carrot
Back to site
Legal

Privacy Policy

Last updated: 21 June 2026

The short version. Carrot is local-first. You can use the whole editor with no account, and your work stays on your device unless you choose to sign in and sync. We don't run ads, analytics, or trackers, and we never sell your data. When you bring your own AI key, your code and key stay yours.

1 · Local-first by default

Carrot is a lightweight code editor for the web, macOS, iPhone and iPad. This policy explains what information Carrot handles, why, and the choices you have. It applies to the Carrot apps and the Carrot website. Carrot is built and operated by Christian Brooker (the "developer", "we", "us").

Carrot works without an account and offline. The editor, predictive completion, automatic language detection, Markdown preview, search and file management all run on your device. We only collect or store the information described below when you choose to use a feature that needs it (signing in, syncing, connecting GitHub, cloud AI, or collaboration).

2 · Information we handle

Account (only if you sign in)

Signing in is optional and enables cloud sync and collaboration. You can sign in with GitHub, Google, or an email "magic link". When you do, we store a minimal account record:

  • your email address (only when the provider confirms you own it), display name, and avatar URL, if provided;
  • the identity from your provider (e.g. your GitHub or Google user id) so we can recognise you on return;
  • a session token — an opaque, cryptographically random value that keeps you signed in. It is not a password or derived from one, and contains no personal data.

We never store a password — Carrot has no passwords.

Your workspace (only if you sync)

If you are signed in, your files (their paths and contents) are stored in Carrot's database in a workspace private to your account, so they sync across your devices. On your device, a local copy of open files and settings is kept (in app or browser storage) so Carrot works offline. File contents are transmitted over HTTPS and stored on Cloudflare's infrastructure; they are not separately encrypted at rest by Carrot at the application level.

GitHub connection (optional)

If you connect a GitHub repository to back up your workspace, we store your GitHub access token encrypted at rest (AES-256-GCM) together with the repository and branch you choose. You can disconnect at any time, which deletes the stored token.

AI predictions — your choice of provider

  • On-device / local: predictions are generated on your device. Nothing is sent anywhere.
  • Ollama: predictions run on the local model you point Carrot at. Requests go directly from your device to the URL you set, and your code does not leave your machine or network — Carrot's servers are never in the path.
  • Bring your own cloud key (OpenAI or Anthropic): your own API key is required, and it is stored encrypted at rest (AES-256-GCM) and write-only — once saved, even the app can only tell that a key is on file and can never read it back. To produce a suggestion, only the code around your cursor (up to roughly 2,000 characters before and 1,000 after — not your whole file) is sent to that provider using your key. That provider then processes it under OpenAI's or Anthropic's own privacy policy. You choose the provider, and you can change or remove your key at any time. We do not train any model on your code, and we do not retain prediction requests on our servers.

Collaboration (optional)

When you share a file, Carrot creates a revocable capability link. While a session is live, the file's contents (as document updates) and your presence — your chosen display name, a colour, and cursor position — flow through Carrot's realtime service to the people you share with, so everyone sees the same document. Presence is never stored. You can revoke a link, or revoke sharing for an entire file, at any time; revocation cuts off access server-side within one short token-refresh window.

3 · What we do not do

  • No advertising, and no advertising identifiers or profiles.
  • No analytics SDKs, no telemetry, no crash reporting, no third-party trackers, and no behavioural tracking — anywhere in the web, native, or backend code.
  • We do not sell, rent, or trade your personal information.
  • We do not read or mine your code, and we do not train any model on it, for any purpose other than the feature you invoked (e.g. generating a prediction you asked for).

4 · How your data is stored and protected

Carrot's backend runs on Cloudflare (database and edge compute). Data is transmitted over HTTPS. Session tokens are opaque and random; the GitHub access token and any bring-your-own cloud AI key are encrypted at rest with AES-256-GCM. Synced file contents are stored on Cloudflare's infrastructure and protected in transit by HTTPS, but are not separately encrypted at rest at the application level by Carrot. Access controls and rate limiting protect the service. No method of storage or transmission is 100% secure, but we aim to use reasonable, modern safeguards.

5 · Service providers

We rely on a small number of providers to run Carrot:

  • Cloudflare — hosting, database, and realtime collaboration infrastructure.
  • GitHub and Google — sign-in (only when you choose them).
  • Resend — sends the email when you request a magic-link sign-in.
  • OpenAI or Anthropic — only if you select bring-your-own cloud AI, and only for the cursor context described above.

6 · Payments

Carrot does not currently process payments and collects no payment information. If optional paid plans launch in future, payment will be handled by a third-party payment processor; we will not store full card details, and this policy will be updated beforehand.

7 · Children

Carrot is a developer tool and is not directed to children under 13 (or under 16 in regions where that is the threshold). We do not knowingly collect personal information from children.

8 · Your rights and choices

You can access, correct, export, or delete your information. Specifically:

  • Sign out to end a session on a device.
  • Disconnect GitHub to delete the stored GitHub token.
  • Remove your AI key by switching providers or clearing it in Settings.
  • Delete your account and synced data — email us (below) and we will remove your account, workspace and connections.

Depending on where you live, you may have rights under the EU/UK GDPR, the California CCPA/CPRA, or the Australian Privacy Principles. We honour these rights for all users. To exercise them, contact us.

9 · International users

Carrot is operated from Australia and runs on Cloudflare's global network, so your data may be processed in data centres outside your country. We apply this policy wherever your data is handled.

10 · Changes to this policy

If we change this policy we will update the "Last updated" date above, and for material changes we will provide a clearer notice. Continued use after an update means you accept the revised policy.

11 · Contact

Questions, requests, or privacy concerns? Email christianbrooker@gmail.com.

carrot © 2026 Carrot. All rights reserved.