Privacy Policy
Last Updated: June 30, 2026. This Privacy Policy describes how Element collects, uses, and protects your information across our local editor software, global API endpoints, and web systems.
1. Information We Collect
To provide our plan-first AI code generation, model routing, and Figma translation services, we collect information across three main categories:
- Account Credentials: Basic identifier details supplied during registration (first name, last name, email address, password hashes, and active country code configurations).
- Local Editor Telemetry: Anonymized performance metrics, crash dump diagnostics, active theme profiles, and average compilation times to ensure standard local software stability.
- AI Workspace Traffic: Prompt inputs, structural plans, and vector coordinates pasted from third-party services (such as Figma) to compile corresponding Tailwind, HTML, or CSS modules.
Source Code Isolation: We do not upload, scan, index, or retain any local codebase files unless directly submitted as conversational prompt context to our active AI agents.
2. How We Route and Use Information
Your contextual inputs and coordinate variables are processed solely to yield optimized code generations, structural plan roadmaps, and UI element previews. This logic involves:
- Transmitting specific prompt fragments to your selected LLM hosting node (including OpenAI, Anthropic, Google, and DeepSeek servers).
- Preserving temporal session state variables to enable multi-turn planning in Plan Mode.
- Compiling statistical performance tables (token count metrics and billing tier limits).
3. Third-Party API Processors
By utilizing Element's multi-model and hybrid features, your prompt variables are securely routed to corresponding model providers. These companies operate under strict confidentiality agreements. Where feasible, we enforce zero data retention policies on secondary endpoint nodes:
- OpenAI, LLC (GPT-4o, GPT-4o mini, o1, o3-mini)
- Anthropic, PBC (Claude Sonnet 4, Claude Haiku 3.5)
- DeepSeek Technologies Co., Ltd (DeepSeek R1, DeepSeek V3)
- Google LLC (Gemini 2.0 Flash, Gemini 2.5 Pro)
4. Storage Security & Expiry
Basic user database profiles and active credentials are secure and encrypted. Local session variables, active file hierarchies, and authentication tokens are cached on your disk inside local application directories. Your browser session tokens use standard httpOnly security policies and expire according to system configuration limits.
5. GDPR, CCPA, and Global Compliance
Regardless of your physical operating location, you preserve complete legal control over your registration variables. You hold direct rights to review, download, modify, or permanently request the deletion of your account records. Inquiries can be submitted directly via our active Contact Portal.
6. Contact and Inquiries
For legal inquiries, policy adjustments, and data deletion requests, please contact our privacy compliance group directly: