Privacy Policy
Last updated: February 2026
1. Introduction
CommandGate ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the CommandGate desktop application and related services.
By using CommandGate, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
Information You Provide
- Account credentials and authentication tokens
- Natural language prompts and queries you submit to the agent (processed in real-time, not permanently stored on our servers)
- Account information (email address) if you register via Clerk authentication
- Billing information processed through Stripe if you subscribe to a paid plan
Information Collected Automatically
- Command execution logs stored locally on your machine
- Usage metrics tracked in a local database on your device (query count, session duration)
- Application error logs for debugging purposes
Important: CommandGate does not transmit prompts or credentials through product telemetry. Desktop usage telemetry is optional and disabled by default; local usage data stays on your machine unless you enable telemetry or use hosted billing services.
3. How We Use Your Information
- To provide and maintain the CommandGate service
- To process your natural language queries through the hosted diagnostics service
- To execute system diagnostic commands on your local machine as directed by the AI agent
- To manage your account and subscriptions (if using Clerk authentication and Stripe billing)
- To improve the application based on optional aggregated, anonymized usage patterns when telemetry is enabled
- To provide customer support
4. Data Storage & Security
- Authentication credentials are stored securely on your device and are never transmitted to unauthorized parties
- Command execution history and diagnostic results are stored in a local database on your device
- Application configuration is stored locally in your operating system's standard application data directory
- If you use our hosted service, account data is protected using industry-standard encryption at rest and in transit
Data Retention
Hosted-service data is retained only as long as needed, then purged automatically:
- Usage metering records (token counts, model, cost, timing — never prompt content): up to 13 months, for billing history and dispute resolution
- Completed remote support sessions and their event timelines: 90 days
- Account export/deletion receipts: 90 days, for abuse prevention
- Tamper-evident audit events: 24 months, to preserve the integrity chain
- Diagnostic history on your device: stored locally and under your control; remove it by clearing history in the app or uninstalling
Deleting your account removes account, usage, and sync data immediately; payment records held by our payment processor follow financial-record retention requirements.
5. Third-Party Services
CommandGate integrates with the following third-party services:
Anthropic Claude API
Your natural language prompts are sent to Anthropic's Claude API for processing. Anthropic's use of this data is governed by their privacy policy. We recommend reviewing Anthropic's data handling practices.
Stripe
If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your credit card information. Stripe's handling of your payment data is governed by their privacy policy.
Clerk
If authentication is enabled, user accounts and sessions are managed by Clerk. Clerk's handling of your account data is governed by their privacy policy.
Depending on configuration, the hosted service may also use an error-monitoring provider (with aggressive scrubbing of prompts, keys, and personal identifiers), a hosting/log provider, and a privacy-respecting web analytics service. Business customers can request our current subprocessor list and a data processing agreement at support@commandgate.app.
6. Your Rights
GDPR (European Economic Area)
If you are a resident of the EEA, you have the right to access, rectify, or delete your personal data; restrict or object to processing; data portability; and the right to withdraw consent at any time.
CCPA (California)
If you are a California resident, you have the right to know what personal data is collected; request deletion of your data; opt out of the sale of personal data (we do not sell personal data); and non-discrimination for exercising your rights.
Self-Serve Export & Deletion
Hosted-account holders can export their stored data (account, usage metering, synced preferences) and permanently delete their account from the dashboard at any time. Deletion is immediate and idempotent; a minimal receipt is kept briefly for abuse prevention and then purged. If you use the app in bring-your-own-key mode, no server-side account exists — your data stays on your machine.
To exercise any of these rights, please contact us at support@commandgate.app.
7. Cookies
The CommandGate desktop application does not use cookies. Our website (commandgate.ai) may use essential cookies for authentication sessions if Clerk is enabled, and analytics cookies only with your consent.
8. Children's Privacy
CommandGate is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete such information promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this page periodically for any changes.
10. Contact Us
If you have any questions about this Privacy Policy, please contact us: