Privacy Policy
Effective July 13, 2026
Preliminary draft. This document is under review by legal counsel and may change before general availability. It is provided for transparency during our early-access period and is not yet a final agreement.
CmdCtl (“Command Control”) is a graph-based coordination layer that brings the domains of your life — mail, calendar, files, messages, tasks, and goals — into one place, with an AI agent team that surfaces what matters and acts with your approval. This policy explains what we collect, why, how we protect it, and the choices and rights you have.
1. Who we are and our role
CmdCtl is operated from the United States. For individual accounts, CmdCtl is the data controller for the personal data we process to provide the service. For organization (team) accounts, the organization is the controller and CmdCtl acts as a processor on its behalf under a Data Processing Addendum; we process organization data only on the organization’s documented instructions.
Questions about this policy or your data can be sent to privacy@cmdctl.com.
2. Data we collect
We collect the following categories of data:
- Account and identity data — your name, email address(es), and authentication credentials (we support passwordless passkeys and email sign-in links; we do not store passwords for those methods).
- Contact and relationship data — names, email addresses, phone numbers, physical addresses, and social or messaging handles of the people you coordinate with, and the relationships between them.
- Connected-service content — when you connect an integration, the content and metadata we sync from it: email messages (Gmail), calendar events, file metadata (Google Drive — file names and links, not file bodies), and chat messages (Slack, Microsoft Teams).
- Your work data — the tasks, projects, goals, notes, and graph relationships you create in CmdCtl.
- Agent and activity data — records of what our AI agents did on your behalf, including the actions they proposed, the actions you approved, and an audit trail of each.
- Presence and product-usage data — sign-in activity, feature usage, weekly-active-usage metrics, and (if you opt in) your online presence shared with your contacts.
- Payment data — handled by our payments partner (see §8). We store your subscription tier and billing status, never your full card number.
3. How we use your data
We use your data to:
- Provide, maintain, and secure the service and your account.
- Sync and organize your connected services into a single graph.
- Run the AI agent team that surfaces what matters and takes actions you approve.
- Prioritize your work using context signals (for example, deadlines and the domains you are focused on).
- Send you transactional messages (sign-in links, notifications you enable) and, where you have consented, product updates.
- Meet our legal, accounting, and security obligations.
Our lawful bases (where GDPR/UK GDPR applies) are: performance of our contract with you for core service features; your consent for optional features such as marketing or presence sharing; our legitimate interests in operating and securing the service; and compliance with legal obligations. You may withdraw consent at any time.
4. AI agents and automated processing
CmdCtl uses AI agents to read your graph, suggest priorities, and — with your approval — take actions such as drafting or sending a reply, creating a calendar event, or sharing a file. Consequential actions surface for your review before they run, and every agent action is recorded in an audit trail you can inspect.
AI processing is performed using large language models operated by our AI provider (Anthropic) under terms that prohibit using your content to train their models. We do not sell your data or use your private content to train advertising profiles.
Where an organization configures its own agents, workflows, or automated decisions inside CmdCtl, that organization is responsible for those configurations and their outcomes. You have the right not to be subject to a decision producing legal or similarly significant effects that is based solely on automated processing; contact us to request human review.
6. People records and your contacts
To connect the same real person across the accounts you use, CmdCtl maintains a pseudonymous “people” record keyed on hashed identifiers. Rich contact details always stay scoped to the account that holds them; only a minimal shared profile — and only fields a person has chosen to share — is visible to connected users. We build these records on the basis of our legitimate interest in a useful contact graph, subject to a balancing test and the opt-out and rights described below. Where a record describes someone who is not a CmdCtl user, that person may still exercise the access and deletion rights in §10.
7. Children and family accounts
CmdCtl is not directed to children under 13, and adults may not create accounts for children except through our family feature. A parent or guardian may add a minor as a parent-controlled sub-account after completing verifiable parental consent. For those accounts we collect only what is needed for family coordination, apply high-privacy settings by default, do not show advertising or build behavioral profiles, and give the parent visibility and control including the ability to review, correct, and delete the child’s data and to revoke consent at any time. These practices are designed to meet COPPA (US) and GDPR-K (EU) requirements.
8. Payments
Paid subscriptions are processed by Stripe using their hosted checkout. Your full card details are entered directly with Stripe and never pass through or get stored on CmdCtl’s servers, keeping our payment-card scope minimal. We receive and store only your subscription tier, status, and non-sensitive billing metadata. Stripe’s handling of your payment data is governed by Stripe’s privacy policy.
9. Your choices
You can connect and disconnect integrations at any time, control notifications and presence sharing, opt out of the “Powered by Command Control” attribution on outbound content, and unsubscribe from any invitation or marketing email. Disconnecting an integration stops future syncing from that service.
10. Access, export, and deletion
Depending on your location you may have rights to access, correct, export, delete, and restrict processing of your personal data, and to object to certain processing (GDPR/UK GDPR, CCPA/CPRA, and similar laws). You can request a full export of your data and request erasure of your account directly from the Privacy & data screen in the app.
Erasure includes a short window during which you can cancel the request; after that, deletion proceeds and cannot be undone. We aim to complete deletion within 21 days and no later than 30 days, except where we must retain certain records to meet a legal obligation or a legal hold. To exercise a right you cannot complete in-app — including a request about a non-user contact record — email privacy@cmdctl.com.
11. Data retention
We keep your data for as long as your account is active and as needed to provide the service. When you delete data or close your account, we delete or de-identify it within the timelines above, except where limited retention is required for legal, tax, security, or fraud-prevention purposes. Audit records of access to personal data are retained to meet our record-keeping obligations.
12. How we protect your data
We enforce tenant isolation at the database layer so one account cannot read another’s data, encrypt integration access tokens with envelope encryption, encrypt data in transit, keep an append-only audit trail, and follow least-privilege access controls. No system is perfectly secure, but we work to protect your data and to notify you and regulators of a breach where the law requires.
13. Where your data is processed
CmdCtl currently processes data in a single United States region. If you are in the EEA, UK, or another region, using the service involves transferring your data to the United States; where required we rely on appropriate safeguards such as Standard Contractual Clauses. We will add additional regions as we expand and will update this policy accordingly.
14. Accessibility
We are committed to meeting WCAG 2.2 AA. If you encounter an accessibility barrier, contact us and we will work to resolve it.
15. Changes and contact
We may update this policy; we will revise the effective date above and, for material changes, provide additional notice. For any privacy question or request, contact privacy@cmdctl.com.