Cyboflow rev 0014 · privacy Home Features Download
Legal

Privacy Policy.

Last updated 06/24/26Effective 06/24/26

This Privacy Policy explains how Cyboflow (“Cyboflow,” “we,” “us,” or “our”) handles information in connection with the Cyboflow desktop application, our websites, and related services (the “Software”). By using the Software you agree to this Policy.

1. Summary

Cyboflow is a local-first macOS desktop application. Most of what you do — your projects, sessions, tasks, workflow definitions, run analytics, and logs — is stored locally on your device and is not transmitted to us. The limited information that does leave your device falls into three categories: (a) automatic update checks, (b) anonymous product analytics (Aptabase) and crash reporting (Sentry), and (c) data you direct the Software to send to third-party AI tools you connect, such as Claude Code and Anthropic. Each is described below.

We do not receive or store the contents of your code repositories, prompts, or AI outputs.

2. Information Stored Locally on Your Device

The Software stores the following on your computer (for example, in a local database and log files within the application’s data directory). This data stays on your device and is not sent to us except as described in Sections 3 and 4:

  • Projects and repositories you add (paths and metadata; we do not read repository contents for our own purposes).
  • Sessions and workflow runs, including worktree and session metadata, status, and timing.
  • Tasks you create and their lifecycle (clarification, extraction, execution, review).
  • Review-queue items — permission requests, decisions, and actions — and your responses.
  • Analytics and observability data about your runs, such as token usage, success/failure rates, errors, and findings.
  • Application logs, settings, and preferences.

You control this data. Deleting the application’s data directory or uninstalling the Software removes it.

3. Information Collected Automatically: Software Updates

When the Software checks for or downloads updates from our update service (https://updates.cyboflow.com), our servers (and our content-delivery/hosting providers) may automatically process standard technical request information, including your IP address, the app version, and your operating-system and CPU-architecture details. This is necessary to deliver the correct update and to operate and secure the service. We use this information only for update delivery, security, and aggregate operational diagnostics, and we do not use it to build user profiles.

4. Product Analytics and Crash Reporting

To understand how the Software is used and to improve its reliability and performance, we use two third-party providers — Aptabase for product analytics and Sentry for crash and error reporting. Each processes data on our behalf under its own privacy terms. We configure both to avoid collecting the contents of your code, prompts, files, repositories, or AI outputs.

4.1 Aptabase (product analytics)

Aptabase is a privacy-first, open-source analytics service. Through Aptabase we collect anonymous usage information such as app version, operating system and version, device model/type, and locale/region, together with anonymized event data about how the Software is used (for example, which workflows or screens are used and aggregate counts such as numbers of sessions or runs).

Aptabase is designed so that this data cannot be tied back to you: it does not use device identifiers, cookies, fingerprinting, or persistent user IDs. Instead, Aptabase derives a non-persistent identifier on its servers from a hash of your IP address plus a per-app salt that is discarded every 24 hours, so events cannot be linked across days or used for user-level tracking. Aptabase does not store your raw IP address and does not sell end-user data. See Aptabase’s Privacy Policy.

4.2 Sentry (crash and error reporting)

Sentry collects diagnostic information when the Software encounters an error or crash, including stack traces, error messages and types, breadcrumbs (recent app events leading up to the error), app version, and operating-system/device details. Sentry may process your IP address to derive coarse (country/region-level) location. We enable Sentry’s data-scrubbing features and configure the SDK to minimize personal data and to exclude the contents of your code, prompts, and AI outputs from error reports; however, diagnostic context attached to an error could incidentally contain file paths or similar technical details. See Sentry’s Privacy Policy.

4.3 Your choices

Analytics and crash reporting are enabled by default. You can turn them off at any time in Settings → Privacy, after which the Software stops sending events to Aptabase and Sentry. For users in the EU/UK and similar regimes, we rely on our legitimate interest in maintaining and improving the Software as the lawful basis for this processing, balanced against your rights, and you may object or opt out as described above (see Section 9).

