Privacy

What we DO NOT collect

• Your prompts to Claude Code
• Claude's responses to you
• Your code, files, or repository contents
• Your raw IP address (we hash it for rate-limit dedup only)
• Any data from local-only plugin skills (the plugin runs in your Claude Code session — that traffic never reaches us)

What we collect when you visit commanderplugin.com

• Page views via Plausible (EU cloud) and PostHog (US cloud). URL, referrer, user-agent, browser/device basics. Used to understand traffic and improve the site. Plausible is cookieless. PostHog uses a first-party cookie and localStorage to deduplicate visitors; we do not enable session replay.
• Click events. When you click pricing CTAs, the sponsor link, or open the waitlist modal, we record the event name plus which tier was clicked. Used to learn what people want.
• Waitlist signups. If you submit your email to a waitlist form, we store: email, tier (Pro or Lifetime), source surface, UTM tags from the referring URL, referrer URL, user-agent, and a SHA-256 hash of your IP (for duplicate-signup detection — we never store the raw IP). Stored in our Supabase project. We use it to email you when (and only when) a paid tier ships.

What we collect when you use the hosted MCP server

• GitHub user identifier after OAuth login. We use this to identify your account, enforce per-user rate limits, and link usage to your tier.
• Tool name + latency + success/failure on every call you make to the hosted MCP. We log that a tool ran, not what the tool produced. The tool inputs (your prompts) and outputs (Claude's responses) never leave Anthropic's infrastructure — they don't touch our server.
• Monthly call count + rate-limit window. Stored in Supabase + Upstash Redis. Used for the 100-calls/mo free tier cap and the burst protection (60 calls/min).
• Hashed IP (SHA-256) — used for anonymous rate-limit dedup on unauthenticated requests. We never store the raw IP.

Third parties we share data with

• Plausible (EU) — site analytics, cookieless. Plausible's privacy policy
• PostHog (US) — server-side event capture. SOC 2 Type II. PostHog's privacy policy
• Supabase (US) — Postgres database for users, waitlist, usage counters. SOC 2 Type II. Supabase's privacy policy
• Upstash (Global) — Redis for rate limiting. SOC 2. Upstash's privacy policy
• Fly.io (US) — hosts commander-mcp.fly.dev. Fly.io's privacy policy
• Vercel (US) — hosts commanderplugin.com. Vercel's privacy policy
• Cloudflare (Global) — DNS for our domains. No payload data passes through. Cloudflare's privacy policy
• GitHub (US, Microsoft) — OAuth provider for hosted-MCP authentication. GitHub's privacy statement

Cookies and tracking

We use exactly two categories of cookies / local storage:

No advertising trackers. No retargeting pixels. No third-party identity graphs.

Your rights

• Access / export. Email hello@commanderplugin.com and we'll send you everything we have on you within 30 days.
• Deletion. Same address. We'll delete your waitlist row plus user record on request, no questions asked. (We can't un-hash your IP because we never had it in the first place.)
• Correction. Tell us what's wrong; we'll fix it.
• Opt out of analytics. Use a browser DNT signal, an ad blocker, or just decline cookies — we honor all three. The site still works without analytics.

Children

CC Commander is a developer tool. We don't knowingly collect data from anyone under 13. If you believe a minor signed up, email us and we'll delete the record.

Changes

We'll update this page when our data practices change and revise the date at the top. Material changes get a heads-up via the waitlist email or a banner on commanderplugin.com.