Paxel Privacy Policy

Last updated April 27, 2026

Paxel (“Paxel”) is a service operated by Y Combinator Management, LLC and its affiliates (collectively “Y Combinator”, “we”, “us” and/or “our”). This Privacy Policy (the “Privacy Policy”) serves to inform you of our policies and procedures regarding the collection, use and disclosure of the information we receive when you access and use the Paxel website (the “Site”) and the Paxel Docker client (the “Client”). The Site and Client provide, among other things, tools that analyze coding agent transcripts and produce scores and narrative reports about how you build with AI (collectively, the “Services”).

This Privacy Policy explains what Personal Information and certain other data we collect, how we use and disclose that data, and your choices concerning our data practices. Certain data, including your source code and the raw conversation history of your coding-agent transcripts, is processed locally on your machine inside the Paxel Docker container and is not transmitted to Y Combinator. The data we do receive is described below.

For a technical breakdown of what the Paxel Client collects, redacts, and retains in practice, see our data-handling page.

This Privacy Policy is incorporated into and forms part of our Terms of Use available at https://paxel.ycombinator.com/terms.

By using the Services, you hereby represent that you have read, understand and agree to this Privacy Policy and the Terms of Use and that you are over 18 years of age. PLEASE DO NOT USE THE SITE IF YOU DO NOT AGREE TO THIS PRIVACY POLICY.

For deletion requests and other data-subject requests, please contact us at privacy@ycombinator.com.

For California residents (defined below), see the California Privacy Rights section below for additional disclosures, our Notice at Collection and Use of Personal Information, and a description of your rights under the California Consumer Privacy Act (with any implementing regulations, as amended by the California Privacy Rights Act (“CPRA”), and as may be amended from time to time, “CCPA”).

1. PERSONAL INFORMATION WE COLLECT

We collect information that alone or in combination with other information in our possession could be used to identify you (“Personal Information”).

Personal Information You Provide. If you use the Services, you may be asked to provide your email address which is used for magic-link authentication and account-level communications. You may also choose to upload, via the Client, the following categories of information that may include or constitute Personal Information:

  • Identifiers included in uploaded data. Information you upload to use the Services may include personal identifiers such as your name and email address (including names and email addresses of repository contributors), as well as other identifiers that may appear in commit metadata, file paths, transcripts, or other uploaded materials.
  • AI coding-agent transcript-derived content. Per-session narratives, certain session events including file paths and truncated command text, prompt excerpts, steering traces, and dispatch metadata. This data may include local file paths (e.g., directory structures such as /Users/…) and other contextual information that could be associated with an individual. Raw conversation history, full prompts, full agent responses, and full tool outputs do not leave your machine.
  • Derived analytical outputs. Behavioral scores across various axes, decision records, episode groupings, and the “most-questionable-prompts” surface generated by our analysis pipeline.
  • Account data. Email address, magic-link authentication tokens, session cookies, and API tokens used by the Client.
  • Telemetry and system information. Client- and server-side telemetry, including error events, device and runtime information, with credentials and personal identifiers scrubbed before transmission.
  • Chat conversations. If you use Paxel’s chat features, we collect and store the content of your conversations with the analysis system, including your inputs and the system’s responses, which are associated with your account.
  • Usage patterns and activity intervals. We may derive and store information about your usage patterns, such as session timing and working-hour intervals, based on timestamps associated with your activity.

Information you upload may include Personal Information relating to other individuals (for example, repository contributors). You represent that you have the necessary rights and permissions to provide such information to us for processing in connection with the Services.

Certain data we receive (such as derived analytical outputs or metadata) does not inherently identify you but may be considered Personal Information to the extent it is associated with your account or otherwise reasonably linkable to you.

