update privacy policy to account for stealth model

PRIVACY.md

@@ -1,14 +1,14 @@
 # Roo Code Privacy Policy
 
-**Last Updated: June 10th, 2025**
+**Last Updated: August 20th, 2025**
 
 Roo Code respects your privacy and is committed to transparency about how we handle your data. Below is a simple breakdown of where key pieces of data go—and, importantly, where they don’t.
 
 ### **Where Your Data Goes (And Where It Doesn’t)**
 
-- **Code & Files**: Roo Code accesses files on your local machine when needed for AI-assisted features. When you send commands to Roo Code, relevant files may be transmitted to your chosen AI model provider (e.g., OpenAI, Anthropic, OpenRouter) to generate responses. We do not have access to this data, but AI providers may store it per their privacy policies.
+- **Code & Files**: Roo Code accesses files on your local machine when needed for AI-assisted features. When you send commands to Roo Code, relevant files may be transmitted to your chosen AI model provider (e.g., OpenAI, Anthropic, OpenRouter) to generate responses. If you select Roo Code Cloud as the model provider (proxy mode), your code may transit Roo Code servers only to forward it to the upstream provider. We do not store your code; it is deleted immediately after forwarding. Otherwise, your code is sent directly to the provider. AI providers may store data per their privacy policies.
 - **Commands**: Any commands executed through Roo Code happen on your local environment. However, when you use AI-powered features, the relevant code and context from your commands may be transmitted to your chosen AI model provider (e.g., OpenAI, Anthropic, OpenRouter) to generate responses. We do not have access to or store this data, but AI providers may process it per their privacy policies.
-- **Prompts & AI Requests**: When you use AI-powered features, your prompts and relevant project context are sent to your chosen AI model provider (e.g., OpenAI, Anthropic, OpenRouter) to generate responses. We do not store or process this data. These AI providers have their own privacy policies and may store data per their terms of service.
+- **Prompts & AI Requests**: When you use AI-powered features, your prompts and relevant project context are sent to your chosen AI model provider (e.g., OpenAI, Anthropic, OpenRouter) to generate responses. We do not store or process this data. These AI providers have their own privacy policies and may store data per their terms of service. If you choose Roo Code Cloud as the provider (proxy mode), prompts may transit Roo Code servers only to forward them to the upstream model and are not stored.
 - **API Keys & Credentials**: If you enter an API key (e.g., to connect an AI model), it is stored locally on your device and never sent to us or any third party, except the provider you have chosen.
 - **Telemetry (Usage Data)**: We only collect feature usage and error data if you explicitly opt-in. This telemetry is powered by PostHog and helps us understand feature usage to improve Roo Code. This includes your VS Code machine ID and feature usage patterns and exception reports. We do **not** collect personally identifiable information, your code, or AI prompts.
 - **Marketplace Requests**: When you browse or search the Marketplace for Model Configuration Profiles (MCPs) or Custom Modes, Roo Code makes a secure API call to Roo Code’s backend servers to retrieve listing information. These requests send only the query parameters (e.g., extension version, search term) necessary to fulfill the request and do not include your code, prompts, or personally identifiable information.

apps/web-roo-code/src/app/privacy/page.tsx

@@ -46,7 +46,7 @@ export default function Privacy() {
 					<h1 className="text-3xl font-bold tracking-tight sm:text-4xl md:text-5xl">
 						Roo Code Cloud Privacy Policy
 					</h1>
-					<p className="text-muted-foreground">Last Updated: June 19, 2025</p>
+					<p className="text-muted-foreground">Last Updated: August 20, 2025</p>
 
 					<p className="lead">
 						This Privacy Policy explains how Roo Code, Inc. (&quot;Roo Code,&quot; &quot;we,&quot;
@@ -82,9 +82,14 @@ export default function Privacy() {
 					<h2 className="mt-12 text-2xl font-bold">Quick Summary</h2>
 					<ul>
 						<li>
-							<strong>Your source code never transits Roo Code servers.</strong> It stays on your device
-							and is sent <strong>directly</strong>—via a client‑to‑provider TLS connection—to the
-							third‑party AI model you select. Roo Code never stores, inspects, or trains on your code.
+							<strong>
+								Your source code does not transit Roo Code servers unless you explicitly choose Roo Code
+								as a model provider (proxy mode).
+							</strong>{" "}
+							When Roo Code Cloud is your model provider, your code briefly transits Roo Code servers only to
+							forward it to the upstream model, is not stored, and is deleted immediately after
+							forwarding. Otherwise, your code is sent <strong>directly</strong>—via client‑to‑provider
+							TLS—to the model you select. Roo Code never stores, inspects, or trains on your code.
 						</li>
 						<li>
 							<strong>Prompts and chat snippets are collected by default</strong> in Roo Code Cloud so you
@@ -200,10 +205,12 @@ export default function Privacy() {
 										Code & files you work on
 									</td>
 									<td className="border border-border px-4 py-2">
-										Your chosen model provider (direct client → provider TLS)
+										Your chosen model provider (direct client → provider TLS), or Roo Code (proxy
+										mode; transit‑only) when you select Roo Code as the provider
 									</td>
 									<td className="border border-border px-4 py-2">
-										Roo Code servers; ad networks; model‑training pipelines
+										Roo Code servers (except proxy mode; transit‑only, no storage); ad networks;
+										model‑training pipelines
 									</td>
 								</tr>
 								<tr className="bg-muted/25">