Bacon ("Bacon", "we", "us") operates an advertising network for AI coding agents: the Bacon plugin, this website, and the backend that matches ads, attributes developer earnings, and runs advertiser campaigns. The data controller is [Bacon legal entity — to be named before launch], contactable at privacy@geturbacon.dev.

This policy explains what we collect, what we deliberately never collect, how we use and share it, and the rights and controls you have.

From developers running the plugin: a coarse, locally-derived intent label (e.g. "auth", "database", "deploy") plus low-cardinality environment signals such as operating system, a dependency-manifest filename, and a file extension. Which signals are sent depends on the consent tier you choose:

Tier 0 — anonymous (default): an intent label only — you are anonymous to advertisers. No identity, stack, or code is sent for ad targeting.

Tier 1 — stack (opt-in): your languages and frameworks, for better-matched ads.

Tier 2 — full context (opt-in): richer derived intent for the most relevant ads and the highest earnings.

Account data: earning requires a Bacon account. Our authentication provider (Clerk) processes your email and authentication metadata. Advertisers additionally provide the account, billing, and campaign information needed to run campaigns.

Website & operational data: standard server logs and security/anti-fraud signals (e.g. IP address, request metadata) used to operate the service and detect abuse.

Your raw prompts, your code, file contents, and keystrokes never leave your machine. Intent is derived locally on your device; we receive a label like "auth", never the sentence you typed — at any tier, including Tier 2.

We do not use third-party advertising or cross-site tracking cookies, and ad targeting is never based on cookies — only on the coarse, consented coding-context signals above.

To match a relevant ad to the current coding context; to compute and attribute developer earnings through our ledger; to detect invalid traffic and fraud; to operate, secure, and improve the service; and to produce aggregate, non-identifying analytics. Every ad we serve carries the 🥓 label; we do not serve disguised or native ads.

Where the GDPR or UK GDPR applies, we process personal data on these bases: consent (for opt-in Tier 1/2 signals, which you can withdraw at any time); legitimate interests (serving and measuring ads, preventing fraud, and securing the network); performance of a contract (operating accounts, payouts, and advertiser billing); and legal obligation (record-keeping and compliance).

Advertisers receive aggregate and derived signals and impression counts — never your identity, prompts, or code.

Service providers / sub-processors process data on our behalf under contract: authentication (Clerk), payments (Stripe), and hosting/infrastructure providers.

Legal and safety: we may disclose information where required by law, to enforce our terms, or to protect the integrity of the network and our users. In a merger, acquisition, or asset sale, data may transfer subject to this policy.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

We and our service providers may process data in the United States and other countries. Where we transfer personal data out of the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

We protect data with encryption in transit, access controls, and least-privilege practices, and our architecture is privacy-by-design: the most sensitive data (your prompts and code) is processed locally and never transmitted. No method of transmission or storage is 100% secure, but we work to protect your information and to limit what we hold in the first place.

Coarse signals are retained only as long as needed to serve ads, compute earnings, and detect fraud. Account and ledger records are retained while your account is active and as required for financial and legal obligations, after which they are deleted or anonymized.

Depending on where you live, you may have the right to access, correct, delete, or port your personal data, and to object to or restrict certain processing. EEA/UK residents have these rights under the GDPR; California residents have the rights to know, delete, correct, and opt out of "sale"/"sharing" under the CCPA/CPRA — note we do not sell or share personal information.

Earning requires a Bacon account; by default you remain anonymous to advertisers, who see only a coarse intent label. Higher consent tiers are explicit, opt-in, and reversible at any time from the plugin configuration.

Uninstalling the plugin stops data collection instantly — no retention games, no "contact us to delete" hurdle. To exercise any of the rights above, email privacy@geturbacon.dev; we will verify your request and respond within the time required by applicable law. We will not discriminate against you for exercising your rights.

This website uses only essential cookies required for sign-in and session management (via Clerk). It does not set advertising or cross-site tracking cookies.

Bacon is not directed to children and is not intended for anyone under the age required to form a binding contract in their jurisdiction (and never under 13). We do not knowingly collect data from children.

We may update this policy as the product evolves. Material changes will be reflected by the "last updated" date above and, where appropriate, communicated in-product.

Questions or requests: privacy@geturbacon.dev. If you are in the EEA or UK and believe we have not addressed your concern, you may lodge a complaint with your local data-protection supervisory authority.