Policies

• 1: AI Acceptable Use Policy
• 2: Packfiles Privacy Policy
• 3: Terms of Service

1 - AI Acceptable Use Policy

Last updated June 1, 2026

This AI Acceptable Use Policy (the “Policy”) governs your use of the artificial-intelligence features of the Packfiles Warp product, including the Warp GitHub Copilot Agent (the “Agent”). It supplements and is incorporated by reference into the Packfiles Terms of Service (https://policies.packfiles.io) and applies in addition to the GitHub Terms of Service and Acceptable Use Policies and any applicable Microsoft Marketplace terms. Capitalized terms used but not defined here have the meanings given in the Terms of Service and the AI Addendum incorporated into it.

This Policy is effective as of the Last updated date shown above. We may update this Policy from time to time; the current version is posted at https://policies.packfiles.io, and we will indicate material changes by updating the effective date. By using the AI features, you agree to the most current version of this Policy.

TABLE OF CONTENTS

1. SCOPE AND APPLICATION

2. GENERAL PRINCIPLES

3. PROHIBITED USES

4. TRANSPARENCY AND HUMAN OVERSIGHT

5. PERMISSIONS AND DATA

6. FEEDBACK AND REPORTING

7. ENFORCEMENT

1. SCOPE AND APPLICATION

This Policy applies to all use of the Agent and any other AI-powered features Packfiles makes available. The Agent operates within GitHub’s Copilot environment; the AI model processing is performed by GitHub and its model provider(s) under GitHub’s terms. Your use of the Agent must comply with this Policy, the Packfiles Terms of Service, and GitHub’s terms and policies.

2. GENERAL PRINCIPLES

You are responsible for how you use the Agent and its outputs. You must understand the capabilities and limitations of AI and must not use the Agent for tasks where its use could lead to significant harm. AI outputs may be incomplete or incorrect and are not a substitute for human judgment.

• Use the Agent only for lawful purposes and in compliance with all applicable laws in every jurisdiction where you operate.

• Do not use the Agent in any way that violates the GitHub Terms of Service or Acceptable Use Policies.

• Do not use the Agent to mislead or deceive others about whether content is AI-generated.

3. PROHIBITED USES

You may not use the Agent or its outputs to do, or attempt to do, any of the following:

• Infer a person’s emotional state from physical, physiological, or behavioral characteristics.

• Infer a person’s sensitive attributes (such as race, nationality, religion, gender, or age) except for limited, lawful exceptions expressly permitted by applicable law.

• Categorize people based on biometric data, or infer protected affiliations such as political opinions, trade-union membership, religious or philosophical beliefs, sex life, or sexual orientation.

• Perform social scoring or predictive profiling that would lead to discriminatory, unfair, biased, or otherwise harmful treatment of any person or group.

• Exploit the vulnerabilities of any person, including based on age, disability, or socio-economic situation.

• Conduct real-time facial recognition in uncontrolled, “in the wild” environments, including by law enforcement.

• Conduct surveillance or real-time or near-real-time identification or persistent tracking of an individual using their personal information without the individual’s valid consent.

• Infringe, misappropriate, or violate the intellectual property or other proprietary rights of any person or entity.

• Circumvent or interfere with your organization’s (or any third party’s) data, privacy, or security policies.

• Degrade or compromise the security of the GitHub platform, the Agent, or any system, or bypass any security or access controls.

• Use the Agent for automated decision-making in a regulated industry or capacity without appropriate human oversight and review in compliance with applicable laws and professional rules.

• Falsely state or imply that an AI-generated Output was created by a human.

• Use the Agent for any task where its use could lead to significant harm, or in any manner inconsistent with its documented use cases and limitations.

4. TRANSPARENCY AND HUMAN OVERSIGHT

• AI disclosure. The Agent’s responses are AI-generated. You must not remove or obscure indications that content is AI-generated, and must not present AI outputs as human-created.

• Human oversight. You are responsible for reviewing and validating the Agent’s outputs, including diagnoses, configuration findings, security observations, and migration strategy, before relying on or acting on them. Apply human oversight appropriate to the risk of the task.

• Capabilities and limitations. Use the Agent consistent with its intended use cases and documented limitations. Do not rely on it as the sole basis for decisions that could cause significant harm.

5. PERMISSIONS AND DATA

• Minimum necessary permissions. You should grant the Agent only the minimum GitHub permissions necessary for its operation.

