Welcome, and thank you for your interest in MDST Limited ("MDST", "we", "us", or "our"). MDST provides a secure, collaborative integrated development environment (IDE) available in both free and paid subscription tiers that enables you to build, plan, and learn with your team, friends, or family, fully local or online in real-time with end-to-end encryption. This Privacy Policy explains how we collect, use, disclose, and process personal data when you access or use our website, products, and services (collectively, the "Service"). We are committed to protecting your privacy and handling your personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.
Please read this Privacy Policy carefully to understand our practices regarding your personal data. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.
MDST Limited is a company registered in England and Wales. Our registered office is at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. For the purposes of the UK GDPR and the Data Protection Act 2018, we are the data controller in respect of your personal data, except where we act as a data processor in respect of Content (as defined in our Terms of Service), as further described in section 2 below.
If you have any questions about this Privacy Policy or our data protection practices, please contact us using the contact details provided in section 15 below.
We act as a data controller for personal data that we collect and process for our own purposes, including account information, billing data, security and telemetry data, and communications with you.
For project and chat content, files, code, and other materials that you upload, create, or store using the Service ("Content"), we act as a data processor on your behalf. This means we process such Content only as necessary to provide the Service to you and in accordance with your instructions. You, as the data controller of such Content, are responsible for ensuring that you have the necessary legal basis to process any personal data contained within Content and that you comply with all applicable data protection laws.
We may remove or preserve Content to comply with applicable law, enforce our Terms of Service, or to prevent harm to users or third parties.
3.1 Information You Provide to Us. We collect personal data that you voluntarily provide to us when you register for an account, use the Service, or communicate with us. This may include: your name, email address, username, password, and any other information you choose to provide in your account profile or when using the Service.
3.2 Account Data. When you create an account, we collect information such as your name, email address, authentication identifiers, and preferences. You may also choose to provide additional profile information.
3.3 Payment and Billing Data. If you make purchases or subscribe to paid features, we collect payment information through our third-party payment processors. This may include payment card details, billing address, and transaction history. We do not store full payment card details on our servers; such information is processed and stored by our payment processors in accordance with their privacy policies and applicable security standards.
3.4 Content Data. We collect and store Content that you upload, create, or store using the Service, including code files, text, documents, chat messages, and other materials. This Content may contain personal data that you have included in your files or communications.
3.5 Usage Data and Telemetry. We automatically collect information about how you interact with the Service, including device information (such as device type, operating system, browser type), IP address, log files, usage statistics, error reports, performance data, and other telemetry information. This helps us understand how the Service is being used and improve its functionality and security.
3.6 Support and Communication Data. When you contact us for support or communicate with us, we collect the information you provide, including your messages, support tickets, and any other information you share during such communications.
3.7 Cookies and Similar Technologies. We use cookies and similar tracking technologies to collect information about your use of the Service. For more information about our use of cookies, please see section 12 below.
4.1 To Provide and Maintain the Service. We use your personal data to create and manage your account, authenticate you when you access the Service, provide you with access to the Service and its features, store and process your Content, and communicate with you about your account and the Service.
4.2 To Process Payments and Manage Subscriptions. We use payment and billing data to process transactions, manage subscriptions, send invoices and receipts, and handle refunds and chargebacks.
4.3 To Communicate with You. We use your contact information to send you administrative communications, service updates, security alerts, responses to your inquiries, and other information related to your use of the Service. We may also send you promotional communications about our products and services, which you can opt out of at any time.
4.4 To Improve and Develop the Service. We use usage data and telemetry to analyse how the Service is being used, identify areas for improvement, develop new features, fix bugs, and enhance the overall user experience. We may also use aggregated and anonymised data for analytics and research purposes.
4.5 To Ensure Security and Prevent Fraud. We use personal data to monitor for security threats, detect and prevent fraud, unauthorised access, and other illegal activities. This includes analysing usage patterns, IP addresses, and other information to identify suspicious behaviour.
4.6 To Comply with Legal Obligations. We may use and disclose personal data as necessary to comply with applicable laws, regulations, legal processes, or governmental requests, including responding to court orders, subpoenas, or other legal requirements.
4.7 To Enforce Our Rights and Terms. We may use personal data to enforce our Terms of Service, protect our rights and property, and protect the rights and safety of our users and third parties.
Under UK GDPR, we must have a legal basis for processing your personal data. We rely on the following legal bases:
Contractual Necessity. We process your personal data as necessary to perform our contract with you, including providing the Service, processing payments, and managing your account.
Legitimate Interests. We process personal data for our legitimate interests, such as improving and developing the Service, ensuring security, preventing fraud, and marketing our products and services. We balance these interests against your rights and freedoms and only process data where our interests are not overridden by your interests or fundamental rights.
Consent. Where required by law, we obtain your consent before processing your personal data for certain purposes, such as marketing communications or the use of non-essential cookies. You can withdraw your consent at any time by contacting us or using the opt-out mechanisms we provide.
Legal Obligation. We process personal data to comply with our legal obligations, such as tax reporting, responding to legal requests, and maintaining records as required by law.
The Service supports both local and third-party AI models. The Service includes functionality for large language models (LLMs) to run entirely in your browser, ensuring that your code and conversations remain completely private with no data sent to external servers. When you use local browser-based models, all processing occurs on your device and we do not have access to your interactions or data.
The Service may also allow you to use third-party AI models and services (such as OpenAI, Anthropic Claude, Gemini, or other providers). When you explicitly select a third-party AI model, we send only the prompts, code snippets, metadata, and other information necessary to fulfill your request to that provider. Use of third-party AI models is disabled by default and requires your explicit selection.
