On this page
- Scope
- Information we collect
- How we collect information
- How we use information
- Legal basis for processing (EEA, UK, Switzerland)
- Third-party agent CLIs and AI disclosures
- How we share information
- Cookies, local storage, and analytics
- Retention
- Security
- International transfers
- Your rights and choices
- EU and UK representatives
- Children
- Connected social accounts (Kadro Social)
- Changes to this policy
- Contact
This Privacy Policy explains how Kadro handles personal information when you use the Kadro desktop application, kadrotools.ai, the Kadro waitlist, support channels, and any related downloads or events. “Kadro,” “we,” and “us” mean the business that operates the Kadro product and kadrotools.ai, established in Romania. The data controller’s full identity is set out in the Contactsection below. “You” means the person using the app or the site.
For residents of the European Economic Area (EEA), the United Kingdom, and Switzerland, this policy also describes our role and your rights under the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the UK GDPR, and the Swiss Federal Act on Data Protection (“FADP”). For interactions with AI features that you invoke from inside Kadro, it also describes how the transparency obligation in Article 50 of the EU AI Act (Regulation (EU) 2024/1689) is met.
1. Scope
This policy covers two surfaces:
- The Kadro desktop app — the application you install and run locally on macOS or Windows.
- kadrotools.ai — the marketing site, waitlist, accounts, connected social accounts (Kadro Social), and (once enabled) billing flows.
Where the rules differ between the two, we say so. Some data is processed on our servers; some data is stored or processed only on your device.
What this policy does not cover. Kadro hosts third-party agent command-line tools — Claude Code (Anthropic), Codex (OpenAI), and Gemini (Google) — that you choose to run inside a Kadro pane. When you use those agents, your prompts, the files you reference, your tool calls, and the model’s outputs travel directly between the agent CLI running on your computer and the provider you chose. Kadro does not sit in the middle of those calls and does not receive, proxy, log, or retain your prompts or completions. Those interactions are governed by the provider’s own privacy policy, not this one. See Third-party agent CLIs and AI disclosures below.
2. Information we collect
We split this by surface because the two surfaces are very different.
On the desktop app
The desktop app is local-first by design. The following data stays on your computer and is not transmitted to Kadro:
- Workspaces and their pane layouts.
- Terminal scrollback and command history.
- NDJSON team notebooks.
- Per-agent git worktrees and any files inside them.
- App settings and per-workspace partitioned storage.
- Any API keys you configure for third-party agent CLIs. These are handled by the agent CLIs themselves and, where supported, stored in your operating system’s secure credential store (such as the macOS Keychain).
The desktop app makes one routine first-party network call:
- Auto-update check. Kadro uses the Tauri updater to check for new versions hourly and on launch. The update check fetches a manifest from a Kadro-controlled endpoint hosted on Cloudflare. To do that, the request necessarily exposes your IP address, your installed app version, and basic OS and architecture information (for example, your operating-system version and CPU architecture). We use this only to serve the correct update artifact and to understand which versions are still in active use. We do not tie this request to your account.
Crash and diagnostic data. The app does not collect crash reports or telemetry by default. If we add this in the future, it will be opt-in, scrubbed of file paths and prompt content, and used only to fix bugs.
On the website and your account
When you use kadrotools.ai, sign up, or subscribe, we collect:
- Account and identity data — email address, and either a hashed password or an OAuth subject identifier from the provider you used to sign in, plus your user ID, role, email-verification status, and subscription tier.
- Billing and subscription data — name, billing address, tax identifiers where required, the last four digits and brand of your card, your Stripe customer ID, subscription ID, plan, status, and renewal dates. Full payment card numbers are collected and stored by Stripe and never touch Kadro infrastructure. Billing is not yet enabled on kadrotools.ai; this part of Section 2 applies once paid plans launch.
- Waitlist and contact submissions — what you submit, including email address and any message body.
- Support correspondence — emails and tickets you send us.
- Connected social-account data (Kadro Social) — if you connect a social account, we process the access tokens, profile details, posts, media, and engagement metrics described in Section 15.
- Usage, device, and security data — IP address, browser and device information, session and CSRF cookies, and rate-limit, audit, and platform error logs from the website and account surfaces (captured by Cloudflare Workers Observability).
