provider.

GitHub token: Your GitHub personal access token is stored encrypted on your device using platform-secure storage (iOS Keychain / Android Keystore). It is transmitted over TLS to our backend only when needed to perform a specific action (clone, push, PR creation) and is never stored in plaintext on our servers.

API keys: If you use the BYOK tier, your Anthropic or OpenAI API key is stored using the same encrypted device storage and transmitted only when making AI requests. It is never logged.

Repository data: To index your codebase, we temporarily clone your repositories on our infrastructure. Index data (file structure, function signatures, embeddings) is stored to power architecture views and AI context. Raw source files are not persistently stored and are deleted after indexing is complete.

Task data: Task titles, descriptions, answers to clarifying questions, and session logs are stored to power task history and progress tracking.

Usage data: We collect anonymised usage metrics (feature usage, crash reports, session durations) to improve the product. This data cannot be used to identify you.

• →To provide and improve the Service
• →To authenticate you and maintain your session
• →To interact with GitHub on your behalf (clone repos, push branches, open PRs)
• →To send AI requests to Anthropic or OpenAI on your behalf
• →To generate and maintain your codebase architecture index
• →To notify you of task completion, errors, or important account changes
• →To detect and prevent fraud or abuse

All data is transmitted over TLS (HTTPS). Your GitHub personal access token and API keys are stored using platform-native encrypted storage on your device and are never stored in plaintext anywhere.

Our backend infrastructure is hosted on cloud providers with industry-standard security practices. We implement access controls, audit logging, and regular security reviews.

Codebase index data is stored in encrypted databases. We do not store raw source code after the indexing pipeline completes.

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

• AI providers (Anthropic, OpenAI): Your task description, relevant code context, and clarifying question answers are sent to the AI provider to generate code. This is subject to their data handling policies.
• GitHub: We interact with GitHub on your behalf using your personal access token. Your use of GitHub is subject to GitHub's privacy policy.
• Infrastructure providers: We use cloud infrastructure providers (e.g., AWS, GCP) that may process your data as sub-processors. These providers are contractually bound to data protection standards.
• Legal requirements: We may disclose your information if required to do so by law, court order, or governmental authority.

We retain your account data for as long as your account is active. Task history and session logs are retained for 90 days, after which they are automatically deleted.

Codebase index data is retained while your project exists in Queued. Deleting a project permanently removes all associated index data from our systems within 30 days.

You can request deletion of your account and all associated data at any time by emailing [email protected].

Depending on your jurisdiction, you may have the following rights:

• ✓Right to access the personal data we hold about you
• ✓Right to correct inaccurate personal data
• ✓Right to request deletion of your personal data
• ✓Right to data portability
• ✓Right to withdraw consent at any time
• ✓Right to lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will delete it promptly.

The Queued mobile application does not use cookies. Our website may use essential cookies for authentication and preference storage. We do not use advertising or tracking cookies.

Your data may be transferred to and processed in countries other than your own. We ensure that any such transfers are subject to appropriate safeguards, including standard contractual clauses where required by applicable law.

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where appropriate, notifying you within the app. Continued use of the Service after changes constitutes acceptance of the updated policy.

For privacy-related questions or requests, please contact our privacy team at [email protected].