Privacy Policy
Last updated: March 20, 2026
Conduit ("we," "us," or "our") is operated by an individual based in Ontario, Canada. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Conduit desktop application and related cloud services (collectively, the "Service").
We are committed to protecting your privacy and complying with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal privacy law for commercial activities, as well as applicable provincial privacy legislation and international privacy laws including the EU General Data Protection Regulation (GDPR) where applicable.
By creating an account, downloading the application, or using any Conduit services, you acknowledge that you have read, understood, and agree to this Privacy Policy. This policy should be read together with our Terms of Service.
1. Accountability & Contact
The operator of Conduit is responsible for personal information under our control. If you have questions, concerns, or requests regarding your personal information or this Privacy Policy, contact us at:
Email: support@conduitdesktop.com
If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada.
2. Information We Collect
We collect only the information necessary to provide, maintain, and improve the Service. The categories below describe each type of information, how it is collected, and why.
2.1 Account Information
When you create an account, we collect your email address and display name. This information is required for authentication, account identification, and service communications. Your account password is hashed and stored by our authentication provider (Supabase); we never have access to your plaintext password.
2.2 Subscription & Billing Information
If you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not collect or store your credit card number, bank account details, or other payment instruments. We receive from Stripe your Stripe customer ID, subscription ID, subscription status (active, trialing, cancelled, past due), current billing period dates, and tier association. This data is used to enforce your subscription tier, manage billing, and determine feature access.
2.3 Vault & Credential Data (Local, Encrypted)
Conduit stores connection configurations, credentials (usernames, passwords, SSH keys, TOTP secrets), documents, and folder structures in an encrypted local vault on your device. This data is encrypted using AES-256-GCM with keys derived from your master password via PBKDF2-SHA256 (600,000 iterations). Your master password is never transmitted to or stored on our servers. We employ a zero-knowledge architecture — we cannot access, read, decrypt, or recover your vault contents under any circumstances.
If you enable cloud backup or team vault synchronization, your vault data is encrypted on your device before upload. Our servers only store encrypted ciphertext. We cannot decrypt this data.
2.4 Device Information
For abuse prevention and device authorization (particularly for team vault access), we collect a device fingerprint consisting of: platform (macOS/Windows/Linux), a hashed machine identifier, CPU model and count, total system memory, and application version. This fingerprint is hashed into two one-way digests (a primary hash and a full hash) and cannot be reversed to identify you personally. It is used solely to detect multiple-account abuse and authorize devices for team vault access.
2.5 AI Chat Data
When you use AI chat features, your conversation messages are routed through our backend server to third-party AI model providers (currently Anthropic and OpenAI) for processing. We transmit: your messages, selected AI model, and tool invocation data. We also track token usage (input and output token counts) to enforce subscription tier limits.
We do not use your conversations, vault data, or any personal information to train AI models. Our third-party AI providers process data via their API services under terms that exclude training on customer data.
2.6 MCP Server Data
Conduit includes a Model Context Protocol (MCP) server that can expose connection metadata and vault data to AI agents (such as Claude Code or similar tools) at your direction. When enabled, the MCP server may share: connection names, hostnames, connection status, terminal output, web page content, and document contents. Access to credential secrets (passwords, SSH keys, TOTP codes) requires explicit per-request user approval. All MCP tool invocations are logged for security audit purposes. The MCP server is disabled by default and is only available on paid plans.
2.7 Team Collaboration Data
If you participate in a team plan, we store: team name and identifier, team membership and roles (owner, admin, member), invitation records, folder-level permissions, and audit log entries. Shared vault entries are encrypted using per-vault encryption keys that are individually wrapped for each authorized user via ECIES (X25519). Audit logs record the type of action, the actor's email, the target entry or folder, and a timestamp.
2.8 Bug Reports & Feedback
If you submit a bug report or feedback through the application, we collect: your email address, the text of your report, and system information (app version, platform, architecture, OS version, Node.js version, Electron version). You may optionally attach application log files (last 500 lines) and up to 5 screenshots (maximum 5 MB each). This data is stored in our cloud infrastructure to help us diagnose and resolve issues.
2.9 Application Preferences
We store your UI preferences locally on your device, including: theme selection, color scheme, window size and position, sidebar state, and various UI dismissal flags. This data is not transmitted to our servers and remains entirely on your device.
2.10 Website Analytics
Our website (conduitdesktop.com) uses Vercel Analytics and Speed Insights to measure page performance and general visitor trends. These tools collect anonymized, aggregated data and do not use cookies for tracking. No third-party advertising trackers, Google Analytics, or tracking pixels are used on our website or in the desktop application.
