Privacy policy

The short version

• Your source code, prompts, and agent output never reach a Daintree server. There is no Daintree server that receives them.
• App telemetry, voice input, and any third-party AI features are off by default and opt-in. Telemetry strips file paths and credentials before transmission and is sampled at 10%.
• The website uses Vercel Web Analytics, which is cookieless and does not track you across sites.
• The newsletter is optional, double opt-in, and only collects your email address. Unsubscribe at any time.
• The site sets no first-party tracking cookies. There are no logins or user accounts.
• Fonts are served from our own domain — no third-party font CDN.
• Daintree itself is free to download and Apache 2.0 licensed.

Who is responsible for your data

Daintree is a personal project, started in 2025 (originally under the name "Canopy"). The responsible party is Greg Priday, a sole developer based in South Africa, who is also the designated Information Officer for the purposes of POPIA Section 56.

For privacy questions, data requests, or anything in this policy, email greg@siteorigin.com. A dedicated @daintree.org address will replace this once it's set up; the address above will remain valid in the meantime. A postal address for formal correspondence is available on request via the same email.

The website (daintree.org)

The website is a marketing and documentation site. It has no logins, no user accounts, no comment system, and no contact forms. The only place you can submit personal data is the optional newsletter signup.

Analytics

We use Vercel Web Analytics to count page views and basic engagement. Vercel Analytics is cookieless and does not build advertising profiles. To distinguish unique visits within a single day, Vercel computes a hash from the request IP, user agent, and a per-project salt; that hash resets every 24 hours and the raw IP is not stored. The data we see is aggregate: pages visited, referrers, approximate country, OS family, browser family, and device type.

Newsletter signup (MailerLite)

If you choose to subscribe to the newsletter at /newsletter, your email address is sent to MailerLite, which manages the subscriber list and sends the emails. We collect only your email — no name, no phone number, no other fields. MailerLite stores subscriber data on Google Cloud infrastructure in the European Union.

Subscriptions use double opt-in: MailerLite sends a confirmation email, and your address is only added to the list if you click the link inside it. As part of that flow, MailerLite logs the IP address and timestamp of your signup and your confirmation; this is standard anti-abuse and consent-record practice and is governed by MailerLite's privacy policy. Newsletter emails include open and click tracking by default. Every email includes an unsubscribe link, and you can also email us to be removed.

Bot protection (Cloudflare Turnstile)

The newsletter form is protected by Cloudflare Turnstile to prevent automated abuse. Turnstile is loaded only when you visit /newsletter; it does not run on any other page. When loaded, the widget sets short-lived cookies on challenges.cloudflare.com (typically __cf_bm, valid for around 30 minutes, and cf_clearance if a challenge is solved) and inspects browser-level signals — TLS characteristics, user agent, and rendering details — to score the request as human or bot. Turnstile does not use this data for advertising or cross-site tracking, and Cloudflare retains the underlying signals only for as long as needed to operate the bot-protection service. We rely on legitimate interest in keeping the newsletter form free of automated abuse as the basis for processing here.

Site search

The site search is powered by SearchSocket with an Upstash Search backend. When you submit a query, the query text is sent to Upstash to retrieve matching pages. Queries may be logged for service operations and product improvement, but they are not associated with any user identifier — there is no account or session linking searches to a person.

Caching

We use Upstash Redis on the server to cache things like GitHub repository statistics and release metadata. No visitor data, no IP addresses, and no personal information is stored in the cache. Because we call Upstash exclusively from our server, Upstash never sees your IP address or any other visitor data.

Hosting and server logs

The site is hosted on Vercel. Like any web host, Vercel keeps standard request logs (timestamps, request paths, IP addresses, user agents) for short, platform-managed periods — on Vercel's free tier, runtime logs are retained for roughly an hour — to operate the platform and protect against abuse. Daintree's own application code does not write IP addresses or other user-identifying data into application logs.

Browser storage

The site writes a small amount of data to your browser's localStorage and sessionStorage:

• localStorage caches public GitHub repository stats so they don't need to be refetched on every page (auto-expires after 24 hours).
• sessionStorage remembers whether the homepage hero animation has already played in your current tab.

None of this data identifies you. Clearing your browser storage removes it.

Embedded media

Fonts are served from our own domain — there is no third-party font CDN in the page. Some blog and documentation pages embed YouTube videos. The YouTube player is loaded only when you press play; if you do, YouTube applies its own data practices to that traffic.

