Privacy Policy for Minovative Mind VS Code Extension

Last Updated: May 19, 2026

1. Introduction

The Minovative Mind VS Code extension ("Minovative Mind") is a powerful AI coding agent designed to assist developers directly within Visual Studio Code. This Privacy Policy explains how Ward Innovations ("we," "us," or "our") processes and protects information when you use our extension, emphasizing local processing and user control.

Minovative Mind operates in two distinct modes:

• API Key Mode — You supply your own Google Gemini API key. All AI requests go directly from your machine to Google's API. Ward Innovations processes no personal data beyond what is described in this policy.
• Managed Billing Mode — You sign in with GitHub and purchase credits via minovativemind.dev. AI requests are routed through a secure Cloud Function proxy operated by Ward Innovations. This proxy validates your identity and credit balance before forwarding the request to the Google Gemini models via Vertex AI.

The sections below clearly distinguish between these two modes where data handling differs.

2. Information We Process

2.1 User-Provided Data

When you use the Minovative Mind extension, you explicitly provide various forms of input:

• Text Prompts: Your natural language instructions, queries, and commands (e.g., /plan, /fix, /commit).
• Image Uploads: Images you upload to the chat interface are processed as Base64 data for multimodal interactions.
• Selected Code: Specific code snippets or entire active editor files you select for AI analysis, modification, or explanation.
• URLs: URLs provided in your prompts, from which the extension fetches and processes content to enhance context.
• MCP Tool Interactions: When the AI uses an external tool via the Model Context Protocol (MCP), the arguments sent to the tool and the resulting output are processed locally. If you connect to remote MCP servers, you are transmitting data to those servers.
• API Key (API Key Mode only): Your Google Gemini API key, which you provide and is stored securely and locally using VS Code's SecretStorage API. Ward Innovations never has access to this key.

3.2 Authentication & Account Data (Managed Billing Mode only)

When you use Managed Billing, the following data is collected and stored in Google Firebase (Firestore and Firebase Auth):

• GitHub Identity: Your GitHub username, display name, and profile avatar URL, obtained via GitHub OAuth through Firebase Authentication.
• Firebase UID: A unique identifier assigned to your account by Firebase.
• Credit Balance: Your current credit balance and transaction history (credits purchased, credits consumed per AI request).
• Token Usage: Exact input and output token counts for each managed AI request, sourced from the usageMetadata field in the AI provider's response. These are used to calculate billing deductions based on the model's pricing tier and are stored per-request in Firestore.
• Investigation Logs: Detailed logs of the Context Agent's investigative steps (commands run, symbols analyzed, "Loop of Insanity" traces) are stored in Firestore to support auditability and debugging across user sessions.
• Email Address (if provided by GitHub OAuth): May be stored in Firebase Auth as part of your user profile.
• Cumulative Usage Statistics: We store aggregated counters such as your total AI generations and the number of unique projects you have opened. This data is used solely to provide you with a personalized usage dashboard at minovativemind.dev.

3.3 Workspace & Project Data (Local Processing)

The extension processes data from your local VS Code workspace to provide context-aware assistance. This data is processed locally and is only transmitted to the AI model (Google Gemini API or the managed proxy) as part of your explicit AI request. This includes:

• Workspace Files: Content of files within your local workspace, respecting .gitignore rules and configurable inclusion/exclusion settings.
• Active Editor Content: The content of the file currently open in your VS Code editor.
• VS Code Diagnostics: Real-time error, warning, and informational messages from your codebase.
• Code Structure Information: Document symbols (functions, classes, types), code references, and other structural data derived from your codebase via local IDE APIs.
• Git Changes: Staged and unstaged changes in your Git repository, particularly for generating commit messages.
• File Metadata: File names, paths, sizes, and modification times used to support context discovery and Progressive Discovery for large projects.
• Diagnostic Data: Error codes, warning messages, and stack traces generated by your project's build system or linter are processed locally and may be sent to the AI model to facilitate error diagnosis and auto-fixing.

3.4 AI-Generated Data

In response to your inputs, the extension generates various data locally:

• Code: New code snippets, refactored code, or modifications to existing files.
• Execution Plans: Structured, multi-step plans generated to achieve your high-level objectives.
• Diffs & Narrative Summaries: Human-readable summaries of changes applied to files, powered by Gemini Flash Lite.
• Commit Messages: AI-generated Git commit messages.
• Self-Correction Feedback: During autonomous self-correction cycles, the AI analyzes its own previous output and any resulting diagnostics to generate improved code. This feedback loop data is processed iteratively and is not stored externally.