Personal Information We Receive Automatically From Your Use of the Site. When you visit, use, and interact with the Services, we may receive certain information about you, your visit, use, or interactions, including the following:

  • Log data. Log data is information that your browser automatically sends whenever you visit the Site. Log data includes your Internet Protocol (IP) address, browser type and settings, the date and time of your request, and how you interacted with the Site.
  • Cookies. We use a single, strictly-necessary session cookie to keep you logged in. The cookie has a 1-week expiry and we set no analytics, advertising, or persistent tracking cookies.
  • Device information. Includes name of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings.
  • Usage Information. We collect information about how you use our Services, such as the actions you take, and the time and duration of your activities.

Online Tracking and Do Not Track Signals: We do not use cross-site tracking technologies. Our Site does not serve advertisements or allow third-party ad networks to track you. Our Site currently does not respond to “Do Not Track” (“DNT”) signals and operates as described in this Privacy Policy whether or not a DNT signal is received. If we do respond to DNT signals in the future, we will update this Privacy Policy to describe how we do so.

Your Choices. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers:

Please note that session cookies are required to remain logged in. If you limit the ability of websites to set such cookies, you may not be able to benefit from the full functionality of the Services.

2. HOW WE USE PERSONAL INFORMATION

We may use Personal Information for the following purposes:

  • To provide and administer access to the Services, including sending magic-link emails and maintaining your session;
  • To generate the analytical outputs you request;
  • To route content you provide to our LLM sub-processors (including Anthropic Claude and OpenAI GPT models) for analysis;
  • To contact you about your uploads;
  • To respond to your inquiries, comments, feedback, or questions;
  • To send administrative information to you, for example, information regarding the Services and changes to our terms, conditions, and policies;
  • To maintain and improve the content and functionality of the Services;
  • To prevent fraud, criminal activity, or misuses of our Services, including rate limiting, API-token revocation, and account-level ban holds;
  • To ensure the security of our IT systems, architecture, and networks; and
  • To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our Affiliates, you, or other third parties.

Aggregated Information. We may aggregate Personal Information and use the aggregated information to analyze the effectiveness of our Services, to improve and add features to our Services, and for other similar purposes. We may collect aggregated information through the Services and through other means described in this Privacy Policy.

3. SHARING AND DISCLOSURE OF PERSONAL INFORMATION

In certain circumstances we may share your Personal Information with third parties without further notice to you, unless required by the law, as set forth below:

  • Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share Personal Information with vendors and service providers, including:
    • Anthropic (Claude API), including via Microsoft Foundry, for analysis of derived transcript content.
    • OpenAI (GPT API), including via Microsoft Foundry, for analysis of derived transcript content.
    • Google AI Studio (Gemini API) for vector embedding of evidence excerpts for semantic search.
    • Google Fonts which is loaded browser-side and exposes your IP address and user agent to Google.
    • Mailgun for magic-link email delivery.
    • Sentry for server-side and client-side error telemetry.
    • Cloudflare for TLS termination, WAF, and DDoS protection.
    • Amazon Web Services for application hosting

    These parties may access, process, or store Personal Information in the course of performing their duties to us.

  • Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your Personal Information and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or Affiliate as part of that Transaction along with other assets.
  • Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Services, or the public, or (v) protect against legal liability.
  • Affiliates: We may share Personal Information with our affiliates, meaning an entity that controls, is controlled by, or is under common control with Y Combinator (“Affiliates”). Our Affiliates will use the Personal Information we share in a manner consistent with this Privacy Policy.
  • With Your Consent. We may disclose your Personal Information to third parties upon your request, at your direction, or with your consent.

Please note that for purposes of this section, “sharing” does not include “sharing” as defined under the CCPA. For additional disclosures and information on our CCPA practices, please review California Privacy Rights below.

4. YOUR CHOICES AND DELETION REQUESTS

Your Rights and Choices: If you choose not to provide Personal Information that is needed to use features of our Services, you may be unable to use such features. You can contact us at privacy@ycombinator.com to request to update, correct, or delete your Personal Information.