The desktop app (Daintree)

Daintree is an Electron desktop app that runs entirely on your machine. It is a workspace around AI coding CLIs you already have — Claude Code, Gemini CLI, Codex, OpenCode, and others. The app's design principle is that your code never leaves your machine because of Daintree: no backend ingests your files, prompts, or agent output. Most of what's described below is opt-in and disabled by default.

AI agent traffic

Daintree launches AI coding tools as local subprocesses. The CLI talks to its provider (Anthropic, Google, OpenAI, etc.) directly using your credentials and your terms with that provider. Daintree is not in the network path. We never see your prompts, completions, model responses, or API keys. If you have privacy questions about what an agent sends to its provider, those answers belong to the provider, not Daintree.

Telemetry — off by default

The app has three telemetry levels, set in Settings → Privacy & Data. The default is off, and nothing is sent until you explicitly choose otherwise:

• off — no events are transmitted. This is the default.
• errors — anonymous crash reports are sent to Sentry at a 10% sample rate, with file paths and credential patterns scrubbed.
• full — adds a small set of named onboarding events (onboarding_step_viewed, onboarding_step_skipped, onboarding_completed, onboarding_abandoned) at the same 10% sample rate.

Before any event leaves the app:

• Home directory paths are replaced with ~ in stack traces and breadcrumbs.
• API keys, OAuth tokens, JWTs, and PEM blocks are matched against a scrubber pattern list (GitHub, Anthropic, OpenAI, AWS, Google, Stripe, Slack, npm, Azure, and generic Bearer tokens) and redacted.
• URL query strings are stripped of access_token, refresh_token, client_secret, and code.
• Events are sampled at 10% on top of the scrubbing.

The Sentry SDK does not transmit your IP address or any user identifier with events; no device identifier, install ID, or anonymous user ID is generated by Daintree for telemetry. Sentry's servers receive the connection's network IP at HTTP transport time (this is unavoidable for any internet request), and the Daintree project in Sentry is configured to discard IP addresses at the storage layer. Sentry retains accepted events for 30 days on the free tier we use. Settings → Privacy & Data also includes a preview view that shows you what would be sent without actually sending it.

Auto-updates

Daintree checks updates.daintree.org at startup and roughly every four hours to see if a new version is available. The check is an HTTP request for a release manifest; the only data sent is what's in standard request headers (your IP address, the app version, your operating system family, and a user agent). No personal information is transmitted. You can switch between stable and nightly channels in Settings.

Voice input (completely optional)

Voice input is a completely optional feature. It is disabled by default, requires you to bring your own Deepgram account and API key, and is never loaded or activated unless you explicitly enable it in Settings.

When enabled, the app streams audio directly from your machine to Deepgram for transcription using your own credentials. Daintree does not proxy, see, or store the audio. What Deepgram does with that audio is governed entirely by your account-level agreement with Deepgram — under Deepgram's standard terms, audio may be retained and used to improve their speech models unless you opt out via your Deepgram account settings. In the language of POPIA and GDPR, Deepgram acts as a processor for you (the controller) in this flow, and Daintree is not in the data path at all.

Local data on disk

The app stores settings, recent projects, panel layouts, keybindings, and similar configuration in a local JSON file (typically ~/.config/daintree/config.json on macOS and Linux, or %APPDATA%/daintree/config.json on Windows). If you choose to provide credentials — a GitHub token, a Deepgram key, or an MCP server API key — these are stored locally in that same file. They are never transmitted to Daintree.

Daintree's built-in crash reporter is configured with uploadToServer: false: any native crash dumps are written locally and not uploaded. You can clear the app's HTTP cache, reset all stored data, or uninstall the app at any time.

For the deeper technical reference, see Security & Privacy in the docs and the Trust & Security page.

Third-party services we rely on

Daintree depends on a small number of third-party services. Each one has its own privacy policy, linked below.

This list is the complete set of third parties that may receive any data tied to your use of Daintree. There is no advertising network, no data broker, and no analytics vendor beyond what's listed here.

