Privacy Policy
This page summarizes CommandLane's privacy practices. For the complete legal policy, see the GDPR Compliance Guide.
Core Principles
Local-First by Default
CommandLane is designed with privacy as a foundational principle:
- All data stored locally on your Windows machine by default
- No cloud synchronization unless you explicitly configure it
- No usage analytics or behavioral telemetry sent to external services
- No account required to use the application
Data You Control
| Data Type | Storage | Access |
|---|---|---|
| Captured entries | Local SQLite database | You only |
| Configuration | Local JSON files | You only |
| Classification models | Local filesystem | You only |
| Search indices | Local SQLite | You only |
Optional External Services
OpenAI API (Optional)
If you enable AI planning features:
- What's sent: Anonymized task summaries for planning assistance
- When: Only when you use Planning or Chat features
- Control: Disable in Dashboard > Settings > AI Settings
- Provider: OpenAI (see OpenAI Privacy Policy)
Enable local AI classification in Dashboard > Settings > AI Settings to avoid any external API calls.
Data Security
Input Validation
All user inputs are validated:
- Text length limits (10,000 characters)
- Path traversal prevention
- SQL injection protection (parameterized queries only)
- Command injection prevention
- Prompt injection protection (XML tag escaping in agent context)
Storage Security
- Atomic writes with recovery files prevent data corruption
- File permissions restrict database and config access to your user account (
0o600) - No plaintext secrets in configuration files
- Automatic purging of sensitive tool results (shell output, file content) from conversation history
Agent Security
When using Agent Mode, additional protections are in place:
- Tiered command permissions: Safe commands auto-execute, modifying commands require your approval, dangerous commands are always blocked
- Rate limiting: Dangerous tool invocations are limited per-turn and per-hour
- Write-then-execute prevention: Files written by the agent cannot be immediately executed
- Audit logging: All tool invocations are logged for accountability
- Token authentication: WebSocket connections to the agent server require a session token
- MCP server HTTPS enforcement: External tool servers must use HTTPS (except localhost)
Window Title Sensitivity
The window watcher captures window titles and process names to provide context for your entries. Be aware:
- Window titles may contain sensitive information (document names, email subjects, URLs, file paths)
- When Agent Mode is active with a cloud AI provider configured, window titles are included in the context sent to that provider
- Disable the window watcher by setting
watcher_enabled_by_defaulttofalsein yourpkb.config.jsonfile if you handle sensitive information in window titles
Network Security
- No inbound connections accepted (agent WebSocket is localhost-only with token auth)
- Outbound connections only if you enable AI features or MCP servers
- TLS encryption for all external API calls and MCP servers
Network Calls
Automatic Update Checks
CommandLane checks for updates on every launch:
- What is transmitted: The current app version and platform identifier, sent to GitHub's releases API
- Personal data: None — no user data is included
- Purpose: Notify you when a newer version is available
- Third party: GitHub may log your IP address per their Privacy Statement
MCP Servers
CommandLane supports user-configured MCP (Model Context Protocol) servers that extend the agent with external tools:
User-configured MCP servers may transmit data — including queries, context, and tool inputs — to third-party servers as part of their function. Each MCP server has its own privacy practices. Review the privacy policy of each server you connect before enabling it. CommandLane enforces HTTPS for remote MCP connections but cannot control what connected servers do with transmitted data.
MCP servers are disabled by default and must be explicitly configured.
Compliance
GDPR (General Data Protection Regulation)
- ✅ Right to Access - All data in local SQLite database
- ✅ Right to Erasure - Delete
pkb_data.dband config files - ✅ Right to Portability - SQLite and JSON export available
- ✅ Data Minimization - Only stores what you capture
- ✅ Purpose Limitation - Used only for knowledge management
CCPA (California Consumer Privacy Act)
- ✅ No Sale of Data - Nothing is sold or shared
- ✅ Disclosure - This policy describes all data practices
- ✅ Deletion Rights - You control all data files
What We Don't Collect
- ❌ Personal identifiable information (PII)
- ❌ Usage analytics or behavioral telemetry
- ❌ Crash reports (unless you manually submit)
- ❌ Location data
- ❌ Browsing history beyond window titles (if watcher enabled)
If you purchase a paid license, the app transmits a SHA-256 hash derived from your hostname and MAC address to the license server for purchase verification. This is a one-way hash — raw hardware identifiers are never transmitted. This is not telemetry, but it must be disclosed as it involves a pseudonymous device identifier.
Sensitive Data Guidelines
What Not to Capture
Avoid capturing:
- Passwords or API keys
- Credit card numbers
- Social Security numbers
- Medical records
- Attorney-client privileged information
CommandLane does not automatically detect or filter sensitive data. You are responsible for what you capture.
If You Capture Sensitive Data
- Encrypt your drive using Windows BitLocker
- Set strong file permissions on
pkb_data.db - Don't enable cloud sync for sensitive databases
- Backup securely to encrypted external drives
Third-Party Dependencies
CommandLane uses open-source libraries:
- SQLite - Public domain database engine
- Python - PSF License
- Transformers (TinyBERT) - Apache 2.0
- Full dependency list in
requirements.txt
No dependencies collect telemetry or phone home.
Data Retention
You control retention:
- Your entries and memories persist until you delete them
- Audit logs are automatically retained for 90 days, then cleaned up
- Manual export/archive tools provided
Recommended practices:
- Monthly review and archive old entries
- Export important decisions to version control
- Backup database files regularly
Transparency
CommandLane is committed to transparency about data handling:
- ✅ Clear documentation of all data flows
- ✅ Explicit consent required for external integrations
- ✅ Local-first architecture you can verify
Last Updated: 2026-03-13