When you use third-party AI providers, your interactions with those providers are subject to their respective terms of service and privacy policies. We recommend that you review the privacy policies of any third-party AI providers before using their services through our platform.
We do not use your Content to train any AI models unless you have explicitly opted in to such use. Even if you opt in, we will only use your Content for training purposes in accordance with your preferences and applicable laws.
7.1 Service Providers and Vendors. We share personal data with third-party service providers and vendors who perform services on our behalf, such as hosting providers, payment processors, analytics providers, customer support platforms, and other service providers necessary to operate the Service. These service providers are contractually obligated to process personal data only as necessary to provide their services and in accordance with our instructions and applicable data protection laws.
7.2 Business Transfers. In the event of a merger, acquisition, reorganisation, bankruptcy, or other business transaction, we may transfer your personal data to the acquiring entity or successor in interest, subject to the same terms of this Privacy Policy.
7.3 Legal Requirements. We may disclose personal data if required to do so by law or in response to valid legal requests, such as court orders, subpoenas, or government investigations. We may also disclose personal data to enforce our Terms of Service, protect our rights and property, or protect the rights and safety of users or third parties.
7.4 With Your Consent. We may share personal data with third parties when you have given us explicit consent to do so.
7.5 Aggregated and Anonymised Data. We may share aggregated, anonymised, or de-identified data that cannot reasonably be used to identify you for research, analytics, or other purposes.
We operate primarily from the United Kingdom, but some of our service providers and data processing activities may be located outside the UK and the European Economic Area ("EEA"). When we transfer personal data outside the UK or EEA, we ensure that appropriate safeguards are in place to protect your personal data in accordance with UK GDPR requirements.
These safeguards may include: (a) transfers to countries that have been recognised by the UK as providing an adequate level of data protection; (b) standard contractual clauses approved by the UK or EU authorities; (c) binding corporate rules; or (d) other appropriate legal mechanisms.
If you would like more information about the specific safeguards we use for international transfers, please contact us using the contact details provided in section 15 below.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
Account Data. We retain account data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations and resolve disputes.
Content Data. When you delete Content through the Service or delete your account, we remove it from active systems immediately. However, Content may remain in backups for up to 30 days after deletion to allow for account recovery, after which it will be permanently deleted. In some cases, we may retain Content for longer periods if required by law or to protect our legal interests.
Usage Data and Logs. We retain usage data and server logs for up to 90 days unless a longer retention period is required for security, legal, or operational purposes.
Payment Data. We retain payment and billing data for as long as necessary to process transactions, comply with tax and accounting requirements, and resolve disputes. Payment card details are processed and stored by our payment processors in accordance with their retention policies and applicable regulations.
Legal Requirements. We may retain personal data for longer periods if required by applicable law, regulation, or legal process, or to establish, exercise, or defend legal claims.
We implement appropriate technical and organisational measures designed to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include: encryption of data in transit and at rest, access controls and authentication mechanisms, regular security assessments and updates, staff training on data protection, and incident response procedures.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activities that occur under your account.
Under UK GDPR and the Data Protection Act 2018, you have certain rights regarding your personal data. These rights include:
Right of Access. You have the right to request access to and receive a copy of your personal data that we hold, together with certain information about how we process it.
Right to Rectification. You have the right to request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure. You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or when you withdraw consent and there is no other legal basis for processing.
Right to Restrict Processing. You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability. You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible and where processing is based on consent or contract.
Right to Object. You have the right to object to processing of your personal data for direct marketing purposes or when processing is based on legitimate interests, in which case we will cease processing unless we can demonstrate compelling legitimate grounds.
Right to Withdraw Consent. Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint. You have the right to lodge a complaint with the Information Commissioner's Office ("ICO"), the UK's data protection supervisory authority, if you believe that our processing of your personal data violates applicable data protection laws.
To exercise any of these rights, please contact us using the contact details provided in section 15 below. We will respond to your request within one month, or within two months if the request is complex. We may require you to verify your identity before processing your request.
We use cookies and similar tracking technologies to collect and store information about your use of the Service. Cookies are small text files that are placed on your device when you visit our website.
Essential Cookies. We use essential cookies that are necessary for the Service to function properly, such as authentication cookies that allow you to remain logged in.
Analytics Cookies. We use first-party analytics cookies to understand how users interact with the Service, analyse usage patterns, and improve our services. We use privacy-respecting analytics that minimise the collection of personal data.
No Third-Party Advertising Trackers. We do not use third-party advertising cookies or tracking technologies for advertising purposes. We do not sell your personal data to advertisers or allow third parties to place tracking cookies on our Service for advertising purposes.
You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies, but doing so may affect your ability to use certain features of the Service.
The Service is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately using the contact details provided in section 15 below. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. We will notify you of any material changes by updating the "Last updated" date at the top of this Privacy Policy and, where appropriate, by sending you an email notification or displaying a prominent notice on the Service.
Your continued use of the Service after any changes to this Privacy Policy will constitute your acceptance of such changes. If you do not agree to the updated Privacy Policy, you should discontinue your use of the Service and delete your account.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us at:
MDST Limited
71-75 Shelton Street, Covent Garden
London, United Kingdom, WC2H 9JQ
Email: legal@mdst.app
If you are not satisfied with our response to your complaint or have concerns about how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at:
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: https://ico.org.uk
Phone: 0303 123 1113