• Sensitive information. Do not submit sensitive, private, or confidential information (such as credentials, secrets, or payment data) to the Agent unless strictly necessary for a legitimate purpose. Content you direct the Agent to process may incidentally contain such information; handle it accordingly. The Agent will not request sensitive, private, or confidential information (such as credit card numbers or passwords) from you except where strictly necessary for a legitimate purpose of the Agent.

• Personal data. Your use of the Agent with personal data must comply with applicable data-protection laws and with the Packfiles Privacy Notice (https://policies.packfiles.io). Model processing within GitHub’s Copilot environment is governed by GitHub’s terms.

6. FEEDBACK AND REPORTING

If the Agent produces an error, or an output you believe is improper, harmful, or violates this Policy, please report it to Packfiles at https://packfiles.io/support-request and to GitHub. We provide a mechanism for you to report errors or improper outputs to both Packfiles and GitHub, and we use this feedback to test and improve the Agent and to enforce this Policy.

7. ENFORCEMENT

Violation of this Policy is a violation of the Packfiles Terms of Service. We may take any action we consider appropriate, including warning you, suspending or limiting access to the AI features or the Product, or terminating the agreement, consistent with the Terms of Service. GitHub may also take action under its own terms, including removing or suspending the Agent. Nothing in this Policy limits any remedy available to Packfiles or GitHub at law or under the applicable agreements.

This Policy is incorporated by reference into the Packfiles Terms of Service. Questions: privacy@packfiles.io.

2 - Packfiles Privacy Policy

Last updated June 1, 2026

This Privacy Notice for Packfiles Inc. (“we,” “us,” or “our”), describes how and why we might access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you:

• Visit our website at https://packfiles.io, or any website of ours that links to this Privacy Notice

• Use the Packfiles Warp product and related features, including the Warp GitHub Copilot Agent

• Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at <privacy@packfiles.io>.

SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. This includes content you direct the Warp GitHub Copilot Agent to process, such as repository metadata, issue contents, logs, and configuration files. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? We do not intentionally collect or request sensitive personal information. Because the Warp GitHub Copilot Agent processes content you direct it to (such as repository files and logs), that content may incidentally contain sensitive or confidential information; we apply the protections described in this Notice to all such content.

Do we collect any information from third parties? We do not collect any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, including AI-powered features, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. Learn more about how we process your information.

In what situations and with which types of parties do we share personal information? We may share information in specific situations and with specific categories of third parties, including the AI Service Providers that power the Warp GitHub Copilot Agent. Learn more about when and with whom we share your personal information.

How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission or storage technology can be guaranteed to be 100% secure. Learn more about how we keep your information safe.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.

How do you exercise your rights? The easiest way to exercise your rights is by contacting us at <privacy@packfiles.io>. We will consider and act upon any request in accordance with applicable data protection laws.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?

2. HOW DO WE PROCESS YOUR INFORMATION?

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

7. HOW LONG DO WE KEEP YOUR INFORMATION?

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

9. DO WE COLLECT INFORMATION FROM MINORS?

10. WHAT ARE YOUR PRIVACY RIGHTS?

11. CONTROLS FOR DO-NOT-TRACK FEATURES

12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

13. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?

14. DO WE MAKE UPDATES TO THIS NOTICE?

15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

• names

• email addresses

• phone numbers

• github username

• job titles

• contact preferences

• mailing addresses

• contact or authentication data

Sensitive Information. We do not intentionally collect or request sensitive personal information, and we ask that you not submit it where it is not necessary. Because the Warp GitHub Copilot Agent processes content you direct it to (such as repository files and logs), that content may incidentally contain sensitive or confidential information; we apply the protections described in this Notice to all content the Agent processes.

Payment Data. Purchases of the Packfiles Warp product and related features are processed through the Microsoft Marketplace, where Microsoft acts as the merchant of record. Microsoft collects, handles, and stores all payment data (such as your payment instrument number and the security code associated with your payment instrument) in accordance with its own terms, and Packfiles does not collect or store your payment instrument details. You can review how Microsoft processes your information in the Microsoft Privacy Statement at https://privacy.microsoft.com/privacystatement. We may receive limited transaction or billing records from Microsoft (such as confirmation of a purchase) to administer your account and our Services.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Data processed by the Warp GitHub Copilot Agent. When you invoke the Warp GitHub Copilot Agent (the “Agent”), we process: (i) repository and project metadata (repository size, commit activity, pull request counts, pipeline counts, organization and team names, and labels); (ii) the contents of issues, pull requests, runner logs, and configuration files (such as config/warp.yml) that the Agent reads to perform a requested task; (iii) inputs you provide to the Agent; and (iv) outputs the Agent generates (labels, comments, diagnoses, findings, and strategy documents). The Agent performs automated evaluation of repositories (for example, scoring and assigning migration ‘waves’). These determinations are advisory, are returned to you within your GitHub environment, and remain subject to your review and control.

