Privacy Policy
Last updated: June 30, 2026
This Privacy Policy explains how Premsan Inc ("Premsan", "we") handles personal data in connection with Typillar. It applies to typillar.com, the console, and the API.
Premsan Inc's corporate Privacy Policy describes company-level data handling that applies across all services we operate. This page covers Typillar-specific processing.
1. What we collect
- Account data — name, email, and the OAuth identifier when you sign in with GitHub or Google.
- Connected credentials — when you connect Cloudflare (and, optionally, GitHub, GitLab, or a model provider), we store the resulting OAuth tokens or API keys encrypted at rest and use them only to act on your behalf — provisioning Workers, pushing to your repository, and running codegen. We never receive your provider passwords.
- Project data — the ideas, tickets, and idea→build→deploy history for each project, held in a per-project Durable Object.
- Generated content & prompts — to build your app, the harness sends your idea and ticket text to the model provider you select (your Cloudflare Workers AI, or your Anthropic or OpenAI key). That provider processes the prompt under your own account.
- Usage data — sign-in, project, and deploy events, logged via Cloudflare Workers Analytics Engine to operate the service.
2. How we use it
We process personal data to operate the service, authenticate sessions, provision resources into your connected accounts on your instruction, respond to support requests, and comply with legal obligations. We do not sell personal data.
3. Sub-processors
Typillar's control plane runs on Cloudflare (Workers, Durable Objects with embedded SQLite, D1, KV, Analytics Engine). When you connect a model provider, your codegen prompts are processed by that provider (Cloudflare Workers AI, Anthropic, or OpenAI) under your own account and keys. Payment and email processors will be listed here if and when those features are enabled. These providers process data only on our — or, for your connected accounts, your — instructions.
4. Your connected accounts
Typillar builds and deploys into your own Cloudflare account and repositories. The tokens you grant are stored encrypted, used only to perform the actions you approve, and can be revoked at any time by disconnecting the provider in the console's Connections settings or from the provider's own dashboard.
5. Retention
Account and project data are retained for the life of the account. Connected credentials are retained until you disconnect the provider or delete your account. Telemetry events are retained for the period set by Cloudflare Analytics Engine. When you delete your account, your data is removed after a short recovery window unless we are required to retain it by law. Resources Typillar created in your own Cloudflare account remain yours and are governed by Cloudflare's terms.
6. Your rights
You can disconnect any provider or delete your account at any time from the console. Depending on where you live, you may also have the right to access, correct, export, or restrict processing of your personal data, and to object to certain processing. Email privacy@typillar.com and we will respond within a reasonable time.
7. Security
Connections are encrypted in transit. OAuth tokens and model API keys are encrypted at rest (AES-GCM) and used with least privilege. Each project's data lives in its own Durable Object, isolated at the storage layer; sessions live in short-TTL KV.
8. Changes
We may update this Policy from time to time. Material changes will be announced in the console or by email.
9. Contact
Premsan Inc — 530-0001, 12-12, Osaka Ekimae Dai-2 Bldg., 1-2-2 Umeda, Kita-ku, Osaka-shi, Osaka, Japan. privacy@typillar.com.