TM TreeMA Privacy Policy

Legal

Privacy Policy

Effective date: April 10, 2026. This policy describes how TreeMA handles information on the public landing site, in the current hosted deployment, and in the local-first product workflows described on the site.

1. Scope

This Privacy Policy applies to the TreeMA landing site, the current Vercel-hosted deployment, and the local application workflows described in the repository. TreeMA is an early product and a local-first tool. Most project data in normal use is created, stored, and reviewed on a user-controlled machine or workspace rather than in a hosted TreeMA backend.

2. Information We Collect

Depending on how you access TreeMA, the following categories of information may be involved:

  • Basic usage data from the hosted landing site or deployment, such as IP address, browser type, request logs, and device metadata normally generated by hosting infrastructure.
  • Information you choose to store locally when using TreeMA, including project state, workspace context, decisions, risks, scan artifacts, and local settings.
  • Credentials or provider settings that the local app stores outside project workspaces when you configure AI providers on your own machine.
  • Messages or contact information you voluntarily send through whatever support or contact channel is made available with the product distribution you use.

3. How We Use Information

We use information only for the narrow purposes needed to operate and improve the current product.

  • To serve the landing site and maintain the hosted deployment.
  • To let users initialize, inspect, and manage local TreeMA workspaces.
  • To support configured AI-provider connectivity that users explicitly enable on their own devices.
  • To debug product issues, protect the service, and understand high-level product usage.

4. Local-First Data Handling

TreeMA is designed so that canonical project state and staged project analysis remain local by default. In the current MVP, the canonical workspace artifacts described in the documentation are stored in local files such as `.treema/project_state.json` and `.treema/analysis/project-structure.json`.

If you configure third-party AI providers from the local app, credentials are stored on your own machine outside `.treema`, as described in the product documentation. You are responsible for the security of the machine and environment where you run TreeMA.

5. Hosted Infrastructure and Third Parties

The public deployment of TreeMA is hosted using third-party infrastructure. Those providers may process request logs, performance data, or security-related telemetry as part of hosting and delivery. When you use TreeMA with third-party AI providers, those providers process the requests you send through them under their own terms and privacy policies.

TreeMA does not claim to control or replace the policies of those providers. You should review the terms and privacy practices of any third-party services you connect.

6. Cookies and Similar Technologies

The current landing site does not intentionally introduce a custom analytics or ad-tech cookie banner. Hosting or platform providers may still use essential technical cookies, caching behavior, or similar mechanisms required to deliver the site securely.

7. Sharing

We do not describe TreeMA as a data-broker or ad-targeting service. Information may be disclosed only in narrow situations such as hosting operations, security protection, legal compliance, or a product transfer involving the TreeMA service or repository.

8. Retention

Locally stored workspace and settings data remain on the machine or environment where you run TreeMA until you delete them. Hosted request logs and operational data are kept only as long as reasonably needed for hosting, security, and troubleshooting, subject to the retention practices of the infrastructure providers involved.

9. Security

We use reasonable administrative and technical measures for the current MVP surface, but no method of storage, transmission, or local device operation is completely secure. You should avoid storing secrets or regulated information in TreeMA unless you have reviewed the risks for your own environment and third-party integrations.

10. Your Choices

  • You can stop using the hosted site at any time.
  • You can delete local TreeMA workspace files and locally stored settings from your own device.
  • You can avoid connecting third-party AI providers if you do not want provider-side processing.

11. Children

TreeMA is intended for general professional or developer use and is not directed to children under 13.

12. Changes to This Policy

We may update this Privacy Policy as the product changes. When we do, we will update the effective date on this page and publish the revised version with the deployment or repository that distributes TreeMA.

13. Contact

Questions about this Privacy Policy should be directed through the current Customer Support path published with the TreeMA distribution you are using. If no dedicated support channel is listed there, treat the repository or product distribution source as the current operator contact point.