Privacy policy

This Privacy Policy explains how Kadro handles personal information when you use the Kadro macOS application, kadrotools.ai, the Kadro waitlist, support channels, and any related downloads or events. “Kadro,” “we,” and “us” mean Alexandru Popescu (sole trader), established in Romania, operating the Kadro product. “You” means the person using the app or the site.

For residents of the European Economic Area (EEA), the United Kingdom, and Switzerland, this policy also describes our role and your rights under the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the UK GDPR, and the Swiss Federal Act on Data Protection (“FADP”). For interactions with AI features that you invoke from inside Kadro, it also describes how the transparency obligation in Article 50 of the EU AI Act (Regulation (EU) 2024/1689) is met.

1. Scope

This policy covers two surfaces:

• The Kadro desktop app — the macOS application you install and run locally.
• kadrotools.ai — the marketing site, waitlist, accounts, and (once enabled) billing flows.

Where the rules differ between the two, we say so. Some data is processed on our servers; some data is stored or processed only on your device.

What this policy does not cover.Kadro hosts third-party agent command-line tools — Claude Code (Anthropic), Codex (OpenAI), and Gemini (Google) — that you choose to run inside a Kadro pane. When you use those agents, your prompts, the files you reference, your tool calls, and the model’s outputs travel directly between the agent CLI running on your Mac and the provider you chose. Kadro does not sit in the middle of those calls and does not receive, proxy, log, or retain your prompts or completions. Those interactions are governed by the provider’s own privacy policy, not this one. See Third-party agent CLIs and AI disclosures below.

2. Information we collect

We split this by surface because the two surfaces are very different.

On the desktop app

The desktop app is local-first by design. The following data stays on your Mac and is not transmitted to Kadro:

• Workspaces and their pane layouts.
• Terminal scrollback and command history.
• NDJSON team notebooks.
• Per-agent git worktrees and any files inside them.
• App settings and per-workspace partitioned storage.
• Any API keys you configure for third-party agent CLIs. These are handled by the agent CLIs themselves and, where supported, stored in the macOS Keychain.

The desktop app makes one routine first-party network call:

• Auto-update check. Kadro is signed and notarized and uses the Tauri updater to check for new versions hourly and on launch. The update check fetches a manifest from a Kadro-controlled endpoint hosted on Cloudflare. To do that, the request necessarily exposes your IP address, your installed app version, and basic OS and architecture information (for example, macOS version and whether you are on Apple Silicon or Intel). We use this only to serve the correct update artifact and to understand which versions are still in active use. We do not tie this request to your account.

Crash and diagnostic data. The app does not collect crash reports or telemetry by default. If we add this in the future, it will be opt-in, scrubbed of file paths and prompt content, and used only to fix bugs.

On the website and your account

When you use kadrotools.ai, sign up, or subscribe, we collect:

• Account and identity data — email address, and either a hashed password or an OAuth subject identifier from the provider you used to sign in, plus your user ID, role, email-verification status, and subscription tier.
• Billing and subscription data — name, billing address, tax identifiers where required, the last four digits and brand of your card, your Stripe customer ID, subscription ID, plan, status, and renewal dates. Full payment card numbers are collected and stored by Stripe and never touch Kadro infrastructure. Billing is not yet enabled on kadrotools.ai; this part of Section 2 applies once paid plans launch.
• Waitlist and contact submissions — what you submit, including email address and any message body.
• Support correspondence — emails and tickets you send us.
• Usage, device, and security data — IP address, browser and device information, session and CSRF cookies, rate-limit and audit logs, and error telemetry from the website and account surfaces.
• Site analytics — pages visited, referrer, approximate geographic region (derived from IP), device and browser type, and interaction events. We use Plausible, a privacy-respecting, cookieless analytics tool that does not create persistent visitor identifiers.
• Cookies — see Cookies, local storage, and analytics.

3. How we collect information

We collect information directly from you when you create an account, submit a form, contact us, or (once enabled) buy a subscription.

We also collect information automatically from your browser and from the desktop app, including security logs, the update-check metadata described above, and aggregate usage analytics on the website.

We may receive information from third parties that you choose to use with Kadro, including authentication providers (when you sign in via OAuth) and, once billing is live, our payment processor.

4. How we use information

• Operate, secure, maintain, and improve the Kadro desktop app and kadrotools.ai.
• Authenticate users, manage accounts, issue and refresh sessions, and enforce subscription or feature-access controls.
• Process purchases, renewals, cancellations, invoices, and customer-support requests once billing is live.
• Deliver signed application updates through the Tauri updater.
• Respond to waitlist sign-ups, contact-form submissions, and support tickets.
• Detect abuse, spam, fraud, policy violations, and security incidents using audit logging, rate limits, and monitoring.
• Analyze aggregate website usage and product performance, subject to your consent choices where required.
• Comply with legal obligations and enforce our agreements.

We do not sell personal information. We do not use the contents of your local workspaces, terminal scrollback, notebooks, prompts, or agent outputs to train any model. As described in Section 6, those interactions never reach Kadro at all.