5. Information You Send to Third-Party AI Tools

The Software orchestrates third-party tools that you install and authenticate, including Claude Code and Anthropic’s Claude Agent SDK. When you run a session or workflow, the prompts, code, files, and other content you direct the Software to process are sent from your device directly to those third parties so they can return results. This data is handled under their terms and privacy policies, including Anthropic’s Privacy Policy and data-retention and model-training practices — not by us, and we neither receive nor store it. Review those policies and ensure you have the rights to submit your content before connecting these tools. Cyboflow is not affiliated with or endorsed by Anthropic, PBC.

6. Information on Our Websites

If you visit our websites (for example, https://www.cyboflow.com) or contact us by email, we may process standard web-server logs, any information you choose to provide (such as your email address and message), and analytics as disclosed in our website cookie notice. We use this to operate the site, respond to inquiries, and improve our content.

7. How We Use Information

We use the limited information we collect to:

  • deliver software updates and operate, maintain, and secure the Software and our services;
  • understand usage, diagnose errors, and improve features, reliability, and performance;
  • respond to your inquiries and provide support;
  • detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms; and
  • comply with legal obligations and enforce our agreements.

8. How We Share Information

We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising as those terms are defined under California law. We disclose information only:

  • to service providers/processors who act on our behalf (e.g., hosting/CDN for updates, analytics and crash-reporting providers) under contracts that limit their use of the data;
  • to comply with law, legal process, or lawful government requests, or to protect the rights, safety, and security of users, the public, or Cyboflow; and
  • in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

Data you send to third-party AI tools (Section 5) is disclosed by you, directly, to those tools.

9. Legal Bases (EEA/UK)

If you are in the European Economic Area or the United Kingdom, our legal bases for processing are: performance of a contract (delivering updates and the Software you requested), legitimate interests (securing and improving the Software — including the default-on analytics and crash reporting in Section 4 — where not overridden by your rights, and which you may opt out of in Settings), consent (where required and obtained), and legal obligation.

10. Your Privacy Rights

Depending on where you live, you may have rights to access, correct, delete, or receive a portable copy of your personal information, to object to or restrict certain processing, and to withdraw consent. Because most of your data is stored locally and under your control, you can exercise many of these rights directly by viewing, exporting, or deleting data within the Software or by deleting its data directory. For information we hold (such as update logs, analytics, or support emails), contact us at hello@cyboflow.com and we will respond as required by applicable law.

California (CCPA/CPRA). California residents have the rights to know/access, delete, and correct personal information, and to opt out of “sale” or “sharing” (we do neither). We will not discriminate against you for exercising these rights. The categories of personal information we may collect are described in Sections 3–6 (identifiers such as IP address and a random app identifier; internet/device activity; and coarse geolocation).

EEA/UK. You also have the right to lodge a complaint with your local supervisory authority.

To exercise any right, contact us at hello@cyboflow.com. We may need to verify your request.

11. Data Retention

Locally stored data remains on your device until you delete it. For information we receive, we retain it only for as long as necessary for the purposes described here unless a longer period is required by law.

12. Security

We use reasonable technical and organizational measures to protect information we process, and the local-first design keeps most data on your own device. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. You are responsible for securing your device, your repositories, and your third-party credentials.

13. International Transfers

If we process information about you outside your country (for example, where our update, hosting, or analytics providers are located), we rely on appropriate safeguards where required (such as the EU Standard Contractual Clauses) for those transfers.

14. Children’s Privacy

The Software is intended for users 18 and older and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.

15. Changes to This Policy

We may update this Policy from time to time. We will post the updated version with a new “Last updated” date and, where appropriate, provide additional notice. Material changes to analytics or data collection will be reflected here before or when they take effect.

16. Contact

Questions or requests regarding this Policy can be sent to hello@cyboflow.com.