3.5 Usage Telemetry

• API Key Mode: Token counts, request success/failure rates, and model usage statistics are tracked strictly locally on your machine and displayed in the sidebar. This data is never transmitted to Ward Innovations.
• Managed Billing Mode: Exact token counts (sourced from the Gemini API's usageMetadata) are recorded in Firestore per-request to calculate credit deductions. This data is stored server-side and accessible to you through your account dashboard at minovativemind.dev.

3.6 Payment Data (Managed Billing Mode only)

Credit purchases are processed by Stripe, Inc. Ward Innovations does not store your full payment card details. Stripe provides us with a transaction record and a confirmation of the credit amount purchased, which is then credited to your Firestore balance. All credit purchases are final and non-refundable. Please review Stripe's Privacy Policy for details on how payment data is handled.

4. How Information is Used

4.1 To Deliver Core Functionality

• Interactive AI Experiences: To facilitate multimodal chat, generate code, explain selected code, and provide context-aware Q&A.
• Autonomous Workflows: To generate, execute, and monitor multi-step plans that involve creating, modifying, and deleting files, running shell commands, and performing Autonomous Self-Correction of detected issues.
• Automated Git Operations: To analyze staged changes for generating insightful Git commit messages.

4.2 For Contextual Understanding & Relevance

• To build a deep and accurate understanding of your project's codebase, including its structure, symbols, and dependencies, using a local-first, Relationship-Based context discovery strategy.
• To leverage all available context (user input, active editor, workspace files, diagnostics, URLs) to provide highly relevant, accurate, and high-quality AI responses and modifications.

4.3 For Billing & Account Management (Managed Billing Mode only)

• To verify your Firebase identity before each managed AI request.
• To check your credit balance and enforce pre-request credit validation, preventing usage beyond your purchased amount.
• To deduct the exact token cost (as reported by the Gemini API) from your Firestore credit balance after each successful request.
• To display your transaction history and remaining credits on the web platform.

4.4 For Performance & Transparency

• For tracking API token usage to allow you to monitor your consumption and control costs.
• To provide real-time progress indicators and notifications on ongoing AI tasks.
• For logging and auditing all file system changes made by AI-driven workflows, ensuring transparency and accountability.

5. AI Model Interaction & Data Sharing

5.1 API Key Mode — Direct Google Gemini API

Your inputs (prompts, selected code context, processed images as Base64 data, summaries of workspace snippets, and parsed URL content) are transmitted directly from your machine to the Google Gemini API.

• Data Handling: Handled according to Google's own terms and policies. Review Google's Generative AI Additional Terms and Privacy Policy. See also our AI Provider Policies for a summary of all supported providers.
• Model Training: Per Google's policies, data submitted to the Gemini API is not used to train Google's models without explicit opt-in.
• Data Caching: Input/output data may be cached by Google for up to 24 hours by default.
• Google Search Grounding: When search grounding is enabled (either in direct chat or via the Context Agent's search_web tool), the AI generates search queries that are sent to Google Search to retrieve relevant real-time web results. These queries and results are processed by Google's API to construct the grounded response, and the grounding metadata is returned in the API response.

5.2 Managed Billing Mode — Multi-Model Proxy

When using Managed Billing, your AI requests are routed through a secure Google Cloud Function operated by Ward Innovations before being forwarded to the selected AI provider.

The Cloud Function:

• Validates your Firebase ID token to authenticate your identity.
• Checks your credit balance in Firestore and rejects the request if insufficient.
• Routes the request to the appropriate Google Gemini model based on your selection.
• Extracts usageMetadata from the provider's response to calculate the exact credit cost according to the model's Family-Based Pricing Tier (Standard, Premium, or Ultra-Premium).
• Atomically deducts the cost from your Firestore balance.
• Returns the AI response to the extension via a unified SSE stream.
• Google Search Grounding: If grounding is enabled, the Cloud Function enables { googleSearch: {} } in the API request configuration. Search queries generated by the AI are processed through Google Search, and the resulting web fragments are analyzed in Vertex AI to produce a grounded response.

Your workspace code content, prompts, and context data pass through this Cloud Function in transit. This data is not stored on our servers beyond the duration required to forward the request and record the token usage for billing. The Cloud Function operates on Google Cloud infrastructure (us-central1 region by default) and is subject to Google Cloud's Privacy Policy.