Deletion Requests: To request deletion of your Personal Information, contact us at privacy@ycombinator.com. We will respond to verified requests within the timeframes required by applicable law. Certain data may be retained as permitted by applicable law.

5. CALIFORNIA PRIVACY RIGHTS

The CCPA imposes certain obligations on us and grants certain rights to California residents (“California Resident,” “you” or “your”) with regard to “personal information.” If you are a California Resident, please review the following information about your potential rights with regard to your Personal Information under the CCPA. The rights described herein are subject to exemptions and other limitations under applicable law. Terms used herein have the meaning ascribed to them in the CCPA. We are a “business.”

Notice at Collection and Use of Personal Information

Information We Collect. Depending on how you interact with us, we may collect the categories of personal information from or about you as identified in Personal Information We Collect and including:

  • Identifiers and similar information, such as your email address, names (including names of repository contributors contained in uploaded materials), and online identifiers or other similar identifiers;
  • Internet or other electronic network activity information, including interactions with our website or use of certain online tools, and IP addresses which may indicate broad geographic region;
  • Outputs of the Services including personal behavioral scores and narrative summaries; and
  • Inferences drawn from any of the information identified above to create a profile reflecting your preferences or similar information.

Our Use and Collection of Information. We may collect and use Personal Information from you for the purposes described above in How We Use Personal Information and described below in Our Collection, Use, and Disclosure of Personal Information.

Sale or Sharing of Personal Information. We do not sell or share your Personal Information (as those terms are defined under the CCPA).

How Long We Keep Information. How long we keep your Personal Information will vary depending on the type of personal data and our reasons for collecting it. The retention period will be determined by various criteria, including the purposes for which we are using it (as it will need to be kept for as long as is necessary for any of those purposes) and our legal obligations (as laws or regulations may set a minimum period for which we have to keep your personal data). In general, we will retain your Personal Information for as long as we require it to fulfill the business purposes for which it was collected, perform our contractual rights and obligations, or for periods required by our legal and regulatory obligations.

For more information about our privacy practices, please review our entire Privacy Policy.

Our Collection, Use, and Disclosure of Personal Information

The following disclosures are intended to provide additional information about the Personal Information we collect and do not limit our ability to use or disclose information as described in Sections 2 and 3. We do not sell or share your personal information (as those terms are defined under the CCPA). We do not knowingly sell or share the personal information of California Residents under 16 years old.

Category of Personal Information Sources Of Personal Information Business or Commercial Purpose for Collecting Personal Information Disclosure of Personal Information
Identifiers and similar information We collect this information directly from you and through your interactions with the Services. We use this information to provide you with the Services, communicate with you, and for prevention of fraud and malicious activity by users of our Services. We disclose this information to our Affiliates and Vendors and Service Providers
Internet or other electronic network activity information (including use of chat features) We collect this information directly from you through your interactions with the Services. We use this information to provide you with the Services, improve the Services, and in some cases, for moderation and prevention of fraud and malicious activity by users of our Services. We disclose this information to our Affiliates and certain Vendors and Service Providers
Outputs of the Services We collect this information directly from you through your interactions with the Services. We use this information to provide you with the Services, improve the Services, and in some cases, for moderation and prevention of fraud and malicious activity by users of our Services. We disclose this information to our Affiliates and certain Vendors and Service Providers
Inferences drawn from any of the information identified above We collect this information directly from you through your interactions with the Services. We use this information to provide you with the Services and improve the Services. We disclose this information to our Affiliates and certain Vendors and Service Providers.

In addition, in the preceding 12 months, we may have disclosed all of the categories of Personal Information identified in Information We Collect above to the following categories of third parties: (i) judicial courts, regulators, or other government agents purporting to have jurisdiction over us, our subsidiaries or our Affiliates, or opposing counsel and parties to litigation; and (ii) other third parties as may otherwise be permitted by law. We may disclose the categories of Personal Information identified in Information We Collect for the business or commercial purposes identified above in How We Use Information. Additionally, we may disclose your Personal Information to third parties upon your request, at your direction, or with your consent.