Information automatically collected

In Short: Some information, such as your Internet Protocol (IP) address and/or browser and device characteristics, is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies. You can find out more about this in our Cookie Notice: http://www.packfiles.io/privacy/cookies.

The information we collect includes:

• Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called “crash dumps”), and hardware settings).

• Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

• Location Data. We collect location data such as information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.

• To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service, including operating the Warp GitHub Copilot Agent and delivering the outputs you request.

• To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.

• To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.

• To fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.

• To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.

• To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services, including feedback on the Agent’s outputs.

• To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.

• To operate and improve the Agent. We process information to provide the Warp GitHub Copilot Agent and to maintain and improve our Services. Packfiles does not use your code, inputs, or the Agent’s outputs to train any Packfiles model. The Agent’s AI processing is performed by GitHub Copilot under GitHub’s terms; any model training or retention by GitHub or its model provider(s) is governed by GitHub.

• To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.

• To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.

• To save or protect an individual’s vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.

WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

• Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose, including when you invoke the Agent to process your repository content. You can withdraw your consent at any time.

• Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.

• Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information to: analyze how our Services are used so we can improve them; support our marketing activities; diagnose problems and/or prevent fraudulent activities; and understand how our users use our products and services so we can improve user experience.

• Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

• Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example: if collection is clearly in the interests of an individual and consent cannot be obtained in a timely way; for investigations and fraud detection and prevention; for business transactions provided certain conditions are met; if it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim; for identifying injured, ill, or deceased persons and communicating with next of kin; if we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse; if it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province; if disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records; if it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced; if the collection is solely for journalistic, artistic, or literary purposes; or if the information is publicly available and is specified by the regulations.

WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following categories of third parties.

Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents (“third parties”) who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct.

The categories of third parties we may share personal information with are as follows:

• Payment Processors

• Sales & Marketing Tools

• Cloud Computing Services

• Ad Networks

• Communication & Collaboration Tools

• Finance & Accounting Tools

• Government Entities

• Performance Monitoring Tools

• Product Engineering & Design Tools

• Website Hosting Service Providers

• User Account Registration & Authentication Services

• Data Analytics Services

• Data Storage Service Providers

• AI Platforms

• Testing Tools

How the Agent processes your content. The Warp GitHub Copilot Agent operates within GitHub’s Copilot environment. When you invoke the Agent, the content it reads and the responses it generates are processed by GitHub Copilot and its underlying model provider(s). That AI processing is performed by GitHub and is governed by GitHub’s terms and privacy practices (see GitHub’s privacy documentation at https://docs.github.com/en/site-policy). Packfiles does not operate its own AI model endpoint for the Agent and does not store the content the Agent processes at rest outside of your GitHub environment. We do not sell, rent, or share this content with third parties for their own purposes, and we do not merge it with data from other sources for purposes unrelated to the Agent.

Our role. Packfiles provides the Agent and is responsible for the limited account and usage information it collects directly from you (described elsewhere in this Notice). Because the Agent runs inside GitHub’s Copilot environment and Packfiles does not store the content the Agent processes outside that environment, Packfiles does not separately transfer that content internationally; any model processing and associated data handling is performed by GitHub and its model provider(s) under GitHub’s terms. For details on how that content is handled, including any model-provider data practices, consult GitHub’s privacy and Copilot documentation.

We also may need to share your personal information in the following situations:

• Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

• Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Notice. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.

• Business Partners. We may share your information with our business partners to offer you certain products, services, or promotions.

DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences). The third parties and service providers use their technology to provide advertising about products and services tailored to your interests which may appear either on our Services or on other websites.

To the extent these online tracking technologies are deemed to be a “sale”/“sharing” (which includes targeted advertising, as defined under the applicable laws) under applicable US state laws, you can opt out of these online tracking technologies by submitting a request as described below under section “DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?”

Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice: http://www.packfiles.io/privacy/cookies.

Google Analytics

We may share your information with Google Analytics to track and analyze the use of the Services. To opt out of being tracked by Google Analytics across the Services, visit https://tools.google.com/dlpage/gaoptout. For more information on the privacy practices of Google, please visit the Google Privacy & Terms page.

DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

In Short: We offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies, including the Warp GitHub Copilot Agent.

As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (collectively, “AI Products”). These tools are designed to enhance your experience and provide you with innovative solutions. The terms in this Privacy Notice govern your use of the AI Products within our Services.

The Warp GitHub Copilot Agent

Our AI Products include the Warp GitHub Copilot Agent (the “Agent”), which operates within GitHub’s Copilot environment to help you plan, diagnose, and validate repository migrations. When you invoke the Agent, it processes content from your connected GitHub environment, including repository metadata; the contents of issues, pull requests, runner logs, and configuration files (such as config/warp.yml); inputs you provide; and the outputs the Agent generates (labels, comments, diagnoses, findings, and strategy documents).

Use of AI Technologies

The Agent’s AI processing is performed by GitHub Copilot. When you invoke the Agent, the content it reads and the responses it generates are processed by GitHub, Inc. through the GitHub Copilot environment and its underlying model provider(s). That AI processing, including how the content is used, retained, or handled by the model provider(s), is governed by GitHub’s terms and privacy practices rather than by Packfiles. We encourage you to review GitHub’s privacy and Copilot documentation (available at https://docs.github.com/en/site-policy) to understand how GitHub processes this content. You must not use the Agent in any way that violates GitHub’s terms or policies.

How Packfiles Uses Data in Connection with the Agent

Packfiles uses the content the Agent processes solely to operate the Agent’s features for you and to maintain the security and integrity of the Services. Packfiles does not operate its own AI model endpoint for the Agent, does not store that content at rest outside of your GitHub environment, and does not use it to train any Packfiles model. We do not sell, rent, or share this content with third parties for their own purposes, and we will not merge it with data from other sources for purposes unrelated to the Agent. Any model training or data-retention practices of GitHub Copilot or its model provider(s) are controlled by GitHub and described in GitHub’s documentation.

AI Disclosure and Human Oversight

The Agent’s responses are AI-generated. Due to the nature of artificial intelligence, the Agent’s outputs may be incomplete or incorrect, are provided to assist you, and are not a substitute for human oversight. You are responsible for reviewing and validating the Agent’s outputs before relying on them. If the Agent produces an error or an output you believe is improper, you can report it to us at https://packfiles.io/support-request and, where applicable, to GitHub.

Your Controls

The Agent acts only when you invoke it. We request only the minimum permissions necessary for its operation, and you may withdraw access at any time by removing the integration. See Section 7 for how long we retain Agent-related data and Section 10 for your privacy rights.

HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law. For data processed by the Warp GitHub Copilot Agent, we delete it within 30 days of uninstall.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than three (3) months past the termination of the user’s account.

Agent and GitHub integration data. The Agent operates within GitHub’s Copilot environment, and Packfiles does not store the content the Agent processes at rest outside of that environment. For any personal data that Packfiles does hold in connection with the Agent or the GitHub integration, we will delete it within thirty (30) days after the earliest of: you uninstalling or removing the Agent or integration; us discontinuing it; it being removed from the platform; or termination of the applicable GitHub Marketplace or partner agreement under which the Agent is provided, except for data that is aggregated and anonymized or that we are required to retain by law. Content processed within GitHub’s Copilot environment is retained and deleted in accordance with GitHub’s terms and privacy practices; please refer to GitHub’s documentation and use GitHub’s controls for that content. You may contact us at <privacy@packfiles.io> with any deletion request.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at <privacy@packfiles.io>.

WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your state of residence in the US or in some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time, depending on your country, province, or state of residence.

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below.

We will consider and act upon any request in accordance with applicable data protection laws. If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority. If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided below. However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can contact us using the contact information provided, or log in to your account settings and update your user account. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. For further information, please see our Cookie Notice: http://www.packfiles.io/privacy/cookies.

If you have questions or comments about your privacy rights, you may email us at <privacy@packfiles.io>.

CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.

DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law.

