Commander Flow

Commander Flow — Privacy Policy

Version 1.4 — 2 May 2026

This document describes how Commander Flow ("the Software") and its publisher process Your personal data. The guiding principle: Your voice and Your text stay on Your device. Anything that does leave the device is listed below in plain language, with the legal basis on which it is processed.

1. Data controller

The data controller for the processing described in this Policy is:

Peter's Engineering JDG (Piotr Bahdasaran, sole proprietor — przedsiębiorca jednoosobowy) NIP: 9512534689 KEN 19, 02-797 Warszawa, Poland Privacy contact: inbox@commander-flow.pro

The Software is below the threshold at which Article 37 of the GDPR requires the appointment of a Data Protection Officer; the controller handles privacy requests directly through the email above.

2. What this Policy covers

This Policy covers (a) data processed locally on Your device by the Software; (b) data sent over the network by the Software (model downloads, license activation, opt-in diagnostics, checkout); (c) data we receive about You as a customer of the Pro tier (license key, billing email, payment metadata); and (d) data processed when You browse the commander-flow.pro marketing website (cookies, analytics — see §11).

3. Data we process — and what we do not process

3.1 We do not process

  • Your dictated text
  • Your audio recordings
  • Your microphone input
  • Your clipboard contents
  • The contents of any files You open or edit
  • Telemetry / usage analytics of any kind (no events are sent by default)

The voice-to-text pipeline runs entirely on-device. Audio is captured, processed by local machine-learning models, converted to text, and discarded. Nothing leaves Your computer in this flow.

3.2 We process the following data — categorised by purpose

(a) License activation and Pro-tier service. When You purchase or activate a Pro license, the Software sends to our license server (license.ptrs.ltd):

  • Your license key (issued by us at purchase);
  • Your email address (used to activate the license);
  • A hardware fingerprint (a hash of stable hardware identifiers of Your device — used to bind the license to one machine and to detect license sharing);
  • The Software version.

In return we issue a signed JWT trust artefact, which is stored locally on Your device (DPAPI-encrypted) and re-validated periodically.

Legal basis: contract performance (GDPR Art. 6(1)(b)) — necessary to provide the Pro service You purchased.

(b) Payment processing. Pro-tier purchases are handled by Stripe Payments Europe, Ltd. ("Stripe"). When You purchase, Stripe collects the data necessary to take payment (card data, billing address, country of residence for VAT calculation). Under Stripe's published roles, Stripe acts as an independent data controller for fraud prevention, anti-money-laundering and regulatory reporting, and as joint or processor-style controller for the payment instructions You give us. The Licensor receives only the payment metadata required to issue Your invoice and license: customer email, country of residence, the amount paid, the Stripe customer ID, and the invoice ID. Stripe's own privacy policy is available at https://stripe.com/privacy and forms a complementary disclosure for Stripe's processing.

We do not receive or store full card numbers.

Legal basis: contract performance (GDPR Art. 6(1)(b)) and compliance with tax obligations (GDPR Art. 6(1)(c) — Polish VAT-OSS).

(c) Diagnostic reports (opt-in). If a problem occurs, You may choose to send a diagnostic report through the in-app "Report a problem" dialog. Nothing is sent until You press the Send button. The report contains: a generated report ID, app version, .NET runtime version, Windows version, CPU/GPU model, active settings, the last ~200 redacted event-log lines, and Your optional free-text note. The report excludes dictated text, audio, voice commands, selected text, clipboard contents, file contents, email, login, license key and any account credentials.

Legal basis: Your explicit consent (GDPR Art. 6(1)(a)), given by clicking Send. You may withdraw consent at any time by simply not sending further reports.

(d) Model downloads. On first run, ML model files are downloaded over HTTPS from commander-flow.pro (public CDN-style endpoint). Only the request itself is logged at server level (IP address, timestamp, URL); no account information is associated with these requests.

Legal basis: legitimate interest (GDPR Art. 6(1)(f)) — delivering the Software You installed.

4. Local data on Your device

The Software stores the following data locally, in %LOCALAPPDATA%\CommanderFlowApp\ (and the user-data subdirectory %LOCALAPPDATA%\CommanderFlow\):

  • settings.json — Your preferences (UI language, hotkey, audio device, etc.);
  • models/ — downloaded AI models (~2 GB);
  • logs/ — Serilog rolling log files (7-day retention; no user content is recorded — only diagnostic events and errors);
  • license.dat — DPAPI-encrypted license trust artefact (only when You hold a Pro license).

Uninstalling Commander Flow removes the application binaries; You may also delete the data folders above to remove Your settings, models and license artefact.

