Where your data lives

Command is built to be trusted with the most private parts of your work — your money and your time. Here is the whole picture, in plain language.

  • Your data lives in two places: a private cache on your own device, and your own access-controlled space in a database hosted in the European Union (Ireland).
  • We never sell or rent your data. There are no ads, no advertising trackers, and no third-party analytics following you around.
  • You can export everything you have, at any time, from the sidebar.
  • You can delete everything — your account and all its data — at any time, from Settings. Deletion is permanent.
  • Connecting Google is optional. When you do, we read your Calendar and inbox only to show them to you; we never store the contents of your emails.

Privacy Policy

Last updated: 11 June 2026

This policy explains what Command does with your data, in plain language. Command is operated by Maison Sacko (“we”, “us”). If anything here is unclear, write to us at rajsacko@gmail.com.

The short version

  • We store your data so you can use the app across your devices.
  • We never sell it, and we don’t run ads or advertising trackers.
  • Your data is held in the European Union.
  • You can export it or delete it at any time.

What data we process

We process only what the app needs to work:

  • Account data — the email address you use to sign in.
  • Your content — everything you enter: finances, tasks, notes, goals, projects, and the client details you add to invoices and quotes (names, email addresses, postal addresses).
  • Connected Google data (optional) — if you connect Google, we fetch your Calendar events and inbox previews live to display them to you. We do not store the contents of your emails on our servers; we store only an encrypted token that keeps the connection alive.
  • Technical data — standard server logs from our hosting provider (such as IP address and timestamps), used for security and reliability.

How we use your data

We use your data only to provide the service: to store and sync your work across your devices, generate your invoices and receipts, send the emails you ask us to send, and show your connected Google information.

Our lawful bases are: performance of our contract with you (running the app), our legitimate interest in keeping the service secure and reliable, and your consent (for connecting Google, and for any marketing you opt into).

Where your data is stored

Your data is stored in the European Union (Ireland). A copy is also cached on your own device so the app works offline.

Who we share it with

We never sell or rent your data. We share it only with the service providers that make the app run, each acting under contract on our instructions:

  • Supabase — database and authentication (EU region).
  • Vercel — application hosting and content delivery.
  • Resend — sending the transactional emails you trigger (such as an invoice to your client).
  • Google — only if you choose to connect your Google account.
  • When paid membership launches, a payment processor will be added, and this policy will be updated to name it before any payment is taken.

About your clients’ data

When you add a client’s details to an invoice or quote, you decide why and how that data is used — you are its controller, and Command processes it on your behalf to produce and send your documents.

You are responsible for having a lawful basis to handle your clients’ details. We give you export and deletion tools to help you meet your own obligations.

How long we keep it

We keep your data for as long as your account is active. When you delete your account, your data is removed from our database promptly, and any backups age out within 30 days. Data cached on your device is cleared when you delete your account or sign out.

Your rights

Under the GDPR you have the right to:

  • Access the data we hold about you.
  • Correct it if it’s wrong.
  • Delete it (right to erasure).
  • Export it in a portable format.
  • Restrict or object to certain processing.
  • Withdraw consent at any time (for example, by disconnecting Google).

Exercising your rights

You can export and delete your data yourself inside the app, at any time. For anything else, write to us at rajsacko@gmail.com and we’ll respond promptly. You also have the right to lodge a complaint with your local data protection authority — in France, the CNIL.

Security

Data is encrypted in transit (HTTPS). Access to the database is restricted, and the keys that grant it are never exposed to your browser. If you connect Google, your access token is stored encrypted and never sent to your browser.

Children

Command is a professional tool and is not directed at children under 16. We do not knowingly collect their data.

Changes to this policy

If we change how we handle your data, we’ll update this page and the date at the top. Material changes will be brought to your attention.

Contact

Questions about your privacy or this policy: rajsacko@gmail.com.

See also
Terms of Service
Privacy Policy — Command