← royalties.beer

// privacy

Privacy

last updated: 4 July 2026

Plain language first, because that is the whole point of this project. royalties pays you for anonymous metadata about your AI coding sessions — never your code. This page explains exactly what we hold, why we are allowed to, how long we keep it, and how you stay in control.

Who we are

The data controller is [[Registered legal entity name]], [[Registered address, EU member state]]. We are established in the EU, so the GDPR applies to everyone we collect from, wherever you are.

Most data rights are self-service through the CLI — see “Your rights” below. General questions: DM @royaltiesdev on X. Security issues: GitHub Security Advisories.

Our legal basis

Consent (GDPR Art. 6(1)(a)). Nothing is collected until you install the collector and run npx royalties init. You can withdraw consent at any time by pausing or uninstalling — see “Your rights” below. Withdrawing consent does not affect processing that already happened.

What we hold

Event stream. A whitelist of coding-session metadata, keyed by a random panelist_id generated on your machine at init. There is no name, email, or IP address in this stream. The exact, version-controlled list of fields lives in the open-source collector’s SCHEMA.md — the collector is structurally incapable of sending anything not on it.

Country. Resolved from your IP address at the moment an event reaches our server, then the IP is discarded. We store the two-letter country, never the IP.

Account (separate). Your email and payout details live in a separate payout system (Stripe). The link between your account and your panelist_id exists only there — analysts and data buyers never see it.

What never leaves your machine

Your prompts, your code, diffs, file names, directory paths, repo or branch names, error messages, full URLs, query strings, environment variables, secrets, hostname, username, and IP (client-side). The collector’s test suite rejects any payload containing these before it touches the network.

What we do with it

  • Aggregate it into market reports. No report cell ever describes fewer than 50 panelists.
  • Compute your revenue share.
  • Show you your own stats.

What we never do

  • Sell or share raw, per-developer data.
  • Let buyers re-identify panelists — enforced by contract (DPA) and by aggregation thresholds.
  • Train models on your data.
  • Use your data for advertising.

This website

royalties.beer sets no cookies, runs no analytics, and loads no third-party trackers or fonts. There is nothing to consent to, so there is no cookie banner. The only things you can do here are copy a command and message us on X.

How long we keep it

Raw events are kept for 24 months, then reduced to aggregates that can no longer single you out. Account data is kept for as long as your account exists.

Your rights

We hold no email or name for you — the only thing tying your events to you is the random panelist_id and the bearer token your CLI holds. That token is your proof of identity: whoever holds it is the data subject. So your GDPR rights are exercised primarily as self-service through the authenticated CLI:

  • Access & export — `royalties export` returns all your events as JSON (machine-readable, so it also satisfies portability).
  • Erasure — `royalties purge` wipes your local queue and triggers server-side erasure within 30 days.
  • Restrict / pause processing — `royalties pause`, or drop a `.royaltiesignore` file in any project.
  • Withdraw consent — uninstalling the collector stops all future collection.

You can also object to processing and lodge a complaint with your local data-protection supervisory authority. Any question the CLI can’t cover: DM @royaltiesdev on X.

If we get it wrong

A collector bug that leaks a non-whitelisted field is treated as critical: public disclosure in the repository, the affected data deleted at ingest, and a published post-mortem. Report security issues privately via GitHub Security Advisories.

Changes to this policy

If we change how we handle data, we’ll update this page and its “last updated” date. Material changes that expand processing will ask for fresh consent.