- Site analytics — pages visited, referrer, approximate geographic region (derived from IP), device and browser type, and Core Web Vitals performance signals. We use Cloudflare Web Analytics, a privacy-respecting, cookieless analytics tool that does not create persistent visitor identifiers and does not store raw IP addresses.
- Crash and error telemetry (desktop app only) — when the Kadro desktop app crashes or hits an unhandled error, we capture the stack trace, the app version, your operating-system version and locale, a generated install ID, and a small amount of context (e.g. which feature was active). We use Sentry (Functional Software, Inc. dba Sentry) on EU data residency (Frankfurt) with a 30-day retention window. We never send the contents of your code, files, prompts, terminal output, API keys, or agent outputs. Telemetry is opt-out: a first-run dialog tells you it is on and lets you disable it, and you can toggle it at any time in Settings → Privacy. IP addresses are not stored and PII scrubbers run on the server side.
- Cookies — see Cookies, local storage, and analytics.
3. How we collect information
We collect information directly from you when you create an account, submit a form, contact us, or (once enabled) buy a subscription.
We also collect information automatically from your browser and from the desktop app, including security logs, the update-check metadata described above, and aggregate usage analytics on the website.
We may receive information from third parties that you choose to use with Kadro, including authentication providers (when you sign in via OAuth) and, once billing is live, our payment processor.
4. How we use information
- Operate, secure, maintain, and improve the Kadro desktop app and kadrotools.ai.
- Authenticate users, manage accounts, issue and refresh sessions, and enforce subscription or feature-access controls.
- Process purchases, renewals, cancellations, invoices, and customer-support requests once billing is live.
- Deliver signed application updates through the Tauri updater.
- Respond to waitlist sign-ups, contact-form submissions, and support tickets.
- Detect abuse, spam, fraud, policy violations, and security incidents using audit logging, rate limits, and monitoring.
- Analyze aggregate website usage and product performance, subject to your consent choices where required.
- Comply with legal obligations and enforce our agreements.
We do not sell personal information. We do not use the contents of your local workspaces, terminal scrollback, notebooks, prompts, or agent outputs to train any model. As described in Section 6, those interactions never reach Kadro at all.
5. Legal basis for processing (EEA, UK, Switzerland)
If you are located in the EEA, the UK, or Switzerland, we process your personal data only where we have a lawful basis to do so under Article 6(1) of the GDPR (and the corresponding provisions of the UK GDPR and the Swiss FADP). We rely on the following bases, mapped to the purposes described in Section 4:
- Performance of a contract (Article 6(1)(b)): creating and operating your account, authenticating you, providing the services you sign up for, processing payments and renewals once billing is live, delivering signed updates, and responding to product-support requests arising from your use of the services.
- Legitimate interests (Article 6(1)(f)): protecting the security and integrity of our services, preventing fraud and abuse, maintaining audit logs and rate-limit records, measuring aggregate product performance and reliability, communicating essential service updates, and defending legal claims. We balance these interests against your rights and freedoms before relying on this basis.
- Consent (Article 6(1)(a)): non-essential cookies and analytics where required by law, marketing email, and any other processing for which we ask you to opt in. You can withdraw consent at any time through the relevant in-product setting or by contacting us — withdrawal does not affect the lawfulness of processing before withdrawal.
- Legal obligation (Article 6(1)(c)): keeping tax, accounting, and billing records, responding to lawful requests from public authorities, and complying with applicable data-protection, consumer-protection, and anti-fraud laws.
- Vital interests (Article 6(1)(d)) and public interest (Article 6(1)(e)): relied on only in the unusual case of an emergency affecting a person’s life or required cooperation with authorities.
Where we rely on legitimate interests, you have the right to object (see Section 12). Where processing is based on consent, you have the right to withdraw consent at any time.
6. Third-party agent CLIs and AI disclosures
This is the section that matters most for a tool like Kadro, so we are putting it in plain English.
Kadro is a host shell. It launches and displays the output of third-party agent command-line tools that run on your machine. When you start an agent inside a Kadro pane:
- Claude Code sends your prompts, the files you reference, and your tool calls to Anthropic.
- Codex sends them to OpenAI.
- Gemini sends them to Google.
Those requests are made by the provider’s CLI running on your machine, using the API key you configured for that provider. Kadro does not proxy, log, or retain those prompts, files, tool calls, or model outputs. Whether your input is used to train models, how long it is retained, in which region it is processed, and what rights you have over it are determined by the provider you picked, not by Kadro.
