Privacy Policy

Last updated: June 11, 2026

Overview

Kickbacks.ai ("we", "us", "our") operates the Kickbacks VS Code extension and the kickbacks.ai website. This policy describes how we collect, use, and protect your information.

Information We Collect

• Account information: When you sign in with Google or via an email magic link, we receive your email address and display name (where available) to identify your account and credit earnings.
• Device identifier: A per-installation client identifier is generated locally to associate impression events with your account. It is pseudonymous: it does not identify you by itself, but for signed-in users it is linked to your account so we can credit earnings.
• Ad interaction events: For each ad served we record event telemetry: the event type (impression rendered, viewable, view-duration ticks, clicks), the ad/campaign/creative identifiers, the surface it appeared on (spinner, status line, or overlay), on-screen visibility metrics, a per-event ID used to deduplicate events, timestamps, and the extension and host application versions. In signed-out preview ("demo") mode, this telemetry is not attributed to any user account.
• IP address: We process your IP address on a transient basis for rate-limiting, abuse-detection, and fraud-prevention purposes.
• Payment information: If you purchase ad inventory, payment is processed by Stripe. We do not store your full card details.

Information We Do Not Collect

• Your source code, file contents, file names, or project structure.
• Your prompts, AI responses, or chat history.
• Your browsing activity outside of our extension and website.

The extension's telemetry is structurally limited to the ad-event metrics described above — the data it transmits contains no field capable of carrying your code, prompts, or AI interactions.

Local Processing (Never Transmitted)

To detect when Claude Code is actively running and which session is on screen, the extension reads Claude Code's local session transcript files (~/.claude/projects/**/*.jsonl) on your machine. From those files it parses only three things: the session's entrypoint tag (which distinguishes a VS Code panel session from a terminal session), the name of the most recent tool invocation, and whether the current turn has finished. This is used solely to time ad display and to stop the billing clock when activity ends.

This processing happens entirely on your device. No transcript content — no prompt, response, code, or tool name — is ever transmitted to our servers, and our telemetry schema contains no field capable of carrying it. The extension's source is publicly mirrored at github.com/andrewmccalip/kickbacks.ai if you would like to verify this yourself.

Website Analytics & Cookies

The kickbacks.ai website (not the extension) uses Microsoft Clarity, a usage-analytics service that records how visitors interact with our pages (clicks, scrolling, and page navigation) and sets cookies to distinguish visitors. We use this to understand and improve the website. See Microsoft's privacy statement for how Clarity handles data. Our pages also load fonts from Google Fonts, which receives your IP address when the font files are fetched.

How We Use Information

• Credit earnings to your account based on ad impressions and clicks.
• Serve relevant ads in the extension spinner slot.
• Improve our service and detect fraud or abuse.
• Communicate important account or service updates.

Google User Data

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we:

• Only use your Google email and display name to identify your account and credit earnings.
• Do not use Google user data for advertising, retargeting, or profiling.
• Do not sell, rent, or share Google user data with data brokers.
• Do not use Google user data to train AI or machine learning models.

Data Sharing

We do not sell your personal information. We may share data with:

• Stripe: For payment processing and, when payouts open, payout processing and related tax-information collection.
• Google Cloud: For infrastructure hosting, authentication, and data storage.
• Twilio SendGrid: For transactional email (sign-in links and account notices).
• Microsoft Clarity: For website usage analytics, as described above.
• Advertisers: Only aggregate, anonymized impression and click counts.

Data Retention & Deletion

Account data is retained while your account is active, and may be retained for up to 7 years after termination or last activity where needed for fraud prevention, financial reconciliation, and legal compliance. You may request deletion by contacting us at support@kickbacks.ai; upon deletion, personal identifiers are removed or anonymized within 30 days, while aggregated or anonymized data and financial records required by law may be retained.

Your Privacy Rights

Depending on where you live (including California and other U.S. states with privacy laws), you may have the right to request access to, correction of, or deletion of your personal information, and to opt out of any sale or sharing of personal information (which we do not do). Details for California residents are in Section 18 of our Terms of Service. To exercise any of these rights, email support@kickbacks.ai.

Security

We use industry-standard measures including encrypted connections (TLS), secure authentication tokens, and access controls to protect your data.

Changes

We may update this policy from time to time. Material changes will be communicated via the extension or email.

Contact

Questions about this policy? Email support@kickbacks.ai.