We may also disclose your Personal Information or otherwise make it available to our service providers, other entities that have agreed to limitations on the use of your Personal Information, or entities that fit within other exemptions or exceptions in, or as otherwise permitted by, the CCPA.

California Resident's Privacy Rights

To the extent provided for by law and subject to applicable exceptions, California residents may have the following privacy rights in relation to the Personal Information we collect, including the right to:

  • Be informed, at or before the point of collection, of the categories of Personal Information to be collected, and the purposes for which the categories of Personal Information shall be used;
  • Know what Personal Information we have collected and how we have used and disclosed that Personal Information (“Request to Know”);
  • Request deletion of your Personal Information, subject to certain exemptions (“Request to Delete”);
  • Opt-out of the “sale” (as that term is defined in the CCPA) of your personal information if a business sells your Personal Information (we do not);
  • Opt-out of the “sharing” (as that term is defined in the CCPA) of your Personal Information if a business shares your Personal Information with third parties (we do not);
  • Limit the use and disclosure of sensitive personal information where required by the CCPA (“Right to Limit”) (please note that we are not using your sensitive personal information for purposes that would require that we provide you with a Right to Limit);
  • Correct inaccurate Personal Information (“Request to Correct”); and
  • Be free from discrimination relating to the exercise of any of your privacy rights.

The CCPA does not restrict our ability to do certain things like comply with other laws or comply with regulatory investigations. We also reserve the right to retain, and not to delete, certain Personal Information after receipt of a Request to Delete from you where permitted by the CCPA or another law or regulation.

Exercising Your Rights. California residents can exercise their right to Request to Know, Request to Correct or Request to Delete (“Consumer Rights Request”) as described above, through the following toll-free telephone number +1 (415) 874-1528 or by contacting us at privacy@ycombinator.com.

Verification. In order to protect your Personal Information from unauthorized access or deletion, we may require you to verify your login credentials before you can submit a Consumer Rights Request. In verifying your request, we may ask you to provide additional Personal Information and proof of residency for verification. Such information may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, your name and email address. Any information gathered as part of the verification process will be used for verification purposes only. If we cannot verify your identity, we will not provide, delete or correct your Personal Information.

Authorized Agents. You may submit a Consumer Rights Request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity and submit proof of your residency with us.

Shine the Light Disclosures. California law requires us to inform California residents who have provided us with personal information that they may request information from us about our disclosures to third parties for their direct marketing purposes. To request this information, please contact us at privacy@ycombinator.com. In your request, please specify that this is a “California 'Shine the Light' Request.”

6. CHILDREN

Our Services are not directed to children who are under the age of 13. Y Combinator does not knowingly collect Personal Information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Information to Y Combinator through the Service, please contact us at privacy@ycombinator.com and we will endeavor to delete that information from our databases.

7. SECURITY

You use the Services at your own risk. We implement commercially reasonable technical, administrative, and organizational measures designed to protect Personal Information both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Services or email. Please keep this in mind when disclosing any Personal Information to Y Combinator via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Services, or third party websites.

8. INTERNATIONAL USERS

By using our Services, you understand and acknowledge that your Personal Information will be transferred from your location to our facilities and servers in the United States.

9. CHANGES TO THE PRIVACY POLICY

The Services and our business may change from time to time. As a result we may change this Privacy Policy at any time. When we do, we will post an updated version on this page, unless another type of notice is required by the applicable law. By continuing to use our Services or providing us with Personal Information after we have posted an updated Privacy Policy, or notified you by other means if applicable, you consent to the revised Privacy Policy and practices described in it.

10. QUESTIONS ABOUT THE PRIVACY POLICY

If you have any questions about our Privacy Policy or information practices or need to access this Privacy Policy in a different format, please feel free to contact the legal team at legal@ycombinator.com.