Read those policies before you trust an agent with sensitive material:
- Anthropic — anthropic.com/legal/privacy.
- OpenAI — openai.com/policies/privacy-policy.
- Google — policies.google.com/privacy.
You bring your own API key for each provider. The account with that provider, and the relationship governing your data with that provider, is yours.
Interaction with an AI system (EU AI Act Article 50). When you use Claude Code, Codex, Gemini, or any other AI agent inside Kadro, you are interacting with an artificial-intelligence system and not with a human. We provide this notice in line with Article 50 of the EU AI Act (Regulation (EU) 2024/1689). Output produced by these systems may be inaccurate, incomplete, or unsuitable for your intended use, and you should review and validate it before relying on it.
7. How we share information
We share information with service providers — “processors” under the GDPR — that help us operate Kadro. Each is engaged under a written data-processing agreement, may only use your data to provide its service to us, and is named here so you can review their practices:
- Cloudflare — hosts and serves kadrotools.ai and the account and billing surfaces (Cloudflare Workers), provides DNS, edge security (WAF, DDoS protection), inbound email routing for the
@kadrotools.aiaddresses, and cookieless Web Analytics. Cloudflare may process data in any of its global edge regions. - Supabase (Supabase, Inc.) — provides the hosted Postgres database, authentication, and file storage that back kadrotools.ai accounts and sessions and — where you use Kadro Social — your connected-account tokens, scheduled posts, and uploaded media.
- Stripe — processes payments, subscriptions, invoices, and tax records once paid plans are enabled.
- Resend — delivers transactional and marketing email (account verification, billing receipts, product announcements) once outbound email is enabled.
- GitHub — hosts the public download artifacts (DMG and updater files) that the desktop app fetches during install and auto-update.
- Sentry (Functional Software, Inc. dba Sentry) — receives opt-out crash and error telemetry from the Kadro desktop app only. Data is stored on EU data residency (Frankfurt) with a 30-day retention window; IP addresses are not stored, and server-side scrubbers strip authorization headers, tokens, and Kadro-prefixed environment variables. No code, file contents, prompts, terminal output, or agent outputs are sent.
Social platforms you connect. When you use Kadro Social, we send the posts, media, and publishing instructions you create to the platform you chose to publish to — for example X, LinkedIn, Bluesky, TikTok, YouTube, or Instagram — acting on your behalf through that platform’s API. Content you publish is public on that platform and is governed by that platform’s own terms and privacy policy. See Section 15.
We may also disclose information when we are required to by law, when we need to enforce our terms, or as part of a corporate transaction (such as a merger, acquisition, or asset sale) — in which case we will give you advance notice where we can.
We do not sell personal information for money, and we do not engage in “sharing” of personal information for cross-context behavioural advertising as those terms are defined under U.S. state privacy laws.
8. Cookies, local storage, and analytics
The Kadro desktop app does not use cookies. It does send opt-out crash and error telemetry to Sentry on EU residency, as described in Section 2 and Section 7; you can disable it from Settings → Privacy. The kadrotools.ai website uses:
- Strictly necessary cookies — to keep you signed in, remember your preferences, and protect forms against CSRF. These do not require consent under the ePrivacy Directive.
- Analytics — Cloudflare Web Analytics runs cookieless and does not create persistent identifiers, so analytics measurement on kadrotools.ai does not rely on cookies or local storage to track you.
- No advertising or cross-site tracking cookies.
We honor the Global Privacy Control signal where required by law and treat Do Not Track as a request to disable any non-essential analytics. You can also control cookies through your browser settings; turning off strictly necessary cookies will break sign-in.
9. Retention
We retain personal information for as long as needed to provide the services, maintain legitimate business records, resolve disputes, comply with law, and enforce agreements.
- Desktop-app data lives on your computer until you delete it. Uninstalling Kadro does not by itself wipe your workspaces; you can remove them from the app-data folder (
~/Library/Application Support/ai.kadrotools.kadroon macOS,%APPDATA%\ai.kadrotools.kadroon Windows) or via Settings → Reset. - Account data is kept while your account is active. After account deletion, residual records are purged within 90 days, except where a longer period is required to handle billing reconciliation, fraud prevention, or legal obligations.
