Pattern5 LogoPattern5
How It WorksCapabilitiesPricing
LoginGet Started Free
Pattern5

Deliver your architectural standards to your AI coding agents.

Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy

© 2026, Pattern5 is an NHXHN project

Privacy Policy

This Privacy Policy describes how Pattern5 collects, uses, and protects your information when you use our platform.

Last updated: 2026-02-20

1. What Pattern5 Is

Pattern5 is operated by NHXHN, LLC (“we,” “us,” or “our”). Pattern5 is a platform that serves curated architectural patterns, coding standards, architectural decision records, and guiding principles to AI coding agents (Claude Code, Cursor, GitHub Copilot) via MCP (Model Context Protocol).

This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using Pattern5, you agree to the collection and use of information as described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (required)
  • Password (stored as a bcrypt hash, never in plaintext)
  • Full name (optional; auto-populated from OAuth if you sign up with GitHub or Google)

2.2 Organization Information

When you sign up, a personal organization is automatically created for you. We store:

  • Organization name (derived from your name or email)
  • Billing information managed through Stripe (email, subscription status)

2.3 Content You Create

  • Patterns, standards, decision records, and principles you author, including section content, technology tags, and descriptions
  • All content is attributed to your account

2.4 MCP Interaction Data

When AI agents connect via your API key or OAuth token:

  • Agent type (e.g., “claude-code,” “cursor”), tool invoked, search queries, parameters, number of results returned, and which artifacts were served
  • Ratings and comments submitted by AI agents via MCP tools
  • Session information (start time, last activity, project accessed)

2.5 Usage and Operational Data

  • Login timestamps and failed login attempt counts (for security)
  • Daily aggregated usage metrics (request counts, unique patterns served)
  • Activity events (pattern approvals, content proposals, gap detections)
  • UI preferences (sidebar state, theme choice, dismissed banners)

2.6 What We Do NOT Collect

  • IP addresses are not stored in our database
  • Browser user agent strings are not stored (only MCP client identifiers)
  • We do not use tracking cookies or advertising pixels

3. How We Use Your Information

  • Provide and operate the Pattern5 service
  • Authenticate your account and manage API key access
  • Serve your organization's patterns to connected AI agents
  • Generate AI-assisted content when you use the pattern editor
  • Monitor service health and debug errors
  • Enforce rate limits based on your subscription tier
  • Send transactional emails (email verification, password reset)
  • Aggregate anonymized usage data for service improvement

4. Third-Party Service Providers

We share data with the following service providers to operate Pattern5. We do not sell personal information to any third party.

ServicePurposeData Shared
Microsoft Azure (PostgreSQL Flexible Server)Database hostingAll application data (encrypted in transit via SSL)
Microsoft Azure OpenAI ServiceAI-assisted pattern generation and semantic searchArtifact titles, descriptions, content, search queries
Microsoft Azure Communication ServicesTransactional emailRecipient email address, verification/reset URLs
StripeSubscription billingEmail, organization name, organization ID
SentryError monitoring (production only)Error stack traces, user IDs, performance traces (10% sample)
GitHub (optional)OAuth loginEmail, display name (via OAuth callback)
Google (optional)OAuth loginEmail, display name (via OAuth callback)

5. AI and Machine Learning

  • AI features use Azure OpenAI exclusively (GPT-4o, GPT-4o-mini, text-embedding-ada-002)
  • Data sent to Azure OpenAI: artifact titles, descriptions, section content, technology lists, and search queries
  • Embeddings (numerical vectors) are stored permanently for semantic search
  • Raw AI prompts and responses are not stored — only parsed results
  • Your data is not used for model training or fine-tuning
  • No feedback is sent back to Azure OpenAI from user ratings
  • Azure OpenAI's built-in content filtering applies to all requests
  • AI generation is rate-limited (Free: 5/month, Pro: 100/month)

6. MCP Integration Data

When an AI agent connects to Pattern5 via your API key or OAuth token:

  • Every tool invocation is logged (search queries, artifact retrievals, ratings, submitted content)
  • Agent type is detected from the User-Agent header
  • Artifacts served include author names in the formatted output
  • Session lifecycle is tracked (start, last activity, expiration)
  • All MCP logs are retained for service operation and analytics
  • This data is visible to you on the History and Analytics pages

7. Data Retention

  • Account data is retained while your account is active
  • MCP request logs, session data, and usage metrics are retained indefinitely for service operation
  • Stripe webhook events are retained for billing reconciliation
  • If you request account deletion, we will delete your personal data within a reasonable timeframe, except where retention is required by law or for legitimate business purposes (e.g., billing records)
  • Aggregated, anonymized usage data may be retained after account deletion

8. Data Security

  • Passwords hashed with bcrypt (never stored in plaintext)
  • API keys hashed with bcrypt (only the key prefix is stored for identification)
  • Database connections encrypted via SSL
  • OAuth refresh tokens hashed with bcrypt
  • JWT session tokens encrypted and signed
  • Security headers enforced (HSTS, X-Frame-Options, CSP, etc.)
  • Account lockout after repeated failed login attempts
  • Role-based access control within organizations

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Your Rights

You may request to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and data
  • Receive a copy of your data
  • Restrict processing of your data
  • Object to processing

To exercise any of these rights, contact support@pattern5.com. We will respond within 30 days.

EU Residents

We process data based on contract performance (providing the service), legitimate interests (security, analytics), and consent (where applicable). You may lodge a complaint with your local data protection authority.

California Residents

We do not sell personal information. You have the right to know what data we collect, request deletion, and not be discriminated against for exercising your rights.

10. International Data Transfers

Pattern5's infrastructure is hosted on Microsoft Azure in the United States. If you access the service from outside the US, your data will be transferred to and processed in the US. We rely on Microsoft Azure's compliance certifications and standard contractual clauses where applicable.

11. Children's Privacy

Pattern5 is not intended for users under 13. We do not knowingly collect information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information.

12. Changes to This Policy

We will post updates on this page and update the “Last Updated” date. For material changes, we will notify registered users via email.

13. Contact Information

If you have questions about this Privacy Policy, please contact us:

NHXHN, LLC

Email: support@pattern5.com

Address: 9550 Mason Montgomery Rd #1159, Mason, OH 45040

This Privacy Policy is effective as of 2026-02-20.

If you have any questions about this document, please contact us at support@nhxhn.com

Table of Contents