privacy.

This policy covers two distinct surfaces:

• The website (paelladoc.com) — static, cookieless aggregate analytics, no tracking cookies.
• The desktop app (PaellaDoc.app, downloaded as a DMG) — anonymous, opt-out telemetry to improve the product.

Each surface is described separately below. The differences matter.

paelladoc.com is a static site hosted on GitHub Pages.

• Cookieless analytics. I use Umami Cloud for aggregate page, CTA, and download counts. It does not set tracking cookies on this site. Server-side download counts are sent from my Cloudflare Worker without forwarding your IP address or full browser user agent.
• No ad tracking. No retargeting pixels, ad networks, or cross-site marketing trackers.
• No tracking cookies. No cookies for tracking, retargeting or analytics. None.
• Server logs. GitHub Pages records standard request data (IP, user agent, referer) for security and operational purposes. I never see this data raw and I don’t process it.
• Direct contact. If you email me, I receive your email. If you open a GitHub Discussion or DM me on X, those platforms get a record of it. That is the entire surface area.

The desktop app sends anonymous, opt-out telemetry to help me improve the product. The telemetry events are:

• App launch and version
• Coarse-grained feature usage signals (e.g., “user opened the gold-gate panel”, “user ran ac validate”)
• Crash and error reports (stack traces, with file paths anonymized)
• Performance metrics (render time, model latency from your machine to the LLM provider you chose)
• The OS version and hardware class (e.g., “macOS 15 / Apple Silicon”), used to triage compatibility

Each event carries an anonymous installation ID — a random UUID generated on first run, stored locally. The ID is not linked to your name, email, IP, or any identifying field.

The following never leave your machine through my telemetry, period:

• Chats with AI developers
• Code (yours or AI-generated)
• Prompts you wrote or the agent received
• Secrets of any kind — API keys, env vars, tokens, passwords
• The contents of your knowledge graph, your specs, your decisions, your evidence files
• File paths beyond the agent-anonymized form in stack traces
• The names of your projects or repositories

If you configure the app to call an LLM provider (Anthropic, OpenAI, Google, a local model), those calls go directly from your machine to that provider. I do not proxy them, observe them, or log them.

Telemetry is on by default but can be disabled at any time:

• In the app: Settings → Privacy → uncheck “Send anonymous usage data”. The change takes effect immediately and persists across launches.
• At install time: the first-launch screen offers a one-click opt-out before any event is sent.
• Offline: if your machine is offline, no telemetry is sent. Events are not buffered for later upload — if the network is unreachable, the event is dropped.

Opting out does not disable any feature. The product works identically with telemetry off.

Anonymous telemetry events are sent to PostHog (a privacy-friendly analytics provider, GDPR-compliant). The PostHog project is configured for self-hosted EU storage. Retention: 90 days for raw events, longer only for aggregated counts.

Crash reports may be processed by Sentry; same anonymous installation ID, same retention guarantee.

I never share telemetry with advertisers, brokers, training-data buyers, or third parties — except where legally compelled.

Under GDPR / Spanish LOPDGDD, even though telemetry is anonymous and not linked to you, you can:

• Access: request a list of events tied to your anonymous installation ID (provide the ID, found in Settings → Privacy → “Installation ID”).
• Erasure: request deletion of events tied to your anonymous installation ID at any time.
• Portability: request export of those events in JSON.

Email joseluiscases@gmail.com with the request. I respond within 30 days (typically much faster).

The app and site are not intended for users under 13. I do not knowingly collect data from minors.

I may update this policy as the app evolves. The last updated date at the top will reflect any changes. Material changes (new event types, new processors) will be flagged on the homepage and announced via the /license/ page change history.

Privacy questions or rights requests? Write to joseluiscases@gmail.com.