5. Subprocessors and data recipients

The following parties process personal data on Our behalf or in connection with the Software and the marketing website:

Subprocessor Role Country Data
Stripe Payments Europe, Ltd. Payment processing & tax (Stripe + Stripe Tax) Ireland (EU) Card data, billing address, country of residence — for purchases only
Time4VPS VPS hosting (license.ptrs.ltd, commander-flow.pro model CDN, mail server) Lithuania (EU) License key, email, hardware fingerprint, model-download request logs, mail traffic
Google Ireland Ltd. (Google Analytics 4) Anonymous website-traffic analytics, only with cookie consent Ireland (EU) with onward transfer to the United States under the EU-US Data Privacy Framework adequacy decision Pseudonymous client identifier, page URL, referrer, coarse geo, browser metadata
Google Ireland Ltd. (Google Fonts) Web-font delivery for the marketing site Ireland (EU) with onward transfer possible to the United States Browser-supplied IP address (not stored or correlated to any account)

Activation and other transactional emails are sent from a self-hosted mail server on the commander-flow.pro domain, operated on the same VPS as the licence backend. No external email-marketing provider is used; no third party receives Your email address from us for that purpose.

6. Data retention

  • License records (license key, email, fingerprint, purchase metadata): retained for the lifetime of Your license plus 24 months after expiration, after which they are deleted unless retention is required by tax law (Polish tax law typically requires invoice retention for 5 years).
  • Server access logs (model CDN, license server): retained for 30 days for security and debugging, then deleted.
  • Diagnostic reports that You opted to send: retained for 180 days for debugging, then deleted.
  • Application logs on Your device: 7-day rolling retention, controlled entirely by You.

7. Your rights

If You are an EU/EEA data subject, You have the following rights under the GDPR:

  • Right of access (Art. 15) — to obtain a copy of the personal data we hold about You;
  • Right to rectification (Art. 16) — to correct inaccurate data;
  • Right to erasure (Art. 17) — "right to be forgotten";
  • Right to restriction of processing (Art. 18);
  • Right to data portability (Art. 20) — to receive Your data in a structured, machine-readable format;
  • Right to object (Art. 21) — including objection to processing based on legitimate interests;
  • Right to withdraw consent (Art. 7) — for opt-in diagnostic reports;
  • Right not to be subject to automated decision-making (Art. 22) — we do not engage in such processing.

To exercise any of these rights, contact inbox@commander-flow.pro. We will respond within 30 days.

You also have the right to lodge a complaint with the Polish data- protection supervisory authority:

Prezes Urzędu Ochrony Danych Osobowych (UODO) ul. Stawki 2, 00-193 Warszawa, Poland https://uodo.gov.pl +48 22 531 03 00

If You reside in another EU/EEA country, You may also lodge a complaint with Your local supervisory authority.

8. International transfers

All license-related processing is performed within the European Union (VPS in Lithuania, Stripe in Ireland). The marketing website integrates Google Analytics 4 and Google Fonts; when You consent to analytics cookies, your pseudonymous interaction data may be onward-transferred by Google from Ireland to the United States. This transfer relies on the EU-US Data Privacy Framework adequacy decision adopted by the European Commission on 10 July 2023, on which Google LLC is certified. No other transfers outside the EEA take place.

9. Security

  • License-server traffic is encrypted with TLS;
  • License trust artefacts on Your device are protected by Windows DPAPI bound to Your user account;
  • The license server runs on a hardened VPS with restricted SSH access;
  • Stripe is PCI-DSS compliant for all card-data handling;
  • Diagnostic reports are signed (HMAC) before submission to prevent tampering in transit.

10. Cookies and website analytics

The marketing website at commander-flow.pro uses cookies and the localStorage of Your browser as follows:

  • Strictly necessary (always on, no consent required, ePrivacy Directive Art. 5(3) "strictly necessary" exemption): remember the language You picked, store Your cookie-consent decision, dismiss the announcement banner. No third party reads these.
  • Analytics — Google Analytics 4 (only with Your consent): pseudonymous traffic statistics. Default state is "denied" via Google Consent Mode v2; GA receives anonymous, cookie-less pings only until You opt in.
  • Marketing (only with Your consent): currently not actively used; the category exists in the consent banner so that any future advertising pixel is conditioned on explicit opt-in.

You can review and change these choices at any time via the "Cookie settings" link in the website footer, which re-opens the consent banner. Withdrawing consent is as easy as giving it.

11. Children

Commander Flow is a productivity tool for working adults and is not directed at children. We do not knowingly collect personal data of children below the age of digital consent applicable in their jurisdiction (16 years under the GDPR baseline; some EU/EEA Member States have lowered this to 13). If You believe a child below that age has provided personal data to us, please contact inbox@commander-flow.pro and we will delete the data without undue delay.

12. Changes to this Policy

If this Privacy Policy materially changes, the next version of the Software will display the updated text and require Your acceptance before it runs. We will note the version and date at the top of this document on every update.

13. Contact

© 2026 Peter's Engineering JDG (Piotr Bahdasaran).