GDPR & CCPA Compliance Guide

Version: 1.1.0 Last Updated: 2026-03-13 Jurisdiction: Netherlands (EU)

Overview

This document describes how CommandLane complies with the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

Key Principles:

Data minimization: Only collect what's necessary
Transparency: Clear disclosure of data flows
User control: Full control over personal data
Security: Encryption and secure storage
Accountability: Audit logging for compliance

Data Processing Activities

Local Data Storage

All user data is stored locally on the user's device by default:

Data Type	Location	Encryption	Retention
Entries (tasks/notes)	SQLite database	Optional	User-controlled
Configuration	`pkb.config.json`	API keys encrypted	Indefinite
Audit logs	`audit_log.db`	None (metadata only)	90 days default
Application logs	Log files	None	7 days
License verification	Vercel license server	SHA-256 device hash	Per-request (not stored locally)
Update checks	GitHub releases endpoint	App version, platform	Per-launch (not stored locally)

External Data Transfer

Data is only sent to external services when:

User explicitly enables an integration
User provides explicit consent via consent modal
User initiates an action that requires the integration

Third-Party Services:

Service	Data Sent	Purpose	Privacy Policy
OpenAI	Entry text, context	AI classification, chat	OpenAI Privacy
Anthropic	Entry text, context	AI classification, chat	Anthropic Privacy
Notion	Entry content, metadata	Task/note synchronization	Notion Privacy
Ollama	Entry text	Local AI (no external transfer)	N/A (local only)
GitHub	App version, platform	Update check on launch	GitHub Privacy
Stripe	Device hash, license key	Payment and license verification	Stripe Privacy
Vercel	Device hash	License server hosting	Vercel Privacy
MCP Servers	Queries, context, tool inputs	User-configured external tools	Varies per server

Window Title Sensitivity

Window titles may contain sensitive information (document names, URLs, email subjects). When Agent Mode is used with a cloud AI provider, window titles are included in the context sent to that provider. Users can disable the window watcher in settings.

Used for optional integrations that send data externally:

OpenAI/Anthropic AI features
Notion synchronization

Implementation:

Consent modal displayed before first use
Clear description of data types transmitted
Purpose explanation for each integration
Link to third-party privacy policy
Checkbox acknowledgment required
Consent timestamp recorded

Consent Withdrawal: Users can withdraw consent at any time by disconnecting the integration in Settings.

Contract (Article 6(1)(b))

Used for core application functionality:

Local storage of user entries
Application configuration
System operation

Legitimate Interest (Article 6(1)(f))

Used for:

Security logging (preventing abuse)
Error logging (improving service reliability)
Audit logging (compliance requirements)

User Rights Implementation

Right of Access (Article 15)

Users can access their data through:

Direct Database Access: SQLite database is user-readable
Dashboard UI: View all entries, tasks, and notes

Right to Rectification (Article 16)

Users can modify their data through:

Dashboard UI for editing entries
Direct database access for advanced users

Right to Erasure (Article 17)

Users can delete their data through:

Individual Entry Deletion: Via dashboard UI
Bulk Deletion by Age: Via data retention controls
Complete Data Deletion: Delete the data directory
- Windows: %LOCALAPPDATA%\cmdlane-pkb
- macOS: ~/Library/Application Support/cmdlane-pkb
- Linux: ~/.local/share/cmdlane-pkb

Right to Data Portability (Article 20)

Users can export their data in standard formats:

JSON export of all entries
SQLite database (portable format)
Audit log export

Right to Object (Article 21)

Users can object to processing by:

Disabling specific integrations
Disabling AI features
Using offline-only mode

Data Protection Measures

Encryption

Data	Encryption Method	Key Storage
API Keys	Fernet (AES-128)	OS Keyring preferred
Local Database	SQLite (optional encryption)	User-controlled
Config File	Sensitive fields encrypted	Machine-derived key

Access Controls

File Permissions: 0600 (Unix) for sensitive files
Directory Permissions: 0700 (Unix) for data directory
Windows: NTFS ACLs inherited from user profile

Audit Logging

API calls to external services are logged with:

Timestamp
Service name
Operation type
Data size (NOT content)
Success/failure status

NOT Logged:

Actual user content
API keys
Personal identifiers

Data Retention

Default Retention Periods

Data Type	Retention	Justification
User entries	Indefinite	User controls deletion
Audit logs	90 days	Compliance requirement
Application logs	7 days	Troubleshooting
Error reports	30 days	Bug fixing

International Data Transfers

Data Location

Primary storage: User's local device (no cloud storage by default)

Third-Party Transfers

When using cloud integrations:

OpenAI: Data processed in US (Standard Contractual Clauses)
Anthropic: Data processed in US (Standard Contractual Clauses)
Notion: Data processed in US (Standard Contractual Clauses)

Users are informed of international transfers in consent modal.

Security Incident Response

Breach Notification

In case of a security incident affecting user data:

Assessment (within 24 hours)
- Determine scope and nature of breach
- Identify affected data
Notification (within 72 hours for high risk)
- Notify supervisory authority (Dutch DPA)
- Notify affected users if high risk
Remediation
- Patch vulnerability
- Update security measures
- Document incident

Contact for Security Issues

For security vulnerabilities or incidents:

Email: support@commandlane.ai (please include "Security" in the subject)
GitHub: Security Issues

Data Protection Contact

For GDPR-related inquiries:

Data Protection Contact Email: support@commandlane.ai

Supervisory Authority

For complaints about data processing:

Dutch Data Protection Authority (Autoriteit Persoonsgegevens) Website: https://autoriteitpersoonsgegevens.nl Phone: +31 70 888 85 00

CCPA-Specific Rights

For California residents:

Right to Know

Users can request:

Categories of personal information collected
Sources of personal information
Purpose of collection
Third parties with whom data is shared

Right to Delete

Same as GDPR Right to Erasure (see above).

Right to Opt-Out

Users can opt-out of:

AI processing (disable AI features)
Third-party sharing (disconnect integrations)

Note: CommandLane does not sell personal information.

Non-Discrimination

Users who exercise CCPA rights will not receive:

Different pricing
Different service quality
Denial of service

Document Owner: Legal/Compliance Team Review Frequency: Quarterly Next Review: 2026-06-13

Overview​

Data Processing Activities​

Local Data Storage​

External Data Transfer​

Legal Bases for Processing (GDPR Article 6)​

Consent (Article 6(1)(a))​

Contract (Article 6(1)(b))​

Legitimate Interest (Article 6(1)(f))​

User Rights Implementation​

Right of Access (Article 15)​

Right to Rectification (Article 16)​

Right to Erasure (Article 17)​

Right to Data Portability (Article 20)​

Right to Object (Article 21)​

Data Protection Measures​

Encryption​

Access Controls​

Audit Logging​

Data Retention​

Default Retention Periods​

International Data Transfers​

Data Location​

Third-Party Transfers​

Security Incident Response​

Breach Notification​

Contact for Security Issues​

Data Protection Contact​

Supervisory Authority​

CCPA-Specific Rights​

Right to Know​

Right to Delete​

Right to Opt-Out​

Non-Discrimination​