Privacy Policy

1. Overview

Fantommind is a local-first desktop application. The vast majority of your data — browser profiles, run history, tasks, schedules, and LLM API keys — never leaves your machine. This policy explains the limited cases where data is transmitted to third parties.

2. Data We Collect

a) Data stored locally on your device

• Browser profiles (cookies, localStorage, fingerprints)
• Task definitions, run history, and step logs
• Schedule configurations
• LLM API keys (AES-encrypted in local SQLite)
• App preferences and settings
• License key and hardware fingerprint (used for 1-machine binding)

Fantommind has no access to any of the above data.

b) Data sent to Polar (billing)

When you purchase a license, your payment and email address are processed by Polar (polar.sh). Fantommind receives only a license key and activation status from Polar. Polar's privacy policy applies to payment data: polar.sh/legal/privacy .

At each app launch, the App contacts Polar's API to validate your license key. This validation request includes your license key and a hardware fingerprint hash. No browsing data, run history, or profile data is included.

c) Crash reports and diagnostics (opt-in only)

If you opt in to telemetry (Settings → Telemetry), anonymised crash reports and performance traces are sent to Sentry (sentry.io). These reports contain:

• Stack traces and error messages
• App version, OS version, and basic hardware info (CPU arch, RAM tier)
• A randomly generated anonymous session ID (rotated each launch)

Crash reports never include browser profile data, run outputs, LLM prompts, or license keys. You can withdraw consent at any time in Settings → Telemetry. Sentry's privacy policy: sentry.io/privacy.

d) Website analytics

The Fantommind website uses Cloudflare Web Analytics, a privacy-first analytics tool that does not use cookies and does not track individuals across sites. No personal data is collected. See: cloudflare.com/privacypolicy .

3. LLM API Keys

You supply your own API keys for LLM providers (Google Gemini, Anthropic Claude, OpenAI GPT-4o). These keys are stored encrypted in the local SQLite database and are transmitted directly from your machine to the respective LLM provider when running tasks. Fantommind never receives or has access to your LLM API keys.

4. Data Sharing

Fantommind does not sell, rent, or share your personal data with third parties for marketing purposes. Data is shared only as described in Section 2 (Polar for billing, Sentry if opted in).

5. Data Retention

Local data: retained on your device until you uninstall the App or manually delete it. Fantommind has no copy to delete on your behalf.

Polar billing data: subject to Polar's retention policy. Contact Polar to exercise GDPR/CCPA deletion rights on payment data.

Sentry crash data: retained for 90 days per Sentry's default policy if opt-in is active.

6. Security

LLM API keys are AES-encrypted at rest. License cache files are HMAC-signed to detect tampering. The local sidecar API is bound to 127.0.0.1 and protected by a per-launch session token — it is not accessible from the network.

7. Children's Privacy

The App is not directed at children under 16. We do not knowingly collect data from minors.

8. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete your personal data. Because Fantommind holds no server-side copy of your app data, most rights are exercised locally (delete SQLite file to remove all data). For billing data, contact Polar directly. For any other enquiries: support@fantommind.com.

9. Changes to This Policy

We may update this policy. Material changes will be communicated via in-app banner or email. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

Privacy questions: support@fantommind.com