5. Legal basis for processing (EEA, UK, Switzerland)

If you are located in the EEA, the UK, or Switzerland, we process your personal data only where we have a lawful basis to do so under Article 6(1) of the GDPR (and the corresponding provisions of the UK GDPR and the Swiss FADP). We rely on the following bases, mapped to the purposes described in Section 4:

• Performance of a contract (Article 6(1)(b)): creating and operating your account, authenticating you, providing the services you sign up for, processing payments and renewals once billing is live, delivering signed updates, and responding to product-support requests arising from your use of the services.
• Legitimate interests (Article 6(1)(f)): protecting the security and integrity of our services, preventing fraud and abuse, maintaining audit logs and rate-limit records, measuring aggregate product performance and reliability, communicating essential service updates, and defending legal claims. We balance these interests against your rights and freedoms before relying on this basis.
• Consent (Article 6(1)(a)): non-essential cookies and analytics where required by law, marketing email, and any other processing for which we ask you to opt in. You can withdraw consent at any time through the relevant in-product setting or by contacting us — withdrawal does not affect the lawfulness of processing before withdrawal.
• Legal obligation (Article 6(1)(c)): keeping tax, accounting, and billing records, responding to lawful requests from public authorities, and complying with applicable data-protection, consumer-protection, and anti-fraud laws.
• Vital interests (Article 6(1)(d)) and public interest(Article 6(1)(e)): relied on only in the unusual case of an emergency affecting a person’s life or required cooperation with authorities.

Where we rely on legitimate interests, you have the right to object (see Section 12). Where processing is based on consent, you have the right to withdraw consent at any time.

6. Third-party agent CLIs and AI disclosures

This is the section that matters most for a tool like Kadro, so we are putting it in plain English.

Kadro is a host shell. It launches and displays the output of third-party agent command-line tools that run on your machine. When you start an agent inside a Kadro pane:

• Claude Code sends your prompts, the files you reference, and your tool calls to Anthropic.
• Codex sends them to OpenAI.
• Gemini sends them to Google.

Those requests are made by the provider’s CLI running on your machine, using the API key you configured for that provider. Kadro does not proxy, log, or retain those prompts, files, tool calls, or model outputs. Whether your input is used to train models, how long it is retained, in which region it is processed, and what rights you have over it are determined by the provider you picked, not by Kadro.

Read those policies before you trust an agent with sensitive material:

• Anthropic — anthropic.com/legal/privacy.
• OpenAI — openai.com/policies/privacy-policy.
• Google — policies.google.com/privacy.

You bring your own API key for each provider. The account with that provider, and the relationship governing your data with that provider, is yours.

Interaction with an AI system (EU AI Act Article 50). When you use Claude Code, Codex, Gemini, or any other AI agent inside Kadro, you are interacting with an artificial-intelligence system and not with a human. We provide this notice in line with Article 50 of the EU AI Act (Regulation (EU) 2024/1689). Output produced by these systems may be inaccurate, incomplete, or unsuitable for your intended use, and you should review and validate it before relying on it.

7. How we share information

We share information with service providers — “processors” under the GDPR — that help us operate Kadro. Each is engaged under a written data-processing agreement, may only use your data to provide its service to us, and is named here so you can review their practices:

• Vercel — hosts kadrotools.ai and the account and billing surfaces.
• Cloudflare — provides edge security, DNS, and object storage for desktop-app update artifacts.
• Stripe — processes payments, subscriptions, invoices, and tax records once paid plans are enabled.
• Resend — delivers transactional and marketing email (account verification, billing receipts, product announcements).
• Plausible — provides privacy-respecting, cookieless website analytics.
• Sentry — captures JavaScript errors and request traces from the website and account surfaces.

We may also disclose information when we are required to by law, when we need to enforce our terms, or as part of a corporate transaction (such as a merger, acquisition, or asset sale) — in which case we will give you advance notice where we can.

We do not sell personal information for money, and we do not engage in “sharing” of personal information for cross-context behavioural advertising as those terms are defined under U.S. state privacy laws.

8. Cookies, local storage, and analytics

The Kadro desktop app does not use cookies. The kadrotools.ai website uses:

• Strictly necessary cookies — to keep you signed in, remember your preferences, and protect forms against CSRF. These do not require consent under the ePrivacy Directive.
• Analytics — Plausible runs cookieless and does not create persistent identifiers, so analytics measurement on kadrotools.ai does not rely on cookies or local storage to track you.
• No advertising or cross-site tracking cookies.

We honor the Global Privacy Control signal where required by law and treat Do Not Track as a request to disable any non-essential analytics. You can also control cookies through your browser settings; turning off strictly necessary cookies will break sign-in.

9. Retention

We retain personal information for as long as needed to provide the services, maintain legitimate business records, resolve disputes, comply with law, and enforce agreements.