- Connected social-account data (Kadro Social) — access tokens, profile details, scheduled and published posts, uploaded media, and engagement-metric snapshots are kept while the account stays connected. Disconnecting the account, or deleting your Kadro account, removes the stored tokens and purges the associated records within 90 days, except where a longer period is required by law.
- Billing records are kept for the period required by Romanian and EU tax and accounting law — typically 10 years.
- Support correspondence is kept for 24 months.
- Site analytics are kept in aggregate; raw event data is retained for 12 months.
- Update-check logs contain IP, app version, and OS only, and are retained for 30 days.
- Platform error logs captured by Cloudflare Workers Observability are retained per Cloudflare’s default retention (typically 3 days on the free tier).
10. Security
We use administrative, technical, and organizational safeguards intended to protect personal information:
- kadrotools.ai and all account and billing flows run over TLS.
- The macOS app is signed and notarized by Apple, and macOS updates are delivered through Tauri’s signed-update channel, so the updater verifies the signature before installing. The Windows build is not yet code-signed; code signing is planned.
- Where supported, secrets such as agent API keys live in your operating system’s secure credential store (such as the macOS Keychain) rather than in plaintext config files.
- Internal access to production systems is restricted, logged, and protected by hardware-key multi-factor authentication.
- Audit logging, rate limiting, and CSRF protection are enabled on the website and account surfaces.
No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security. If we ever experience a personal-data breach affecting your data, we will notify you and the competent supervisory authority as required by Articles 33 and 34 of the GDPR.
11. International transfers
Kadro is operated from Romania, within the European Economic Area. Some of our processors — including Stripe, Resend, GitHub, Cloudflare, and Supabase — are established in the United States or operate global infrastructure. When we transfer personal data from the EEA, the UK, or Switzerland to a country that has not been recognised as providing an adequate level of data protection, we rely on appropriate safeguards under Article 46 of the GDPR. These typically include the European Commission’s Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, the Swiss addendum where applicable, and, where a provider is certified, the EU-U.S., UK Extension, and Swiss-U.S. Data Privacy Frameworks.
You may request a copy of the safeguards we rely on for a given transfer by emailing privacy@kadrotools.ai.
12. Your rights and choices
Depending on where you live, you may have rights under applicable privacy law. For residents of the EEA, the UK, and Switzerland, these rights include — subject to the conditions and exceptions set out in the GDPR, UK GDPR, and FADP:
- Access (Article 15): to obtain confirmation of whether we process your personal data and to receive a copy.
- Rectification (Article 16): to correct inaccurate or incomplete personal data.
- Erasure / “right to be forgotten” (Article 17): to request deletion of your personal data.
- Restriction (Article 18): to request that we limit processing in certain circumstances.
- Portability (Article 20): to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
- Objection (Article 21): to object to processing based on legitimate interests or to direct marketing.
- Withdraw consent (Article 7(3)): where processing is based on consent, at any time, without affecting the lawfulness of processing before withdrawal.
- Automated decisions (Article 22): we do not currently make decisions producing legal or similarly significant effects about you based solely on automated processing.
To exercise any of these rights, email privacy@kadrotools.ai. We will respond within one month, extendable by up to two further months where necessary given the complexity and number of requests, consistent with Article 12(3) of the GDPR. We may need to verify your identity before acting on your request.
You also have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), dataprotection.ro. You may also lodge a complaint with the supervisory authority of the EEA member state or the UK where you live, where you work, or where the alleged infringement took place. A list of EU supervisory authorities is available from the European Data Protection Board at edpb.europa.eu; the UK supervisory authority is the Information Commissioner’s Office (ICO) at ico.org.uk.
California (CCPA / CPRA). If you are a California resident, you also have the right to know what personal information we collect, use, and disclose; to delete it; to correct it; to opt out of “sale” or “sharing” of personal information (we do not sell or share personal information as those terms are defined in the CCPA); to limit use of sensitive personal information (we do not use sensitive personal information for purposes that trigger this right); and to be free from retaliation for exercising any of these rights. An authorized agent may submit a request on your behalf with proof of authorization.
Other regions. If your local law gives you additional rights — for example, Brazil’s LGPD, Canada’s PIPEDA, or Australia’s Privacy Act — email us at privacy@kadrotools.ai and we will honor them.
