Spiderly LogoSPIDERLY

Privacy Policy

Learn how Spiderly handles information and your responsibilities when using it as a development tool.

Effective Date: January 13, 2026

1. Introduction

This Privacy Policy describes how Spiderly (the "Library") handles information when you use it as a developer tool. Spiderly is a free open-source code generation framework distributed via NuGet and GitHub that operates entirely on your local development machine.

2. Information We Do NOT Collect

Spiderly does not collect, transmit, store, or process any of the following:

  • No Personal Information: We do not collect your name, email, or contact information
  • No Usage Analytics: We do not track how you use the Library
  • No Telemetry: We do not collect error reports, crash data, or performance metrics
  • No Source Code: Your source code and generated code never leave your machine
  • No Development Data: Entity definitions, database schemas, and configuration remain local
  • No Network Communication: The Library does not "phone home" or connect to our servers

3. How Spiderly Works Locally

Spiderly is a development-time tool that:

  1. Reads your Entity Framework Core model definitions from your local codebase
  2. Analyzes attributes and metadata in your code
  3. Generates C# and TypeScript source files directly in your project folders
  4. Operates entirely on your development machine without internet connectivity

All operations are performed locally using .NET Source Generators and the Spiderly CLI tool.

4. Data in Applications You Generate

While Spiderly itself collects no data, applications you build using Spiderly may collect and process user data. As the application developer, you are responsible for:

4.1 User Data Handling

Generated applications may include features that handle:

  • Email Addresses: For authentication and login verification
  • Authentication Tokens: JWT tokens and refresh tokens stored in cookies or local storage
  • IP Addresses: Logged for security purposes and device tracking
  • Browser/Device Information: Used to manage multiple sessions per user
  • Uploaded Files: Documents and images stored in your configured storage provider
  • Application-Specific Data: Any business data your application collects

4.2 Your Privacy Responsibilities

When you deploy applications built with Spiderly, you must:

  • Create your own Privacy Policy for your application's end users
  • Comply with applicable privacy laws (GDPR, CCPA, PIPEDA, etc.)
  • Obtain appropriate user consent for data collection
  • Implement data retention and deletion policies
  • Secure user data with appropriate technical measures
  • Disclose how you use third-party services

5. Third-Party Services Configuration

Spiderly generates code that integrates with third-party services you configure. Your use of these services is subject to their privacy policies:

5.1 Authentication Providers

  • Google OAuth 2.0: If you enable Google Sign-In, Google's Privacy Policy applies
  • Email Verification: Uses your configured SMTP server (your email provider's policy applies)

5.2 File Storage Providers

  • Azure Blob Storage: Microsoft Azure Privacy Statement applies
  • AWS S3: Amazon Web Services Privacy Notice applies
  • Cloudinary: Cloudinary Privacy Policy applies
  • Local Storage: Files stored on your server infrastructure

5.3 Database Systems

  • SQL Server: Data stored in your configured database
  • PostgreSQL: Data stored in your configured database

5.4 Caching and Tokens

  • Redis: If configured, authentication tokens may be cached
  • In-Memory Storage: Default token storage (cleared on application restart)

You are responsible for:

  • Selecting appropriate service providers
  • Configuring services securely
  • Protecting API keys and credentials
  • Understanding each provider's data handling practices

6. Security Features in Generated Code

Spiderly generates code with built-in security features:

  • JWT Token Authentication: Secure token-based authentication
  • Email Verification Codes: Time-limited verification for login
  • Password-Free Authentication: Reduces password security risks
  • Refresh Token Rotation: Automatic token renewal with rotation
  • IP Address Tracking: Detects suspicious login locations
  • Device Management: Users can manage trusted devices
  • Rate Limiting: Prevents abuse and brute-force attacks
  • Token Invalidation: Logout invalidates all user tokens

However, security of your deployed application remains your responsibility.

7. License Verification

Spiderly.Security contains license token validation code. This validation:

  • Occurs locally on your machine during development
  • Does not transmit license information to external servers
  • Does not track or monitor license usage
  • Does not collect information about your projects

8. Logging and Diagnostics

Spiderly uses standard .NET logging mechanisms. Logs are:

  • Written to your local console during code generation
  • Not transmitted to external servers
  • Under your control (you can disable or configure logging)

Generated applications may use Serilog for logging. You configure:

  • What information is logged
  • Where logs are stored
  • How long logs are retained
  • Who has access to logs

9. Cookies and Local Storage

Spiderly itself does not use cookies or browser storage. However, generated Angular applications may use:

  • Cookies: For storing JWT authentication tokens
  • Local Storage: For caching data and application state
  • Session Storage: For temporary session data

You must disclose this in your application's privacy policy and obtain user consent where required.