• Desktop-app data lives on your Mac until you delete it. Uninstalling Kadro does not by itself wipe your workspaces; you can remove them from ~/Library/Application Support/com.alexandrupopescu.kadro or via Settings → Reset.
• Account data is kept while your account is active. After account deletion, residual records are purged within 90 days, except where a longer period is required to handle billing reconciliation, fraud prevention, or legal obligations.
• Billing records are kept for the period required by Romanian and EU tax and accounting law — typically 10 years.
• Support correspondence is kept for 24 months.
• Site analytics are kept in aggregate; raw event data is retained for 12 months.
• Update-check logs contain IP, app version, and OS only, and are retained for 30 days.
• Error-monitoring data in Sentry is retained for 90 days.

10. Security

We use administrative, technical, and organizational safeguards intended to protect personal information:

• kadrotools.ai and all account and billing flows run over TLS.
• The macOS app is signed and notarizedby Apple. Updates are delivered through Tauri’s signed-update channel, so the updater verifies the signature before installing.
• Where supported, secrets such as agent API keys live in the macOS Keychain rather than in plaintext config files.
• Internal access to production systems is restricted, logged, and protected by hardware-key multi-factor authentication.
• Audit logging, rate limiting, and CSRF protection are enabled on the website and account surfaces.

No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security. If we ever experience a personal-data breach affecting your data, we will notify you and the competent supervisory authority as required by Articles 33 and 34 of the GDPR.

11. International transfers

Kadro is operated from Romania, within the European Economic Area. Some of our processors — including Stripe, Resend, Plausible, Sentry, Vercel, and Cloudflare — are established in the United States or operate global infrastructure. When we transfer personal data from the EEA, the UK, or Switzerland to a country that has not been recognised as providing an adequate level of data protection, we rely on appropriate safeguards under Article 46 of the GDPR. These typically include the European Commission’s Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, the Swiss addendum where applicable, and, where a provider is certified, the EU-U.S., UK Extension, and Swiss-U.S. Data Privacy Frameworks.

You may request a copy of the safeguards we rely on for a given transfer by emailing privacy@kadrotools.ai.

12. Your rights and choices

Depending on where you live, you may have rights under applicable privacy law. For residents of the EEA, the UK, and Switzerland, these rights include — subject to the conditions and exceptions set out in the GDPR, UK GDPR, and FADP:

• Access (Article 15): to obtain confirmation of whether we process your personal data and to receive a copy.
• Rectification (Article 16): to correct inaccurate or incomplete personal data.
• Erasure / “right to be forgotten” (Article 17): to request deletion of your personal data.
• Restriction (Article 18): to request that we limit processing in certain circumstances.
• Portability (Article 20): to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Objection (Article 21): to object to processing based on legitimate interests or to direct marketing.
• Withdraw consent (Article 7(3)): where processing is based on consent, at any time, without affecting the lawfulness of processing before withdrawal.
• Automated decisions (Article 22): we do not currently make decisions producing legal or similarly significant effects about you based solely on automated processing.

To exercise any of these rights, email privacy@kadrotools.ai. We will respond within one month, extendable by up to two further months where necessary given the complexity and number of requests, consistent with Article 12(3) of the GDPR. We may need to verify your identity before acting on your request.

You also have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), dataprotection.ro. You may also lodge a complaint with the supervisory authority of the EEA member state or the UK where you live, where you work, or where the alleged infringement took place. A list of EU supervisory authorities is available from the European Data Protection Board at edpb.europa.eu; the UK supervisory authority is the Information Commissioner’s Office (ICO) at ico.org.uk.

California (CCPA / CPRA).If you are a California resident, you also have the right to know what personal information we collect, use, and disclose; to delete it; to correct it; to opt out of “sale” or “sharing” of personal information (we do not sell or share personal information as those terms are defined in the CCPA); to limit use of sensitive personal information (we do not use sensitive personal information for purposes that trigger this right); and to be free from retaliation for exercising any of these rights. An authorized agent may submit a request on your behalf with proof of authorization.

Other regions.If your local law gives you additional rights — for example, Brazil’s LGPD, Canada’s PIPEDA, or Australia’s Privacy Act — email us at privacy@kadrotools.ai and we will honor them.

13. EU and UK representatives

Kadro is established in Romania, within the EEA. Because we have an EU establishment, we are not required to designate a separate EU representative under Article 27 of the GDPR — the controller itself is reachable in the Union at the contact details in Section 16.

To the extent we offer goods or services to individuals in the United Kingdom and Article 27 of the UK GDPR applies to that processing, our UK representative will be designated when required. Until designation, you may direct UK-specific privacy questions and rights requests to privacy@kadrotools.ai; doing so does not affect your right to lodge a complaint with the ICO.

14. Children

Kadro is not directed to children. We do not knowingly collect personal information from anyone under 13, and we do not knowingly offer information-society services directly to children under 16 in the EU and UK without parental consent where required by local law. If you believe a child has provided personal information to us, contact us at privacy@kadrotools.ai and we will review and delete it.

15. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page tells you when. If we make a material change, we will provide additional notice in-app or by email before the change takes effect.

16. Contact

Privacy questions or requests may be sent to privacy@kadrotools.ai.

The data controller is Alexandru Popescu, sole trader, established in Romania, operating Kadro and kadrotools.ai.