Effective 2026-05-13

Privacy

What CC Commander collects, why, and how to opt out. Plain language. No dark patterns. No retargeting.

CC Commander is built by Kevin Zicherman (Axiom Marketing Inc., an Ontario corporation). This policy covers commanderplugin.com, docs.commanderplugin.com, and the hosted MCP server at mcp.commanderplugin.com. The plugin itself is MIT-licensed and runs locally on your machine — none of your prompts, responses, or code touches our servers unless you explicitly call the hosted MCP.

What we DO NOT collect

Your prompts to Claude Code
Claude's responses to you
Your code, files, or repository contents
Your raw IP address (we hash it for rate-limit dedup only)
Any data from local-only plugin skills (the plugin runs in your Claude Code session — that traffic never reaches us)

What we collect when you visit commanderplugin.com

Page views via Plausible (EU cloud) and PostHog (US cloud). URL, referrer, user-agent, browser/device basics. Used to understand traffic and improve the site. Plausible is cookieless. PostHog uses a first-party cookie and localStorage to deduplicate visitors; we do not enable session replay.
Click events. When you click pricing CTAs, the sponsor link, or open the waitlist modal, we record the event name plus which tier was clicked. Used to learn what people want.
Waitlist signups. If you submit your email to a waitlist form, we store: email, tier (Pro or Lifetime), source surface, UTM tags from the referring URL, referrer URL, user-agent, and a SHA-256 hash of your IP (for duplicate-signup detection — we never store the raw IP). Stored in our Supabase project. We use it to email you when (and only when) a paid tier ships.

What we collect when you use the hosted MCP server

GitHub user identifier after OAuth login. We use this to identify your account, enforce per-user rate limits, and link usage to your tier.
Tool name + latency + success/failure on every call you make to the hosted MCP. We log that a tool ran, not what the tool produced. Tool calls (/v1/call) are processed server-side and transiently — the server receives and dispatches your tool arguments to fulfill the request, but we do not store, log, or retain tool inputs after the response is sent. Tool inputs are never sent to PostHog or any analytics system. The hosted MCP is stateless: no per-user tool history, no input persistence.
Monthly call count + rate-limit window. Stored in Supabase + Upstash Redis. Used for the 100-calls/mo free tier cap and the burst protection (60 calls/min).
Hashed IP (SHA-256) — used for anonymous rate-limit dedup on unauthenticated requests. We never store the raw IP.

Anonymous usage telemetry from the plugin and CLI

Enabled by default. When you use the CC Commander plugin or CLI, we collect anonymous usage events to understand which features are valuable and prioritize improvements.

What we collect:

Event name (e.g., hook_fired, skill_invoked, agent_dispatched)
Anonymous device ID (UUID generated once and stored locally in ~/.commander/anon-id)
Your OS, Node.js version, plugin version
Basic counts and non-sensitive metadata (which hook ran, which skill was invoked)

What we explicitly DO NOT collect:

Prompts, file contents, or project paths
Environment variable values or secrets
Command arguments or personal context
Any property with a key matching /prompt|content|path|file|cwd|secret|password|key|token/i

How to opt out: Either set CCC_TELEMETRY=0 in your shell before launching Claude Code, or edit ~/.commander/config.json and set "telemetry": false. No restart required.

All telemetry events are sent to PostHog and treated as anonymous (no personal data, no IP logging). We use this data to build aggregate reports: "X% of users invoke skill Y" and "hook Z fires most often in scenario W." These reports help us ship features people actually want.

Third parties we share data with

Plausible (EU) — site analytics, cookieless. Plausible's privacy policy
PostHog (US) — server-side event capture. SOC 2 Type II. PostHog's privacy policy
Supabase (US) — Postgres database for users, waitlist, usage counters. SOC 2 Type II. Supabase's privacy policy
Upstash (Global) — Redis for rate limiting. SOC 2. Upstash's privacy policy
Fly.io (US) — hosts mcp.commanderplugin.com. Fly.io's privacy policy
Vercel (US) — hosts commanderplugin.com. Vercel's privacy policy
Cloudflare (Global) — DNS for our domains. No payload data passes through. Cloudflare's privacy policy
GitHub (US, Microsoft) — OAuth provider for hosted-MCP authentication. GitHub's privacy statement

Cookies and tracking

We use exactly two categories of cookies / local storage:

1. PostHog analytics cookie — a random ID stored in localStorage plus a first-party cookie to deduplicate page views. We do not enable PostHog session replay.

2. Auth.js session cookie — set when you sign in via GitHub OAuth to use the hosted MCP. Standard secure httpOnly cookie. Lasts the duration of your session.

No advertising trackers. No retargeting pixels. No third-party identity graphs.

Your rights

Access / export. Email hello@commanderplugin.com and we'll send you everything we have on you within 30 days.
Deletion. Same address. We'll delete your waitlist row plus user record on request, no questions asked. (We can't un-hash your IP because we never had it in the first place.)
Correction. Tell us what's wrong; we'll fix it.
Opt out of analytics. Use a browser DNT signal, an ad blocker, or just decline cookies — we honor all three. The site still works without analytics.

Children

CC Commander is a developer tool. We don't knowingly collect data from anyone under 13. If you believe a minor signed up, email us and we'll delete the record.

Changes

We'll update this page when our data practices change and revise the date at the top. Material changes get a heads-up via the waitlist email or a banner on commanderplugin.com.

Contact

Privacy questions or requests: hello@commanderplugin.com.