3. Purposes of Collection & Use
We collect and use personal information only for the following purposes, identified at or before the time of collection:
- Providing the Service — authenticating your account, managing subscriptions, enabling cloud synchronization, and facilitating team collaboration.
- Tier enforcement — tracking connection counts and AI token usage to enforce the limits of your subscription plan.
- Abuse prevention — using hashed device fingerprints to detect and prevent multi-account abuse.
- Device authorization — verifying device identity for team vault access using cryptographic key exchange.
- AI feature processing — routing your chat messages to third-party AI providers and tracking token usage.
- Security & audit — logging team vault mutations and MCP tool invocations for compliance and accountability.
- Customer support — processing bug reports and feedback to diagnose and resolve issues.
- Service improvements — using aggregated, non-identifying data to improve product performance and features.
- Service communications — sending important updates about your account, subscription, or service changes.
We will not use your personal information for purposes other than those stated above without your consent.
4. Consent
We obtain your consent for the collection, use, and disclosure of personal information in the following ways:
- Express consent — when you create an account, you explicitly agree to this Privacy Policy and our Terms of Service. Express consent is also obtained for: enabling MCP server access, submitting bug reports with optional log files and screenshots, and authorizing credential access by AI agents (per-request approval).
- Implied consent — by using AI chat features, you consent to the routing of your messages through our backend to third-party AI providers. By enabling cloud backup, you consent to the upload of encrypted vault data to our cloud infrastructure.
You may withdraw your consent at any time by: disabling cloud sync (keeps all data local), disabling the MCP server, deleting your account, or contacting us at support@conduitdesktop.com. Withdrawal of consent may limit your ability to use certain features of the Service.
5. Disclosure to Third Parties
We share your personal information only with the following third-party service providers, and only to the extent necessary to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication, database, real-time sync, file storage | Email, display name, hashed password, encrypted vault data, team data, audit logs, bug reports |
| Stripe | Payment processing | Email, payment method details (processed directly by Stripe; we do not receive card numbers) |
| Anthropic | AI model processing (Claude) | Chat messages, tool call data, prompts |
| OpenAI | AI model processing (GPT) | Chat messages, tool call data, prompts |
| Vercel | Website and backend hosting, analytics | Anonymized page performance data, API requests |
| GitHub | Application distribution and auto-updates | IP address, user agent (during download and update checks) |
We do not sell, rent, or trade your personal information to any third party. We do not share your information with advertisers. We may disclose personal information if required by law, court order, or governmental regulation, or if necessary to protect the rights, safety, or property of Conduit, its users, or the public.
6. Data Storage & Security Safeguards
We employ security safeguards proportional to the sensitivity of the information we handle:
6.1 Local Encryption (Zero-Knowledge)
- All vault data is encrypted with AES-256-GCM using keys derived from your master password via PBKDF2-SHA256 with 600,000 iterations (per OWASP 2023 recommendations).
- Cloud backups use a separate domain-separated encryption key, also derived from your master password.
- Team vault encryption keys are wrapped per-user using ECIES (X25519 + HKDF-SHA256 + AES-256-GCM).
- Session tokens are encrypted locally using your operating system's native keychain (macOS Keychain / Windows DPAPI).
6.2 Transport Security
- All communication with our servers uses HTTPS/TLS encryption.
- Real-time synchronization uses encrypted WebSocket connections.
- Communication between the desktop application and MCP server uses Unix domain sockets (macOS/Linux) or named pipes (Windows) with local-only access.
6.3 Access Controls
- Row-level security (RLS) policies enforce that users can only access their own data in our cloud database.
- Team vault access is controlled by cryptographic key wrapping — only users with a valid wrapped key can decrypt shared data.
- MCP tool invocations require explicit per-request user approval for sensitive operations, with configurable rate limiting.
- Configurable auto-lock timeouts protect unattended vaults.
While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your information.
7. Data Retention
We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Account data (email, profile) | Duration of active account + 30 days after deletion request | Deleted from authentication provider and database |
| Subscription/billing records | As required by Canadian tax law (up to 7 years) | Retained by Stripe per their policies |
| Cloud backups (encrypted) | Free: 1 day • Pro: 14 days • Team: 6 months | Auto-deleted after tier retention period |
| Team vault audit logs | 2 years from event date | Auto-purged by scheduled server process |
| AI chat history | Duration of active account (user-deletable) | User can delete conversations; removed on account deletion |
| Device fingerprints | Duration of active account | Deleted on account deletion |
| Bug reports & feedback | Duration of active account + 1 year | Deleted from database and file storage |
| Team invitations | 7 days (auto-expiring) | Auto-expired and purged |
| Local vault data | User-controlled (stored on device) | Deleted by user or on application uninstall |
8. Cookies & Tracking Technologies
Our website uses strictly necessary cookies for authentication session management (Supabase auth cookies). These cookies are required for the website to function and cannot be disabled.
