Privacy Policy

Last updated: April 2026

CommandIt is built and maintained by Chris Cox, an individual developer. There is no company entity behind it. In this policy, "I", "me", and "my" refer to Chris Cox; "you" refers to the person using CommandIt.

Overview

CommandIt is designed with privacy as a core principle. Your snippets and data are stored locally on your Mac. I do not operate any servers that store your content, I do not sell or share your data, and the marketing site you're reading right now uses only cookie-free, aggregate analytics (details below).

Local Data Storage

All snippets, categories, tags, and settings are stored in a local SQLite database on your device, encrypted at rest with AES-256 via SQLCipher. This data never leaves your Mac unless you explicitly enable iCloud sync.

iCloud Sync (Plus)

If you enable iCloud sync (a Plus feature), your snippets are synced through Apple's CloudKit infrastructure. Data is encrypted in transit and at rest by Apple. I do not have access to your iCloud data — it sits entirely inside your personal Apple ID. You can disable sync at any time in Settings, and your local database remains the source of truth.

On-Device AI

CommandIt offers on-device AI features powered by MLX on Apple Silicon. These models run entirely on your Mac — no data is sent anywhere. On-device features include argument detection, description generation, and semantic search.

Cloud AI (Plus, BYOK)

Plus users can optionally configure their own API keys for cloud AI providers (Claude, OpenAI, or custom OpenAI-compatible endpoints). When you use cloud AI, your prompts go directly from your Mac to the provider you configured. I do not proxy, store, or log these requests. Your API keys are stored in your Mac's Keychain.

MCP Server & CLI

CommandIt ships a built-in MCP server and a commandit CLI. Both run entirely on your Mac. Communication with AI agents (Claude Code, Codex, Gemini, Cursor, Windsurf, VS Code) happens over local stdio — no network sockets, no external services. Agents can only access snippets they explicitly request, and write tools (create, render, paste, generate, enhance) require Plus.

Analytics (macOS App)

CommandIt uses TelemetryDeck for privacy-friendly, cookie-free analytics. TelemetryDeck is EU-hosted (Frankfurt), does not collect personally identifiable information, and uses double-hashed user identifiers that cannot be reversed. I use it to understand aggregate usage patterns (which features people actually use) so I can improve the product. No snippet content, search queries, file paths, or API keys are ever included in analytics data.

Anonymous analytics are enabled by default. You can opt out at any time in Settings → General → Privacy — the change takes effect immediately.

Analytics (Marketing Website)

This marketing website uses Cloudflare Web Analytics to count aggregate pageviews. Cloudflare Web Analytics is cookie-free, does not use localStorage or fingerprinting, does not track visitors across sites, and does not store visitor IP addresses. Only aggregate metrics (pageviews, referrers, countries, browsers) are reported — I cannot identify individual visitors. See Cloudflare's privacy policy for details.

Formspree (Website Forms)

The contact form on this website is powered by Formspree. When you submit a form, your email address and message are sent to Formspree and forwarded to chris@commandit.ai. See Formspree's privacy policy for details.

Payments

Subscriptions are processed by Stripe. I do not directly handle your card information — it goes from your browser to Stripe over TLS. Stripe collects the minimum information needed to process your payment, plus billing address / location data for tax determination via Stripe Tax (which automatically applies sales tax or VAT for applicable jurisdictions). After a successful charge, Stripe shares your email and subscription details with a small Cloudflare Worker I operate at api.commandit.ai so a license key can be generated and emailed to you via Resend. No card data ever reaches that worker. See Stripe's privacy policy for details on how Stripe handles payment data.

Accessibility & Automation Permissions

CommandIt requests macOS Accessibility and Automation permissions solely to perform its auto-paste feature (simulating ⌘V via System Events). These permissions are never used to monitor, record, or transmit your keystrokes or screen content.

Data Retention

Deleted snippets are soft-deleted and moved to Trash for 30 days, then permanently removed from your local database. If iCloud sync is enabled, deletions propagate to CloudKit. I do not retain any copies of your data.

Contact

Questions about this policy? Email chris@commandit.ai or use the contact form.