Your privacy matters to us a lot. This policy explains what data we collect, why, and how we protect it. We’ve tried our best to keep it readable so you don’t need lawyers to read it.
The short version: We collect minimal data. The website uses privacy-friendly analytics and collects your email if you subscribe. The desktop app validates your license periodically and checks for updates. You can optionally send crash reports. During the open beta, the desktop app also sends anonymous usage stats (which features you use), with an easy off switch. It never includes anything from your files. We don’t sell your data.
1. Who we are
Rymdskottkärra AB (the “data controller”) is responsible for your personal data. We’re a Swedish company located at Vattmyragränd 47, 177 39 Järfälla, Sweden. Few people know that the company name actually means “Space wheelbarrow”.
For privacy-related questions, contact us at [email protected].
2. What data we collect
On the website (getcmdr.com)
- Email address: if you subscribe to our newsletter or contact us
- Page analytics: we use Umami, a privacy-focused analytics tool that we host on our own server. It tells us which pages are visited, where traffic comes from, and approximate location (country level). Umami doesn’t use cookies and doesn’t collect any personal information.
- Website behavior: we use PostHog to see how visitors interact with the website, like session recordings and heatmaps. This helps us spot confusing layouts and improve the experience. PostHog sets a first-party cookie to maintain your session, but doesn’t track you across other websites.
- Download counts: when you download Cmdr, we record which version and architecture you chose, along with your country, for stats. We don’t store your IP address or any other identifying info.
- Payment info: if you buy a license, payment is handled by Paddle. We see your email address and purchase details, but never your credit card number. That’d be too much risk for us.
In the desktop app
- License key: stored locally on your machine. The app verifies it cryptographically offline, and periodically checks our server to see if your subscription has expired or been extended. During these checks, we also send a hashed device identifier so we can detect key sharing. We don’t use this to track you or your activity, only to count distinct devices per license.
- Organization name: for commercial licenses, we store the organization name you provide at checkout, to display it in the app’s About window.
- Crash reports (opt-in): if you choose to send crash reports, Cmdr sends the app version, macOS version, and the location in our code where the crash happened. It doesn’t include file names or anything from your file system. If you’ve added a beta contact email, you can tick a box to attach it to a crash or error report so we can reply, and we include it only when you do. You can enable or disable crash reports anytime in Settings > Updates & privacy.
- Anonymous usage stats (open beta): which features you use and basic preferences (like light or dark mode), tied to a random id, never to you. No file names, contents, paths, search terms, or prompts. On by default during the beta, off anytime in Settings > Updates & privacy.
- Beta contact email (optional): if you share it, it’s stored on your Mac and sent only to our mailing list so we can reach out. We never send it with your usage stats, so the two can’t be connected.
During the open beta, the desktop app sends anonymous usage stats so we can see which features matter and what’s working. This covers which features you use and basic preferences, tied to a random id, with an easy off switch in Settings > Updates & privacy. We never collect your file names, file contents, paths, search queries, AI prompts, keystrokes, or screenshots. Aside from these stats, the desktop app’s network calls are license validation (including the device identifier mentioned above), checking for updates, and sending crash reports if you’ve opted in.
What we DON’T collect
- Your file names, contents, or any data from your file system, ever. We don’t want to know your files.
- Your prompts, the AI’s answers, tool calls, etc. The communication is all private between you and your AI, unless you use a provider (OpenAI, Anthropic, etc.) that have different terms. But with Cmdr, you always have the option to keep ALL communications private with a local model.
- Crash reports, if you opt in, contain only technical diagnostics (code locations, app and system version). Never file names, file contents, or anything from your file system.
- Your keystrokes or screenshots. During the open beta we do see which features are used, never their content.
- And we never train models on your data!
3. Why we collect this data (legal basis)
Under GDPR (EU law to protect your rights over your data), we need a legal basis for processing your data, which is pretty nice and fair and we apply it to all our users globally, not just EU citizens. Here is a list:
- License validation and subscription status checks: As a business baseline, we need to know who has a valid license and who doesn’t.
