← Back

Privacy Policy

Last updated: May 5, 2026

This Privacy Policy explains how the Palmier platform ("Service"), operated by Palmier ("we", "us", or "our"), collects, uses, and protects your information.

1. What We Collect

1.1 Data stored on our server

When you use Palmier in server mode, our server stores the following minimal data:

• Host ID — a randomly generated UUID that identifies your host. It contains no personal information.
• Push notification subscriptions — your browser's Web Push endpoint URL and encryption keys, used solely to deliver push notifications to your devices.
• FCM tokens — if you use the Palmier Android app, your Firebase Cloud Messaging device token is stored to deliver push notifications and device interaction requests (such as geolocation). FCM tokens contain no personal information.

We do not store your task data, prompts, execution outputs, file contents, client tokens, IP addresses, email addresses, names, or any other personal information on our server.

1.2 Data stored on your machine

The Palmier host daemon stores all task-related data locally on your machine, including:

• Task definitions, prompts, and execution plans
• Task execution results and reports
• Run history and timestamps
• Client tokens for paired devices
• Host configuration

This data never leaves your machine unless you explicitly use server mode, in which case task management commands (not task content) are relayed through our cloud server. Task results and report contents are transferred directly between your host and your paired devices.

1.3 Data in transit

When your host is paired with the relay, the following data passes through our NATS message broker in real time:

• RPC messages between your PWA or Android app and your host (task management commands, status updates)
• Task lifecycle events (started, finished, failed — used to trigger push notifications)
• Device capability requests and responses — forwarded in real time between your host and your linked Android device. The exact data depends on which capabilities you have enabled; see Section 3 for details.

This data is ephemeral — it is not stored, logged, or retained by our server. The NATS broker forwards messages in real time and does not persist them.

1.4 Local access (loopback)

When you access the host at http://localhost:<port> on the host machine itself, all traffic stays on loopback. No data leaves your machine and no pairing is required.

1.5 Auto-LAN (native Android app)

When the Palmier Android app is on the same network as your host, it transparently routes RPC (task management commands) over direct LAN HTTP to your host's local address. This RPC traffic does not pass through our infrastructure. Task lifecycle events and push notifications still flow through the relay. Pairing always goes through the relay.

2. Third-Party AI Services

When you execute tasks, your prompts and related data are sent directly from your machine to the third-party AI provider you selected (such as Anthropic, Google, OpenAI, or others). This data is sent by the host daemon running on your machine — it does not pass through our server.

We have no control over how these providers handle your data. Please review their respective privacy policies. Common providers include:

• Anthropic (Claude Code)
• Google (Gemini CLI)
• OpenAI (Codex CLI)
• GitHub (Copilot CLI)

Palmier supports additional agents whose providers are not listed here. You are responsible for reviewing the privacy policies of any AI service you choose to use.

3. Android Device Capabilities

The Palmier Android app can expose phone capabilities — SMS, contacts, calendar, location, email, device notifications, battery, ringer, alarms — to agents running on your host.

• Opt-in. Every capability is off by default. You enable each one individually from the linked device drawer, which triggers the corresponding Android permission prompt.
• Revocable. Flipping the toggle off, or revoking the Android permission in system Settings, disables the capability immediately.
• Ephemeral. Capability requests and their responses pass through our relay in real time and are not stored, logged, or retained.
• Email is reviewed, not sent silently. Agents queue emails as a notification you tap to review and send through your own email client (via a mailto: intent). Palmier never transmits the message itself.

4. Push Notifications

Web Push (browsers): If you enable push notifications, your browser provides a push subscription endpoint managed by your browser vendor (e.g., Google for Chrome, Mozilla for Firefox, Apple for Safari). We store this endpoint to deliver notifications. We do not control the browser vendor's handling of push delivery data.

FCM (Android app): The Palmier Android app uses Firebase Cloud Messaging (FCM) to deliver push notifications and device interaction requests. Your FCM device token is stored on our server and sent to Google's FCM service for message delivery. Google's Privacy Policy applies to FCM delivery.

5. How We Use Your Data

The minimal data we collect is used exclusively to:

• Route messages between your devices and your host
• Deliver push notifications you have opted into

We do not sell, share, or use your data for advertising, analytics, profiling, or any purpose other than operating the Service.

6. Data Retention

• Host registrations are retained until you remove your host from the PWA, which cascades deletion of all associated push subscriptions.
• Push subscriptions are automatically removed when the browser's push endpoint becomes invalid (HTTP 404 or 410). FCM tokens are automatically removed when they become invalid.
• NATS messages are not retained — they are forwarded in real time and discarded. This includes all device capability requests and responses.
• Local data on your machine is retained until you delete it. See the host daemon README for removal instructions.

7. Data Security

Communication between your devices and our server uses TLS encryption. NATS connections are authenticated with tokens. Client tokens authenticate paired devices to your host.

However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of data in transit or at rest.

8. Your Rights

You can at any time:

• Disable individual device capabilities from the linked device drawer in the app, or revoke the underlying Android permission in system Settings
• Delete your host registration by removing the host from the PWA, which deletes all server-side data associated with it
• Revoke device access using palmier clients revoke-all
• Delete all local data by removing ~/.config/palmier and your Palmier root directory
• Access the host locally over loopback or direct LAN to avoid routing any traffic through our infrastructure

9. Children's Privacy

The Service is not intended for use by anyone under the age of 13. We do not knowingly collect information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will indicate the date of the most recent revision at the top of this page. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy, contact us at legal@palmier.me or open an issue on the Palmier GitHub repository.