We do not use advertising cookies, third-party tracking cookies, or marketing pixels. Our website analytics (Vercel Analytics) are privacy-focused, aggregated, and do not use cookies for visitor identification.
The desktop application does not use cookies. Local preferences are stored in configuration files on your device.
9. Automatic Updates
The Conduit desktop application periodically checks for updates by contacting GitHub's release servers. During this check, your IP address and user agent string are transmitted to GitHub. No personal information or vault data is included in update requests. Updates are downloaded and installed silently on application restart. The application is code-signed (macOS) and notarized by Apple to ensure integrity.
10. Your Rights
Under PIPEDA and applicable privacy laws, you have the following rights with respect to your personal information:
10.1 Access
You may request access to the personal information we hold about you. We will respond to access requests within 30 days. Contact support@conduitdesktop.com with your request.
10.2 Correction
You may update your display name and email address through your account settings on our website. If you believe any information we hold is inaccurate, you may request correction.
10.3 Deletion
You may request deletion of your account and associated cloud data at any time by contacting us or through your account settings. Upon receiving a deletion request, we will delete or anonymize your personal information within 30 days, except where retention is required by law (e.g., billing records for tax purposes). Local vault data on your device is under your control and is not affected by account deletion.
10.4 Data Portability
You may export your vault data at any time using the encrypted .conduit-export format. Cloud backups can also be downloaded for personal backup purposes.
10.5 Withdraw Consent
You may withdraw consent for optional data processing at any time by: disabling cloud sync, disabling the MCP server, or deleting your account. Withdrawal of consent for essential processing (authentication) requires account deletion.
10.6 Complaint
If you believe we have handled your personal information improperly, you may contact us at support@conduitdesktop.com. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada.
11. Additional Rights for International Users
11.1 European Economic Area (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional provisions apply:
- Legal basis for processing: We process your personal data based on: (a) performance of a contract (providing the Service); (b) your consent (AI features, optional bug reports, MCP server); and (c) legitimate interests (abuse prevention, service improvement, security).
- International transfers: Your data is processed in Canada, which has been recognized by the European Commission as providing an adequate level of data protection. Our sub-processors may process data in other jurisdictions; we ensure appropriate safeguards (adequacy decisions or standard contractual clauses) are in place.
- Additional rights: You have the right to restrict processing, object to processing based on legitimate interests, and lodge a complaint with your local supervisory authority.
- Data Protection Officer: Given our current size, we have not appointed a formal DPO. Privacy inquiries should be directed to support@conduitdesktop.com.
11.2 California (CCPA/CPRA)
While Conduit may not currently meet the revenue or data volume thresholds that trigger the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), we voluntarily extend the following rights to California residents:
- Right to know what personal information we collect and how it is used.
- Right to request deletion of your personal information.
- Right to opt out of the sale of personal information.
- Right to non-discrimination for exercising your privacy rights.
We do not sell or share your personal information as defined under the CCPA/CPRA.
11.3 Quebec (Law 25)
If you are a resident of Quebec, Canada, you have additional rights under Quebec's Act respecting the protection of personal information in the private sector (Law 25), including the right to data portability and the right to be informed of automated decision-making. Conduit does not use automated decision-making that produces legal effects or similarly significant effects on you.
12. Children's Privacy
The Service is not directed at and is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at support@conduitdesktop.com.
13. Data Breach Notification
In the event of a security breach involving your personal information that poses a real risk of significant harm, we will:
- Notify the Office of the Privacy Commissioner of Canada as required by PIPEDA.
- Notify affected individuals as soon as feasible, describing the nature of the breach, the information involved, and what steps we are taking.
- For users in the EEA, notify the relevant supervisory authority within 72 hours as required by the GDPR.
Due to our zero-knowledge architecture, a breach of our servers would not expose your vault contents, as we do not hold the decryption keys. However, account information (email, display name, subscription data) could potentially be affected.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. Material changes will be communicated through the application or via email to the address associated with your account at least 30 days before taking effect. The "Last updated" date at the top of this policy indicates when it was most recently revised.
Your continued use of the Service after changes are posted constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you should discontinue use of the Service and delete your account.