10. Data Minimization

Spiderly's generated code follows data minimization principles:

  • Collects only data necessary for functionality
  • Tokens have expiration times
  • Verification codes are time-limited
  • Unused refresh tokens are automatically cleaned up

You should extend these practices to your custom business logic.

11. Children's Privacy

Spiderly is a developer tool not directed at children under 13. If your generated application serves children, you must:

  • Comply with COPPA (Children's Online Privacy Protection Act) in the US
  • Comply with other applicable children's privacy laws
  • Obtain parental consent where required
  • Limit data collection appropriately

12. International Data Transfers

Spiderly operates locally and does not transfer data internationally. However, if your generated application serves international users:

  • You are responsible for complying with international data transfer laws
  • Consider using appropriate legal mechanisms (Standard Contractual Clauses, etc.)
  • Disclose to users where their data is stored and processed
  • Implement appropriate safeguards for cross-border transfers

13. Data Subject Rights

While Spiderly collects no data, your applications should respect user rights under privacy laws:

  • Right to Access: Users can request their data
  • Right to Rectification: Users can correct inaccurate data
  • Right to Erasure: Users can request deletion ("right to be forgotten")
  • Right to Data Portability: Users can export their data
  • Right to Object: Users can object to certain processing
  • Right to Restrict Processing: Users can limit how data is used

Implement these rights in your application's custom business logic.

14. Open Source Transparency

Spiderly is open source, which means:

  • All source code is publicly available for inspection
  • You can audit exactly how the Library works
  • The community can review and contribute to security improvements
  • There are no hidden data collection mechanisms

15. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in the Library or legal requirements. Updates will be posted to:

  • The Library's GitHub repository
  • The NuGet package description (where applicable)

Continued use of the Library after changes constitutes acceptance of the updated Privacy Policy.

16. Your Developer Obligations

As a developer using Spiderly, you commit to:

  1. Create Privacy Policies: Write appropriate privacy policies for applications you build
  2. Protect User Data: Implement security measures for data protection
  3. Comply with Laws: Follow applicable privacy and data protection laws
  4. Obtain Consent: Get user consent for data collection where required
  5. Handle Breaches: Have procedures for security breach notification
  6. Respect User Rights: Implement mechanisms for users to exercise their privacy rights
  7. Secure Credentials: Protect API keys, database passwords, and OAuth secrets
  8. Regular Updates: Keep dependencies and libraries up to date

17. Third-Party Libraries

Spiderly depends on third-party NuGet packages and NPM modules. Each has its own privacy characteristics:

  • Entity Framework Core: Database ORM (Microsoft)
  • FluentValidation: Validation library
  • Azure.Storage.Blobs: Azure Blob Storage SDK (Microsoft)
  • Google.Apis.Auth: Google authentication (Google)
  • Angular: Frontend framework (Google)
  • PrimeNG: UI component library
  • Transloco: Internationalization library

Review the privacy policies of libraries you use in your projects.

18. Contact and Questions

Spiderly is a free open-source project. For questions about this Privacy Policy:

  • Open an issue on the GitHub repository
  • Contact the maintainers through channels listed in the repository
  • Review discussions in the project's community forums

For privacy questions about applications built with Spiderly, contact the respective application developers (not the Spiderly maintainers).

19. Legal Basis for Processing (for Developers in EU/EEA)

If you are a developer in the EU/EEA, our legal basis for processing (which is minimal) is:

  • Legitimate Interest: Providing an open-source development tool
  • Consent: Your voluntary download and use of the Library

For your applications, you must establish appropriate legal bases for processing user data.

20. Data Protection Officer

As Spiderly collects no personal data, we do not maintain a Data Protection Officer. However, if your application processes significant amounts of EU personal data, you may need to appoint a DPO.

21. Summary

For Spiderly Library Users (Developers):

  • Spiderly collects zero data about you or your projects
  • Everything operates locally on your machine
  • No telemetry, analytics, or tracking
  • Your code and data remain private

For End Users of Applications Built with Spiderly:

  • Contact the application developer for privacy questions
  • The application developer is responsible for data protection
  • Read the application's privacy policy (not this one)

Last Updated: January 13, 2026

Version: 1.0