Privacy Policy

Last updated: June 16, 2026

1. Introduction

Consulgent ("we," "us," or "our") operates the Consulgent website at consulgent.com and the Consulgent desktop application (the "Desktop App," and together with the website, the "Service"). This Privacy Policy explains how we collect, use, store, and share your personal information when you use the Service.

The Desktop App is a local-first application that runs on your own computer. It organizes and guides agentic AI work performed by Claude Code (from Anthropic) and Codex (from OpenAI), which run locally on your device under your own accounts with those providers. The website is used primarily to learn about Consulgent, create and manage your account, and manage your subscription. Understanding this split is important, because most of your work content never leaves your device or reaches our servers (see Section 3).

By creating an account or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (stored as a cryptographic hash by our authentication provider)
  • Display name (optional; derived from your email if not provided)

If you choose to sign in with Google, we receive basic profile information (such as your email address and name) from Google to create and authenticate your account, in place of a Consulgent password.

2.2 Subscription and Payment Information

A Consulgent subscription unlocks the Desktop App. Payment processing is handled entirely by Stripe. We do not store your credit card number or full payment details. We do store:

  • Stripe customer ID and subscription ID
  • Subscription status and current billing period dates
  • Whether your subscription is set to cancel at the end of the period

2.3 Local Application Data

When you use the Desktop App, the work you produce is stored locally on your device— in the application's data directory and within the project folders you choose. This includes:

  • Projects, workstreams, steps, and progress files
  • Conversation messages, prompts, and AI-generated responses
  • Run records, tool activity, and files created or edited during runs
  • App settings and preferences (such as your default model, permission mode, connected tools, and detected CLI paths)

This data is not transmitted to or stored by Consulgent. Your account session is held securely in your operating system's keychain, and a copy of your account status (email, name, and subscription state) is cached locally so the app can work offline.

2.4 Content You Choose to Share With Us

If you contact us for support or report an issue with your work, you may choose to share specific content — such as a conversation, project, or file — on a case-by-case basis. We receive this content only when you explicitly opt in to send it, and we use it solely to investigate and resolve your request.

2.5 Cookies, Analytics, and Session Data

We use essential cookies for:

  • Authentication sessions— managed by Supabase Auth to keep you signed in
  • Sign-in verification— a temporary code-verifier token used to secure the sign-in/OAuth exchange (deleted after use)

We do not use advertising or marketing cookies. We use Vercel Analytics for aggregate website performance metrics. Vercel Analytics is privacy-focused: it does not use cookies, does not track individual users across sites, and does not collect personally identifiable information. See our Cookie Policy for details.

3. How AI Processing Works

This section is important because it describes where your work content goes when you use the Desktop App.

The Desktop App runs Claude Code (Anthropic) and Codex (OpenAI) locally on your computer, using your own installations of those tools and your own accounts with those providers. When you run an AI task, your prompts, instructions, project files, and related content are sent directly from your computer to the AI provider you select (Anthropic or OpenAI) under your own agreement with that provider. Consulgent does not operate, receive, store, route, or proxy this content, and it does not pass through our servers.

Because that processing happens under your own provider account, it is governed by that provider's terms and privacy policy — Anthropic or OpenAI.

Third-party integrations and computer use.The Desktop App can connect to optional third-party tools and integrations (for example, via MCP connectors) and can perform actions on your computer when you enable those capabilities. If you connect an integration, you authorize it through your browser, and data flows directly between your device and that service according to your authorization and that service's own policies. Any access tokens for these integrations are managed by the underlying tooling on your device; Consulgent does not store them on its servers.

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Create and authenticate your account
  • Process payments and manage your subscription
  • Verify your subscription so the Desktop App can run
  • Respond to support requests, including any content you choose to share with us (Section 2.4)
  • Communicate with you about your account
  • Monitor for abuse and enforce our terms of service

5. Third-Party Services and Data Sharing

To provide the Service, certain data is shared with the third-party providers below. We do not sell your personal information to any third party.

5.1 AI Providers

When you use the Desktop App, your work content is sent directly from your device to the AI provider you select, under your own account with that provider, as described in Section 3. We use:

5.2 Infrastructure Providers

  • Supabase— authentication and storage of your account and subscription records
  • Vercel— website hosting and privacy-focused analytics

5.3 Payment Processing

  • Stripe— handles all payment processing. When you make a payment, your payment details are submitted directly to Stripe and are subject to Stripe's Privacy Policy.

5.4 Authentication Providers

If you sign in with Google, your authentication is handled by Google and is subject to Google's Privacy Policy. We only receive the basic profile information needed to create and authenticate your account.

5.5 Google Forms

Our Contact, Feedback, and Careers pages embed Google Forms. Information you submit through these forms is sent directly to Google and is subject to Google's Privacy Policy. This data is not processed through our servers.

6. Data Storage and Security

The account and subscription data we hold is stored on servers located in the United States (via Supabase). We implement the following security measures:

  • Encryption at rest— account and subscription data is encrypted by our infrastructure provider (Supabase)
  • Encryption in transit— all data transmitted over HTTPS/TLS
  • Row-Level Security (RLS)— database policies ensure users can only access their own data
  • Secure authentication— passwords are cryptographically hashed; website sessions use secure, httpOnly cookies, and Desktop App sessions are stored in your operating system's keychain

Your local application data (Section 2.3) is stored on your own device and protected by your operating system and your own security practices. While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

7. Data Retention and Deletion

We retain your account and subscription data for as long as your account is active and as needed to provide the Service. Your local application data lives on your device; you can remove it at any time by deleting projects within the Desktop App or by removing the application's data from your computer.

Any content you choose to share with us for support (Section 2.4) is retained only as long as needed to resolve your request, then deleted or anonymized.

You may request complete deletion of your account and all associated server-side data by contacting us at the email address listed below. Upon account termination, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data
  • Export your data in a portable format
  • Withdraw consent for optional data processing
  • Object to processing of your data in certain circumstances

To exercise any of these rights, please contact us using the information in Section 12. We will respond within 30 days.

9. International Data Transfers

Our account and subscription data infrastructure is located in the United States. If you are accessing the Service from outside the United States, please be aware that this data will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we learn that we have collected personal information from a person under 18, we will delete that information promptly. If you believe a minor has provided us with personal information, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Consulgent
Email: support@consulgent.com