5.3 No Other Third-Party Sharing

Ward Innovations does not sell or share your personal data or workspace content with any third parties beyond:

• Google (Gemini API / Cloud Functions / Firebase / Firestore / Google Search) as described above.
• Stripe for payment processing (credit purchases only; no workspace data is shared).
• GitHub for OAuth identity verification (Managed Billing sign-in only).

6. Data Storage and Security

6.1 API Key Mode — Local-Only Storage

• Client-Side Operation: The extension operates entirely client-side within your VS Code environment. No backend servers operated by Ward Innovations are involved.
• Local Data Storage: Chat history, generated file diffs, persistent UI states, and extension preferences are stored locally within your VS Code workspace state or user settings, residing solely on your machine.
• API Key Security: Your Google Gemini API key is managed exclusively by VS Code's SecretStorage API — encrypted, isolated, and never transmitted to Ward Innovations.

6.2 Managed Billing Mode — Firebase & Cloud Storage

• Firebase Authentication: Your GitHub identity and Firebase UID are stored in Firebase Auth, a Google-managed identity platform with industry-standard security.
• Firestore: Your credit balance, transaction history, and per-request token usage records are stored in Google Firestore. All Firestore reads/writes from the extension are authenticated via Firebase ID tokens. Firestore Security Rules enforce that users can only read/write their own documents.
• Secret Management: API keys and service account credentials used by the Cloud Function are stored in Google Cloud Secret Manager — never in the codebase or environment variables accessible to clients.
• No Long-Term Content Storage: Workspace code content, prompts, and context data passed through the managed proxy are not persisted on our servers.

6.3 External MCP Servers

If you configure Minovative Mind to connect to external Model Context Protocol (MCP) servers:

• Data sent to those servers (tool arguments, configuration) is governed by the privacy policy and terms of the entity operating the server.
• Ward Innovations does not intermediate or secure connections between your local extension and third-party MCP servers.

6.4 Workspace-Bound Operations

All file system modifications (creation, modification, deletion of files/directories) performed by AI-driven workflows are strictly confined to your active VS Code workspace directory. This prevents unintended changes outside the project scope.

6.5 Explicit Approvals for Shell Commands

Any run_command step within an AI-generated plan requires explicit user confirmation before execution. You are prompted to allow, skip, or cancel individual command execution steps, giving you full oversight of potentially impactful operations. Shell meta-characters (&&, ||, ;, $() are blocked at the execution layer to prevent injection attacks.

7. User Control and Transparency

7.1 Data Input & Context Filtering

• Explicit Input: You retain full control over what data (text prompts, code selections, image uploads, URLs) you send to the AI.
• Granular Context Filtering: Explicit options to include or exclude specific files and directories from AI context processing.

7.2 Reversible Changes & Auditing

• Revertible AI Plans: Every file system operation performed by the AI is logged, allowing you to revert entire operations with a dedicated "Revert" button.
• Auditable Change Log: A detailed log of all AI-driven changes is maintained locally for transparency and auditing.

7.3 Operational Control

• Cancellable Tasks: You can interrupt most AI-driven tasks via a CancellationToken.
• Editable History: You can edit your previous chat messages to re-evaluate conversations with updated context.
• Commit Message Review: AI-generated Git commit messages are presented for your review and editing before being applied.
• Model Selection: You have the flexibility to select preferred Google Gemini models for different tasks.
• Chat History Management: You can clear or reset your entire chat conversation or delete individual messages.

7.4 Account Data (Managed Billing Mode)

• Access & Portability: You can view your credit balance and transaction history at minovativemind.dev at any time.
• Data Export Utility: You can download a comprehensive export of your personal data (including billing history, project usage statistics, and investigation logs) in JSON format directly from the dashboard at minovativemind.dev.
• Account Deletion: To request deletion of your Firebase account and associated data, contact us using the information in Section 10.

7.5 Transparency

• Real-time Progress Indicators: Constant, visible feedback on ongoing AI tasks through VS Code notifications.
• Real-time Token Usage: Immediate feedback on token consumption is displayed within the sidebar in API Key Mode. In Managed Billing Mode, this information is also reflected in your credit balance.

8. Children's Privacy

The Minovative Mind extension and associated web platform are not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us using the information in Section 10.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The "Last Updated" date at the top of this policy reflects the most recent revision. Material changes will be announced via our GitHub repository and/or the VS Code Marketplace. Your continued use of the extension or web platform after any changes signifies your acceptance of the updated policy.

10. Contact Us

If you have any questions or concerns regarding this Privacy Policy or our data practices, please:

• Use the security reporting form: https://forms.gle/QexZY2resdXpahUK6