Categories of Personal Information We Collect. We have collected the following categories of personal information in the past twelve (12) months:

Category	Examples	Collected
A. Identifiers	Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name	YES
B. Customer Records (CA)	Name, contact information, education, employment, employment history, and financial information	YES
C. Protected classification characteristics	Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data	NO
D. Commercial information	Transaction information, purchase history, financial details, and payment information	YES
E. Biometric information	Fingerprints and voiceprints	NO
F. Internet or network activity	Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements	YES
G. Geolocation data	Device location	YES
H. Audio/electronic/sensory	Images and audio, video or call recordings created in connection with our business activities	NO
I. Professional/employment	Business contact details, job title, work history, professional qualifications	YES
J. Education Information	Student records and directory information	NO
K. Inferences	Inferences drawn from any collected personal information to create a profile or summary	NO
L. Sensitive personal information	As described in Section 1; not intentionally collected	NO

Note: categories above reflect information collected across the Services. Content you direct the Agent to process (such as repository files) may incidentally contain information falling within several categories; we process it only to provide the Agent and protect it as described in this Notice.

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of: receiving help through our customer support channels; participation in customer surveys or contests; and facilitation in the delivery of our Services and to respond to your inquiries.

Your Rights

You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include: the right to know whether or not we are processing your personal data; to access your personal data; to correct inaccuracies; to request deletion; to obtain a copy of the personal data you previously shared with us; to non-discrimination for exercising your rights; and to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.

Depending upon the state where you live, you may also have the right to obtain a list of the categories or specific third parties to which we have disclosed personal data; to limit use and disclosure of sensitive personal data; and to opt out of the collection of sensitive data and personal data collected through the operation of a voice or facial recognition feature.

How to Exercise Your Rights

To exercise these rights, you can contact us by emailing us at <privacy@packfiles.io>, or by referring to the contact details at the bottom of this document. You can opt out from the selling of your personal information, targeted advertising, or profiling by disabling cookies in Cookie Preference Settings. Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf.

Request Verification. Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request.

Appeals. Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at <privacy@packfiles.io>. If your appeal is denied, you may submit a complaint to your state attorney general.

California “Shine The Light” Law. California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year.

DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: You may have additional rights based on the country you reside in.

Australia and New Zealand

We collect and process your personal information under the obligations and conditions set by Australia’s Privacy Act 1988 and New Zealand’s Privacy Act 2020 (Privacy Act). This Privacy Notice satisfies the notice requirements defined in both Privacy Acts. At any time, you have the right to request access to or correction of your personal information. If you believe we are unlawfully processing your personal information, you have the right to submit a complaint to the Office of the Australian Information Commissioner or the Office of New Zealand Privacy Commissioner.

Republic of South Africa

At any time, you have the right to request access to or correction of your personal information. If you are unsatisfied with the manner in which we address any complaint with regard to our processing of personal information, you can contact the office of the regulator, The Information Regulator (South Africa): <enquiries@inforegulator.org.za>; <POPIAComplaints@inforegulator.org.za>.

DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated “Revised” date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at <privacy@packfiles.io> or contact us by post at:

Packfiles Inc.

802 East Whiting Street

Tampa, FL 33602

United States

HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please email us at <privacy@packfiles.io>.

3 - Terms of Service

Last Updated: June 1, 2026

These Terms of Service are posted by Packfiles Inc. for click-to-accept by customers who access or use the Product, including through the Microsoft Marketplace. They are the Cover Page of a Common Paper Cloud Service Agreement, presented for online acceptance rather than signature.

If you signed a separate Order Form or Cover Page to access the Product with the same account, and that agreement has not ended, the terms below do not apply to you. Instead, your separate Order Form or Cover Page applies to your use of the Product.

This Agreement is between Packfiles Inc. and the company or person accessing or using the Product. This Agreement consists of:

• This Cover Page (including the Order Form and Key Terms below); and

• The Framework Terms defined below.

If you are accessing or using the Product on behalf of your company, you represent that you are authorized to accept this Agreement on behalf of your company. By signing up for, accessing, or using the Product, or by clicking to accept these Terms, Customer indicates its acceptance of this Agreement and agrees to be bound by its terms and conditions.

Cover Page

Order Form

Framework Terms: This Cover Page incorporates and is governed by the Framework Terms, which are made up of the Key Terms below, the Common Paper Cloud Service Agreement Standard Terms Version 2.1 (incorporated by reference at https://commonpaper.com/standards/cloud-service-agreement/2.1), and the AI Addendum (incorporated below). Any modifications to the Standard Terms made in this Cover Page will control over conflicts with the Standard Terms. Capitalized words have the meanings given in the Cover Page or the Standard Terms.