- Legitimate interest: Website analytics, download counts, and the anonymous usage stats from the desktop app during the open beta help us understand how people find and use Cmdr, which directly shapes the product roadmap. This is strictly not about tracking any particular user. We actively avoid that. We only look at aggregate data that can’t be traced back to a single person, and the desktop usage stats come with an easy opt-out in Settings > Updates & privacy.
- Consent: Email addresses to send you news that hopefully interest you, including the optional beta contact email. (You can unsubscribe anytime from all communications we send, except for stuff we need to send like updates to this very policy.)
- Consent: Crash reports, if you choose to send them. You can opt out anytime in Settings.
4. How we use your data
- To process your license purchase
- To maintain and improve Cmdr
- To send you product updates (if you subscribed)
- To respond to your support requests
- To analyze website traffic and improve our communication
5. Who we share data with
We only share data with service providers who help us operate Cmdr:
- Paddle (payments): processes purchases, handles taxes and invoicing. Based in the UK with GDPR-compliant processing. Paddle’s privacy policy
- PostHog (website behavior and desktop usage stats): session recordings and heatmaps to help us improve the website experience, and the anonymous, PII-free feature stats the desktop app sends during the open beta. Cloud-hosted in the EU. PostHog’s privacy policy
- Cloudflare (hosting): hosts our API server for license validation, download tracking, and crash report ingestion on its global CDN. Download events (version, architecture, country) and crash reports are stored in Cloudflare D1 (SQLite). Cloudflare’s privacy policy
- Listmonk (newsletter and beta list): self-hosted on our server. Stores your email address and subscription status, including the optional beta contact email you can share in the desktop app. No data leaves our infrastructure except when sending emails via AWS SES.
- AWS SES (email delivery): sends newsletter and confirmation emails on our behalf. AWS privacy policy
Our page-level website analytics (Umami) are self-hosted on our own server. No data is shared with any third party for that.
We don’t sell your data. We don’t share it with advertisers or anyone not listed above.
6. Where we store your data
Page-level website analytics (Umami) and our newsletter system (Listmonk) are self-hosted on our own server in Europe. Our license and download tracking server runs on Cloudflare Workers on a global CDN. PostHog and Paddle are GDPR-compliant and have appropriate data processing agreements in place.
7. How long we keep your data
- Purchase records: kept for 7 years (Swedish accounting law requirement)
- Email subscriptions: kept until you unsubscribe, then we have no use for it.
- Analytics data: typically 2 years, then aggregated further, or deleted. Old data is less helpful.
- Crash reports: kept permanently until manually pruned, to help us track down long-standing stability issues
- Download counts and active user data: kept permanently in aggregated form (version, architecture, country). No personal information is stored.
- Desktop usage stats: the anonymous beta usage stats are tied to a random id, never to you, and we keep them during the beta to track how the product is used. No personal information is stored.
8. Cookies
PostHog sets a first-party cookie to maintain your session while you browse our website. This is used for session recordings and heatmaps. It doesn’t track you across other websites. Umami, our page analytics tool, doesn’t use cookies at all.
We don’t use third-party advertising cookies or cross-site tracking.
9. Your rights (GDPR)
EU residents have the right to:
- Access: request a copy of your personal data
- Rectification: correct inaccurate data
- Erasure: request deletion of your data (“right to be forgotten”)
- Portability: receive your data in a machine-readable format
- Object: object to processing based on legitimate interest
- Withdraw consent: for newsletter subscriptions, unsubscribe anytime
To exercise these rights, email us at [email protected]. We’ll respond within 30 days.
You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or your local data protection authority.
That said, we try to be nice to everyone, not just EU citizens.
10. Children’s privacy
Cmdr is not directed at children under 16. We don’t knowingly collect data from children. If you believe we have, please contact us and we’ll delete it.
11. Changes to this policy
We may update this policy occasionally. We’ll notify you of significant changes via email (if you’ve purchased a license) or by posting on our website. The “Last updated” date at the top tells you when it was last revised.
12. Contact
Questions about your data? Want to exercise your rights? Email us at [email protected].