What we don't do

A short, deliberate list of things you might reasonably expect a website privacy policy to mention — and which simply don't apply here:

• No advertising network, retargeting pixel, or marketing analytics vendor.
• No behavioural profiling, fingerprinting, or building of visitor profiles. (Cloudflare Turnstile inspects browser-level signals on the newsletter page only, strictly to score bot vs. human.)
• No selling or sharing of personal data with third parties beyond the providers listed above.
• No cross-site tracking. The site sets no first-party tracking cookies, and Vercel Analytics resets its identifier hash daily.
• No user accounts, no logins, and no authentication flow on the website.
• No reading of your code, prompts, agent output, or local files in the desktop app, ever.
• No automated decision-making or scoring that produces legal or similarly significant effects.

Lawful basis for processing

For each processing activity described above, this is the lawful basis we rely on under POPIA Section 11 and GDPR Article 6. Providing personal information to Daintree is always voluntary; the only consequence of declining is that the relevant feature does not work for you (you don't receive the newsletter, telemetry stays off, voice input doesn't activate).

• Newsletter signup — your consent (POPIA s11(1)(a) / GDPR Art 6(1)(a)).
• App telemetry, when you enable it — your consent. Off by default; you can withdraw at any time in Settings.
• Voice input, when you enable it — your consent, plus your direct contractual relationship with Deepgram.
• Vercel Web Analytics — our legitimate interest in understanding aggregate site usage (POPIA s11(1)(f) / GDPR Art 6(1)(f)). The processing is cookieless and uses no cross-site identifiers, which we believe makes the impact on your privacy minimal.
• Cloudflare Turnstile bot protection — our legitimate interest in keeping the newsletter form free of automated abuse.
• Server-side caching, hosting, and standard request logs — our legitimate interest in operating and securing the website.
• Auto-update checks and crash telemetry transport — our legitimate interest in delivering a working, secure desktop app.

Your rights

Daintree is operated from South Africa and is therefore subject to the Protection of Personal Information Act (POPIA). If you are in the European Union, the United Kingdom, or another jurisdiction with similar data-protection rules, those rules apply to your data as well.

You have the right to:

• Access the personal information we hold about you (in practice this is essentially your newsletter email address, if you've subscribed).
• Correct any information that is inaccurate.
• Delete your information — for the newsletter, you can do this yourself via the unsubscribe link or by emailing us.
• Object to processing or withdraw consent at any time. Withdrawing consent does not affect the lawfulness of past processing.
• Lodge a complaint with the South African Information Regulator or your local data-protection authority.

To exercise any of these rights, email greg@siteorigin.com. We aim to respond within 30 days.

The South African Information Regulator can be contacted directly at:

• Email (general enquiries): enquiries@inforegulator.org.za
• Email (POPIA complaints): POPIAComplaints@inforegulator.org.za
• Postal: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
• Web: inforegulator.org.za

Children

Daintree is a tool for software developers. It is not directed at children, and we do not knowingly collect personal information from anyone under 13 (or under 16 in the EU/UK). If you believe a child has provided personal information through the website, please contact us and we'll delete it.

International data transfers

The third-party services we use are operated from a small set of jurisdictions, primarily the United States and the European Union. Where personal information is transferred to one of those providers, we rely on the corresponding mechanism that the provider itself maintains:

• US-based providers (Vercel, Cloudflare, Sentry, Upstash, Deepgram, GitHub) — participate in the EU-U.S. Data Privacy Framework and its UK Extension, and offer Standard Contractual Clauses through their published Data Processing Agreements.
• EU-based providers (MailerLite stores subscriber data on Google Cloud in the EU) — operate under GDPR directly.

For purposes of POPIA Section 72, we rely on the published privacy commitments and DPAs of these providers, all of which afford a level of protection that is substantially similar to POPIA's principles. Because the data we hand off is minimal (an email address for the newsletter, an anonymous search query, an opt-in scrubbed crash report) the practical risk surface of these transfers is small.

Security

The Daintree desktop app's security model — Electron sandboxing, IPC validation, code signing, telemetry scrubbing, and so on — is documented in detail on the Trust & Security page and in the security reference. The website itself is a static SvelteKit deployment with HTTPS enforced; the only secret it handles is a server-side MailerLite API key, kept in environment variables and never exposed to the browser.

Changes to this policy

If this policy changes, the effective date at the top of the page will be updated. For substantive changes — new third parties, new categories of data collected — we'll also note the change in a release announcement or in the newsletter, where applicable.

Contact

Privacy questions, data requests, or general feedback: greg@siteorigin.com.