Cloud Service	The world’s leading platform for Enterprise-scale GitHub adoption, including the Warp GitHub Copilot Agent (the “Agent”).
Order Date	The Effective Date
Subscription Period	12 month(s)

Fees and Payment: Microsoft Marketplace

Purchases of the Product are made through the Microsoft Marketplace (the “Marketplace”), where Microsoft acts as the merchant of record. Customer’s purchase, pricing, billing, payment, renewal, cancellation, and refunds for the Product are governed by Microsoft’s Marketplace terms and the applicable Microsoft order or offer, in addition to this Agreement. Packfiles does not separately bill or charge Customer for the Product purchased through the Marketplace, and Packfiles does not collect or store Customer’s payment instrument details. Current pricing for the Product is available on the Product’s Marketplace listing and at Provider’s pricing page. To the extent of any conflict between this Agreement and Microsoft’s Marketplace terms regarding fees, billing, payment, or refunds, the Microsoft Marketplace terms control for those matters.

If Customer instead purchases the Product directly from Provider under a separate written order or Cover Page, the fees, billing, and payment terms of that separate order will apply in place of this section.

Key Terms

Customer	The company or person who accesses or uses the Product. If the person accepting this Agreement is doing so on behalf of a company, all use of the word “Customer” in the Agreement will mean that company.
Provider	Packfiles Inc.
Effective Date	The date Customer first accepts this Agreement.
Governing Law	The laws of the State of Florida
Chosen Courts	The state or federal courts located in Florida
General Cap Amount	The greater of (a) the fees paid or payable for the Product in the 12-month period immediately before the claim, or (b) one thousand dollars ($1,000) where the Product was obtained at no fee to Customer.
Notice Address	For Provider: <notices@packfiles.io>. For Customer: the main email address on Customer’s account (or, for Marketplace purchases, the account email associated with the Marketplace order).

Covered Claims

Provider Covered Claims: Any action, proceeding, or claim that the Cloud Service, when used by Customer according to the terms of the Agreement, violates, misappropriates, or otherwise infringes upon someone else’s intellectual property or other proprietary rights.

Customer Covered Claims: Any action, proceeding, or claim that (a) the Customer Content, when used according to the terms of the Agreement, violates, misappropriates, or otherwise infringes upon someone else’s intellectual property or other proprietary rights; or (b) results from Customer’s breach or alleged breach of Section 2.1 (Restrictions on Customer) or the AI Acceptable Use terms below.

AI Addendum

These Framework Terms incorporate the AI Addendum Standard Terms Version 1.0, available at https://commonpaper.com/standards/ai-addendum/1.0/, with the Variables set forth below (collectively, the “AI Addendum”). Section 1.6 (Machine Learning) of the Cloud Service Agreement Standard Terms is deleted in its entirety. If there is any inconsistency between this AI Addendum and the Agreement, the AI Addendum will control for the provision of AI Services.

Training Data	None. Provider may not use Customer’s Inputs, Outputs, Usage Data, Feedback, or Customer Content to Train any Model.
Training Purposes	None.
Training Restrictions	Not applicable (no Training permitted). To the extent any data is used to maintain or improve the Services, it must first be aggregated and de-identified.
Covered Claims (AI)	Provider Covered Claims include any action, proceeding, or claim that the Output, when generated and used by Customer according to the Agreement and the AI Addendum, violates, misappropriates, or otherwise infringes the intellectual property or other proprietary rights of another person or entity. Provider’s obligations will not apply to claims resulting from: (a) use of Output in combination with products or services not provided by Provider (including the GitHub Copilot environment and underlying models); (b) Input; (c) Customer’s use of the AI Services in breach of the Agreement; (d) modifications to Output not made by Provider; (e) Output Customer knew or should have known might infringe; or (f) trademark claims arising from use of Output.
AI Acceptable Use Policy	Use of the AI Services is subject to the Packfiles AI Acceptable Use Policy, available at https://policies.packfiles.io and incorporated by reference. The AI Acceptable Use Policy is the controlling source for prohibited uses and related conduct obligations.
DPA	If Customer submits Personal Data governed by GDPR or similar laws, the parties will enter into Provider’s Data Processing Addendum, available on request and at https://policies.packfiles.io.

