How Licensing Works
This page is the truth anchor for our privacy policy and the claims we make elsewhere on the site. When the product’s network behavior changes, we update this page first and everything else follows.
Local-first architecture
Section titled “Local-first architecture”GodotIQ runs as a small MCP server on your machine, launched by your AI client (Claude Code, Codex, Cursor, Windsurf, VS Code). Your Godot project files never leave your machine. All analysis runs locally against your local filesystem — GodotIQ does not upload, scan, or stream your project anywhere.
Activation flow
Section titled “Activation flow”When you add GODOTIQ_LICENSE_KEY to your client config and restart, the MCP:
- Sends your license key over HTTPS to Polar’s API for validation.
- On success, requests a signed Pro-tool bundle from
pro.godotiq.com(hosted on a Cloudflare Worker backed by R2 storage). - Caches the bundle and a signed receipt locally on disk.
First Pro run requires a network connection. Afterward, the MCP works offline until the receipt expires.
Bundle download and cache
Section titled “Bundle download and cache”The Pro bundle is stored via platformdirs in your OS’s per-user cache directory:
- macOS:
~/Library/Caches/godotiq/ - Windows:
%LOCALAPPDATA%\godotiq\Cache\ - Linux:
~/.cache/godotiq/
To clear the cache (forces a fresh download on next activation):
godotiq auth reset-bundleOr manually delete the godotiq subdirectory in the cache path above.
Receipt refresh behavior
Section titled “Receipt refresh behavior”Receipts expire periodically. Refresh is synchronous on first use after expiration —
there is no background daemon, no polling process, and no scheduled task. The first Pro
tool call after expiration triggers the refresh HTTPS request; if the network is
unreachable at that moment, you’ll see a MIGRATION_REQUIRED or BUNDLE_UNAVAILABLE
error and the retry succeeds once connectivity returns.
What is NOT sent
Section titled “What is NOT sent”- Not your Godot project paths.
- Not your project file contents.
- Not which tools you run.
- Not how often you call them.
- Not your scene tree.
- Not your code.
- Not your errors.
- No per-tool telemetry inside the MCP — ever.
What IS sent (honest disclosure)
Section titled “What IS sent (honest disclosure)”Three things, and nothing else:
- To Polar (HTTPS): your license key for validation.
- To
pro.godotiq.com(HTTPS): a signature of your license key, used to request the Pro tool bundle. - To Google Analytics 4 — only on the
godotiq.comwebsite, only after you click Accept on the cookie consent banner, and only withanonymize_ip: true. GA4 never runs inside the MCP, never runs inside your editor, never runs from your Godot project.
Seat / machine model
Section titled “Seat / machine model”The backend enforces a soft cap designed for normal multi-machine development use. We don’t publish a hard number because the cap is a fraud guardrail, not a product limit. If you hit the limit in normal use, email [email protected] and we’ll bump you.
Verification methods
Section titled “Verification methods”You don’t have to take our word for any of this. Here’s how to verify:
-
godotiq auth status— prints tier and license state. -
godotiq auth status --json— machine-readable output, useful for bug reports (remember to redact the license key before sharing). -
Inspect the cache directory above to see exactly what’s stored locally.
-
Network-monitor your MCP process:
- macOS: Little Snitch or LuLu.
- Windows: Simplewall.
- Linux:
netstat -nporss -tpn.
You will only see outbound traffic to
api.polar.shandpro.godotiq.com.
Does GodotIQ see my code?
Section titled “Does GodotIQ see my code?”No. Pro analysis runs against your local filesystem. Nothing is uploaded.
Does GodotIQ “phone home” when I use a tool?
Section titled “Does GodotIQ “phone home” when I use a tool?”No. There is no per-tool analytics. The only outbound request after activation is the synchronous receipt refresh at expiration.
Why do you use Google Analytics on the website?
Section titled “Why do you use Google Analytics on the website?”Usage understanding — which pages people actually read. Gated on cookie consent,
anonymize_ip: true. We’ll likely swap to Plausible or a similar privacy-first
analytics platform when traffic justifies the change.
What if I work offline?
Section titled “What if I work offline?”First Pro run needs a network connection. After that, offline works until a receipt
expires. Firewall-heavy corporate environments may need to allow HTTPS to
api.polar.sh and pro.godotiq.com.
Who has access to my license key?
Section titled “Who has access to my license key?”You, Polar (stored for billing and validation), and pro.godotiq.com — which sees only
a signature of your key, not the key itself, when serving the bundle on subsequent
requests.