Privacy Policy

Effective date: 19 June 2026

1. Who we are

Ryx Interactive ("we", "us", "our") operates the Ryx Sidekick website, the web account cabinet, and the Ryx Sidekick plugin for the Unity Editor. We are the data controller for the personal data described in this policy. You can reach us at support@ryx-sidekick.pro.

2. Scope

This policy covers personal data we process when you:

• browse this website;
• sign in to the web account cabinet;
• link or activate the Ryx Sidekick plugin in your Unity Editor;
• redeem a Unity Asset Store invoice to claim a Pro license.

It does not cover the third-party AI command-line tools that Ryx Sidekick can drive on your behalf — see Section 5.

3. What we collect

Account and identity data. When you sign in (via Google sign-in or an email sign-in link, handled by Google Firebase Authentication), we receive and store:

• your email address;
• your display name, if your sign-in provider supplies one (optional);
• a Firebase user identifier (UID) that links your account to your data.

During an email-link sign-in, your email is held briefly in your browser's localStorage (key sidekick_email_for_sign_in) only to complete that sign-in, and is cleared afterwards.

License and entitlement data. To grant and manage your Pro license we store:

• license records — product (SKU), status, source, seat allowance, edition year, and the support window;
• when you redeem a Unity Asset Store purchase, the invoice number (stored only as a one-way hash for de-duplication) and the redemption date.

Device and activation data. Each device ("seat") you activate stores:

• a hash of your machine identifier (machineIdHash, a one-way SHA-256 value — we never store the raw machine ID);
• your operating system and Unity Editor version;
• the time the device was last seen;
• one-way hashes of the session tokens used to keep the device signed in (we never store the tokens themselves in plain text).

You can see your activated devices in the cabinet and unlink any of them at any time.

Waitlist data (currently inactive). A pre-launch email waitlist exists but is not the primary sign-up path. If you do use it, we store your email address, the timestamp of your consent, your browser locale, and the referral source.

We do not collect payment card details, postal addresses, or phone numbers through this site.

4. What the Unity plugin sends us

The Ryx Sidekick plugin contacts our servers only for the following, and only as needed:

• License validation and activation — your license key (where applicable), machine identifier, Unity Editor version, and operating system. The machine identifier is hashed on our server before storage.
• Update checks — the plugin fetches a public configuration file and compares version numbers locally. This request carries no personal data and does not identify you.

No telemetry. The plugin contains no analytics, usage tracking, behavioural profiling, or crash reporting. We do not record what you do inside the Editor.

5. Your code and prompts go to third-party tools, not to us

Ryx Sidekick is a front-end that drives AI coding command-line tools you install and configure yourself (such as Claude Code, Cursor, or Codex). Your prompts, code, project files, and the assistants' responses flow between your machine and those tools and their providers — they are not sent to or stored by Ryx Interactive. Your use of those tools is governed by their own terms and privacy policies, and you are responsible for the accounts and API keys you use with them.

6. Why we process your data (lawful basis)

• Performance of a contract (Art. 6(1)(b) GDPR) — to create your account, grant and validate your license, activate your devices, and deliver updates.
• Legitimate interests (Art. 6(1)(f) GDPR) — to enforce seat limits, prevent abuse, and de-duplicate invoice redemptions. We balance these against your rights.
• Consent (Art. 6(1)(a) GDPR) — for the optional email waitlist; you can withdraw it at any time.

7. Processors and third parties

We share data with the following service providers, each acting under a Data Processing Agreement:

• Google Firebase — Authentication, Firestore database, Cloud Functions, and Storage. Our database and functions run in the europe-west1 region (EU).
• Email delivery provider — sends account and license-related emails on our behalf. Details will be updated once the provider is confirmed.
• Unity Asset Store — when you redeem a purchase, we send the invoice number to Unity's publisher API to verify it (read-only).
• Google Fonts — typography is loaded from Google's servers, which receive your IP address as part of the request when a page loads.

The third-party AI tools described in Section 5 are not our processors — you install and configure them, and their providers process that data independently. We do not sell your personal data to anyone.

8. Data location and international transfers

Your account, license, and device data is stored within the European Union (Google Cloud europe-west1). Some requests reach Google's wider infrastructure (Firebase Authentication, Google Fonts) and Unity's invoice-verification API (United States); where such transfers occur, they rely on standard contractual clauses and the providers' own safeguards.

9. Retention

• Account and license records — kept while your account and license are active; license and redemption records may be retained afterwards for audit and dispute purposes.
• Device records — kept until you unlink the device or delete your account.
• Sign-in session tokens — refresh credentials expire after roughly 90 days, short-lived access credentials within about an hour, and one-time sign-in codes after 5 minutes.
• Waitlist records — kept until a reasonable window after launch, or until you unsubscribe. Anonymised aggregate counts may be retained indefinitely.

10. Your rights

Under the GDPR you have the right to:

• Access — request a copy of the data we hold about you.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten").
• Portability — receive your data in a machine-readable format.
• Restriction and objection — limit or object to certain processing.
• Withdraw consent — at any time, without affecting the lawfulness of prior processing.
• Complaint — lodge a complaint with your national data-protection supervisory authority.

To exercise any of these rights, email support@ryx-sidekick.pro. We aim to respond within 30 days.

11. Managing and deleting your data

In the web cabinet you can review your licenses and devices, unlink any device, and sign out. To delete your account or make any other data request, email support@ryx-sidekick.pro. If you joined the waitlist, every email we send includes an unsubscribe link that removes you from the list immediately.

12. Cookies and tracking

This site sets no tracking cookies and loads no third-party analytics scripts. We use your browser's localStorage only to complete email-link sign-in, and Firebase Authentication stores the data it needs to keep you signed in. The only other external requests are to Google Fonts and to our own Firebase backend.

13. Children

Ryx Sidekick is a professional developer tool and is not directed to children under 16. We do not knowingly collect data from children; if we learn that we have, we will delete it.

14. Changes to this policy

We may update this policy as the product evolves. If we make material changes we will update the effective date above, and we will not retroactively reduce your rights without obtaining fresh consent where required.

15. Contact

Questions about this policy? Email support@ryx-sidekick.pro.

This policy is governed by the data-protection laws applicable where Ryx Interactive is established.