AI Features and the Agent

1. AI Disclosure and Consent

Certain features of the Product, including the Warp GitHub Copilot Agent (the “Agent”), use artificial intelligence, and the Agent’s responses are AI-generated content. By invoking the Agent, Customer consents to the processing of Customer’s repository content and inputs as described in the Packfiles Privacy Notice (https://policies.packfiles.io) in order to provide the Agent’s features.

2. How the Agent Operates; GitHub Copilot

The Agent operates within GitHub’s Copilot environment. The content the Agent reads and the responses it generates are processed by GitHub, Inc. through GitHub Copilot and its underlying model provider(s). That AI processing, including any retention or model-training practices, is performed by GitHub and governed by GitHub’s terms and privacy practices (https://docs.github.com/en/site-policy), not by Provider. Provider does not operate its own AI model endpoint for the Agent and does not store the content the Agent processes at rest outside of Customer’s GitHub environment. The Agent and its outputs are also subject to the GitHub Terms of Service and Acceptable Use Policy in addition to this Agreement.

3. No Warranty on AI Output; Human Oversight

The Agent’s outputs, including labels, comments, diagnoses, remediation steps, configuration findings, security observations, and migration strategy documents, are provided to assist Customer and may be incomplete or incorrect. They are not professional, security, or legal advice and are not a guarantee of any outcome. Customer is responsible for independently reviewing and validating the Agent’s outputs before relying on or acting on them and for applying appropriate human oversight. To the maximum extent permitted by law, and notwithstanding any contrary term in the Standard Terms, Provider disclaims all warranties with respect to AI-generated output, including accuracy, completeness, and fitness for a particular purpose. Output may also be similar to output generated for other users, and Provider does not warrant that Output is unique or non-infringing.

4. Acceptable Use of AI Features

Customer’s use of the AI Services is governed by the Packfiles AI Acceptable Use Policy, available at https://policies.packfiles.io and incorporated into this Agreement by reference. The AI Acceptable Use Policy sets out the prohibited uses of the AI Services (including restrictions on inferring sensitive attributes, biometric categorization, social scoring, surveillance, and similar uses), human-oversight requirements, and related obligations. Customer must comply with the AI Acceptable Use Policy, and any violation is a breach of this Agreement. This section supplements Section 2.1 (Restrictions on Customer).

5. Feedback and Error Reporting

If the Agent produces an error or an output Customer believes is improper, Customer may report it to Provider at https://packfiles.io/support-request and, where applicable, to GitHub. Provider uses such feedback to test and improve the Agent.

6. Ownership of Input and Output

As between the parties, Customer retains all right, title, and interest in its Input and owns the Output, to the extent permitted by applicable law and subject to the rights of GitHub and its model provider(s) in their platforms and models. Nothing in this Agreement grants Customer rights in GitHub’s platform, the Copilot environment, or any underlying AI models.

Changes to the Standard Terms

Auto-Renewal

Modifying Section 6.1 of the Standard Terms, the Subscription Period does not automatically renew and will expire at the end of the Subscription Period, unless renewed through the Microsoft Marketplace in accordance with Microsoft’s terms.

Deletion of Customer Content

Supplementing the Standard Terms and consistent with the Packfiles Privacy Notice, for personal data that Provider holds in connection with the Agent or the GitHub integration, Provider will delete it within thirty (30) days after the earliest of: Customer uninstalling or removing the Agent or integration; Provider discontinuing it; its removal from the platform; or termination of the applicable GitHub Marketplace or partner agreement under which the Agent is provided, except for data that is aggregated and anonymized or that Provider must retain by law. Content processed within GitHub’s Copilot environment is retained and deleted in accordance with GitHub’s terms.

Order of Precedence

In the event of a conflict, the following order of precedence applies: (1) any separate signed Cover Page or order between the parties; (2) the AI Addendum, for matters concerning the AI Services; (3) Microsoft’s Marketplace terms, for matters concerning fees, billing, payment, and refunds for Marketplace purchases; (4) these Key Terms and Cover Page modifications; and (5) the Common Paper Cloud Service Agreement Standard Terms Version 2.1.

The Common Paper Cloud Service Agreement Standard Terms Version 2.1 and the AI Addendum Standard Terms Version 1.0 are incorporated by reference and available at commonpaper.com. This document reflects the Key Terms, Cover Page, and modifications specific to Packfiles.