13. EU and UK representatives
Kadro is established in Romania, within the EEA. Because we have an EU establishment, we are not required to designate a separate EU representative under Article 27 of the GDPR — the controller itself is reachable in the Union at the contact details in Section 17.
To the extent we offer goods or services to individuals in the United Kingdom and Article 27 of the UK GDPR applies to that processing, our UK representative will be designated when required. Until designation, you may direct UK-specific privacy questions and rights requests to privacy@kadrotools.ai; doing so does not affect your right to lodge a complaint with the ICO.
14. Children
Kadro is not directed to children. We do not knowingly collect personal information from anyone under 13, and we do not knowingly offer information-society services directly to children under 16 in the EU and UK without parental consent where required by local law. If you believe a child has provided personal information to us, contact us at privacy@kadrotools.ai and we will review and delete it.
15. Connected social accounts (Kadro Social)
Kadro Social is an optional feature of kadrotools.ai that lets you connect your own social-media accounts and publish or schedule posts to them from Kadro. Unlike the agent CLIs in Section 6, this feature does involve data that is processed and stored on our servers, so we set out exactly what happens below. It applies only if and when you choose to connect an account.
What we collect when you connect an account
Connecting an account uses the platform’s official OAuth sign-in — you authenticate on the platform, not with us, and you choose which permissions to grant. We never see or store your social-platform password. From the authorization we receive and store:
- Access and refresh tokens for the account, which let Kadro act on your behalf within the scopes you granted. Tokens are encrypted at rest (AES-256-GCM) and are never exposed to other users or shown back to you.
- Basic profile details — the platform account ID, handle or username, display name, and avatar image URL — used to label the account in the app and as the author of posts you publish.
What we store when you use it
- Posts you create — the text, scheduling time, and any per-platform variations of the content you compose for publishing.
- Media you upload — images or other files you attach to a post, stored in our file storage so they can be delivered to the platform at publish time.
- Engagement metrics — for posts you publish through Kadro, we periodically fetch public engagement figures (such as likes, reposts, and views) from the platform and store snapshots so we can show you analytics over time.
How we use it
We use connected-account data only to operate the feature you asked for: to publish and schedule the posts you create, to keep the account label and avatar in sync, and to show you analytics for your own posts. We do not sell this data, we do not use it for advertising, and we do not use it to train any model. We send the content you publish to the platform you selected, acting on your behalf — see Section 7. Connected-account data is stored in our Postgres database and file storage, provided by Supabase. Our legal basis is performance of the contract you enter into when you use the feature (Article 6(1)(b) GDPR); see Section 5.
Platform-specific terms
Your use of each connected platform through Kadro is also subject to that platform’s developer and user terms, and Kadro’s access complies with them:
- Google / YouTube. Kadro’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. YouTube connections are additionally subject to the YouTube Terms of Service and the Google Privacy Policy.
- X, LinkedIn, Bluesky, TikTok, and Meta / Instagram. Connections to these platforms are made through their official APIs and are subject to each platform’s developer policies and the privacy policy of the platform operator.
Deleting your data
You can delete the data Kadro Social holds about a connected social account — including your Facebook Page, Instagram, and Threads accounts — at any time, in any of these ways:
- Disconnect a single account. Open Kadro Social → Channels and remove the account. This immediately deletes the stored access and refresh tokens for that account and queues its posts, media, and metric snapshots for deletion.
- Delete your entire Kadro account. This removes all connected-account tokens and purges every associated record across all platforms.
- Ask us to delete it. Email privacy@kadrotools.ai from the address on your account, telling us which accounts to erase, and we will complete the deletion on your behalf.
In every case the stored tokens are removed immediately, and the associated posts, media, and engagement snapshots are purged within 90 days, as described in Section 9. We also recommend revoking Kadro’s access from each platform’s own connected-apps settings:
- Facebook and Instagram — remove Kadro Social under Facebook Settings → Business Integrations (for Instagram, under Instagram → Settings → Apps and websites).
- Google and YouTube — review and revoke access at myaccount.google.com/permissions.
16. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page tells you when. If we make a material change, we will provide additional notice in-app or by email before the change takes effect.
17. Contact
Privacy questions or requests may be sent to privacy@kadrotools.ai.
The data controller is Alexandru Popescu, sole trader, established in Romania, operating Kadro and kadrotools.ai.