1. Scope and who we are
This Privacy Policy explains how WindOp, operated by Unknown Projects (“WindOp,” “we,” “us,” or “our”), handles personal information when you visit windop.app, download or use the WindOp Windows application, create an account, purchase a plan, use managed AI or sync features, contact us, or interact with related services.
This policy does not govern independent third parties. AI model providers, OpenRouter, Stripe, OAuth providers, MCP servers, Discord, and other integrations have their own privacy practices. Their policies apply when you choose to use them.
2. Free local use and managed services
WindOp has different data paths depending on how you use it. In the free desktop tier, application settings, conversation history, projects, memories, and other workspace data are designed to remain on your device. We do not operate desktop analytics for the free tier. Requests you make with your own API key travel from your device to the provider you selected, under that provider’s terms.
If you sign in or use Pro, Team, billing, managed AI, or other online features, WindOp must communicate with our services and selected providers. Preview features such as cloud sync or encrypted backup may also require network processing when they become available and you enable them. Those features involve the processing described below. “Private by default” does not mean no data ever leaves your device: prompts and attachments must reach the AI or integration you direct WindOp to use.
3. Information we collect
Information you provide
- account details such as name, email address, profile image, and authentication identifiers;
- support requests, feedback, security reports, and communications;
- billing and transaction details such as plan, subscription status, purchase amount, and invoices (payment-card details are handled by Stripe);
- prompts, messages, attachments, tool context, and output when you use managed AI features;
- settings, configurations, memories, project information, chat-backup metadata, and other categories you choose to sync if preview sync/backup features are made available and enabled; and
- credentials or tokens you choose to connect, which are stored or transmitted only as needed to provide the connection.
Information collected automatically
- website page views, navigation paths, button interactions, browser, operating system, screen size, approximate location derived from IP, and performance/error data when analytics consent is enabled;
- first- and last-touch referral and UTM attribution stored in your browser for a limited period, independently of optional PostHog analytics;
- server request data such as IP address, user agent, timestamps, route, security/rate-limit events, and download-delivery records;
- account authentication events, device/session identifiers, subscription usage, AI balance, credit ledger, model usage, and service-health events for signed-in managed services; and
- cookies and local-storage values used for sessions, security, theme/preferences, attribution, and your analytics choice.
4. Desktop actions, files, and screens
WindOp can read, create, edit, move, or delete files; execute commands; inspect applications; capture screens; and interact with connected services when you ask it to or enable an automation. This data is processed locally unless the selected task requires it to be included in an AI request, cloud sync, backup, support report, or third-party integration.
We do not automatically receive your keystrokes, clipboard contents, local files, screenshots, or conversation database merely because WindOp is installed. However, any content you intentionally include in a prompt or tool workflow can be transmitted to the AI provider, our managed AI endpoint, or the integration necessary to complete your request. Review attachments and tool context before sending them.
5. AI processing and providers
WindOp supports multiple AI models and providers. With your own API key, requests are sent from the app to the provider you configure. With managed AI, requests may pass through WindOp’s service and OpenRouter before reaching the model provider. Request data may include prompts, prior messages included for context, images or files you attach, tool definitions and results, and technical request metadata.
Provider retention and model-training practices vary. We do not control an independent provider’s handling of data. Review the provider and OpenRouter policies before sending sensitive information. WindOp does not sell prompts or use private desktop content to train our own general-purpose AI models.
6. Website analytics and cookies
We use PostHog on windop.app only after you accept analytics. It helps us understand page visits, navigation, clicks, conversion paths, broad device/browser information, website errors, performance, and—where enabled—privacy-configured session recordings. Website analytics is separate from free-tier desktop usage. Required server-side authentication and security events may still be recorded for signed-in users even when optional browser analytics is denied.
Necessary cookies and similar storage support authentication, security, preferences, and your consent selection. You can deny optional analytics in the consent prompt. You can withdraw consent by clearing the site’s cookies/local storage; the site will ask again. Browser privacy controls may also limit collection.
7. How we use information
- provide, authenticate, operate, and personalize the Services;
- route AI requests, execute requested integrations, sync selected data, and restore backups;
- process payments, manage subscriptions and credits, and prevent billing abuse;
- secure accounts, investigate misuse, enforce limits, and protect users and infrastructure;
- diagnose failures, measure performance, and improve website and managed-service reliability;
- communicate about support, security, transactions, policy changes, and service notices; and
- comply with law and establish, exercise, or defend legal claims.
8. Legal bases for processing
Where laws such as the UK GDPR or EU GDPR apply, we process information as necessary to perform our contract with you, based on your consent (such as optional website analytics), to comply with legal obligations, and for legitimate interests such as securing and improving the Services, preventing fraud, and supporting users—balanced against your rights. You may withdraw consent at any time without affecting earlier lawful processing.
10. Retention
Local desktop data remains on your device until you delete it, uninstall the app, reset its data, or use an applicable retention control. Account and managed-service records are retained while your account is active and as reasonably needed to provide the Services, maintain security and financial records, resolve disputes, and comply with law.
Retention varies by data type and provider. Billing and transaction records may be kept for legally required accounting periods. Security logs and backups may persist for a limited period after deletion. Third-party providers apply their own retention schedules. We delete or de-identify information when it is no longer reasonably needed.
11. Security
We use technical and organizational safeguards appropriate to the nature of the Services, including transport encryption, access controls, secret protection, and authentication controls. Preview sync/backup code is designed to encrypt supported payloads on the client, but those features are still evolving and should not be treated as a guarantee that every category, secret, or backup is encrypted. No system is perfectly secure, and we cannot guarantee that loss, misuse, or unauthorized access will never occur.
You can reduce risk by keeping Windows and WindOp updated, using strong account and provider credentials, limiting tool permissions, reviewing automations, and avoiding sensitive information in prompts unless needed. Report suspected vulnerabilities to security@windop.app.
12. International transfers
WindOp and its providers may process information in the United States and other countries where they operate. Those countries may have different privacy laws. Where required, we rely on recognized safeguards for international transfers, such as adequacy decisions or standard contractual clauses. Provider-specific transfers are also governed by the provider’s terms.
13. Your choices and privacy rights
Depending on where you live, you may have rights to:
- access, correct, download, or delete personal information;
- object to or restrict certain processing;
- withdraw consent and opt out of optional website analytics;
- receive portable data where applicable;
- appeal a denied request; and
- complain to your local privacy or data-protection authority.
Use available account/data controls or email privacy@windop.app. We may need to verify your identity. Authorized agents may submit requests where local law permits. We will not discriminate against you for exercising privacy rights. We do not sell personal information, so no separate sale opt-out is required.
14. Children’s privacy
The Services are not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided personal information, contact privacy@windop.app so we can investigate and delete it as appropriate. A higher age threshold may apply where required by local law.
15. Changes and contact
We may update this policy as WindOp evolves. We will update the effective date and, for material changes, provide reasonable notice through the website, application, account email, or another appropriate channel.
Privacy questions and requests: privacy@windop.app. General support: support@windop.app. Security reports: security@windop.app. Postal correspondence may be requested through support where required for a formal notice.