Privacy Policy
The short version
Slash Command is local-first. Your commands, snippets, and clipboard history live on your Mac by default, and your clipboard history never leaves it. If you turn on optional Pro sync, your commands and snippets are encrypted on your device before upload and stored encrypted on our servers so they carry across your Macs — see Section 4 for exactly what that does and doesn't let us see. We never use your content to train AI models — the one exception to "your content stays put" is AI commands, which you trigger deliberately (see Section 3). Otherwise we collect only privacy-friendly website analytics and, if you leave it enabled, de-identified crash reports to fix bugs.
This Privacy Policy explains how Choop Labs LLC, a Delaware limited liability company ("Choop Labs," "we," "us"), the maker of the Slash Command application and website (together, the "Service"), handles information. It is a disclosure, not a contract; your use of the Service is governed by our Terms of Service. For the limited personal data described here, Choop Labs is the data controller.
1. Our core principle: local-first
Slash Command runs on your Mac and stores your data — your commands, snippets, expansion settings, and clipboard history — locally on your device. We designed the app so that the contents of what you type, expand, and copy stay on your machine.
Outside of actions you explicitly take — like running an AI command (Section 3) or turning on Pro sync (Section 4) — we do not collect, transmit, store, or log:
- The text inside your commands, snippets, or expansions
- Your clipboard history or its contents
- Your keystrokes or the text in the apps you use
2. Information we do collect
Website analytics
Our website uses Vercel Web Analytics, a privacy-friendly analytics tool that does not use cookies and does not build a profile of you. It records aggregate events such as page views and download-button clicks so we can understand what's useful, and is designed not to identify you individually. We also use PostHog for cookieless product analytics (page views and download clicks under a random identifier stored in your browser's local storage) so we can see which pages lead people to try Slash.
Downloads
App downloads are served through GitHub Releases. When you download the app, GitHub may process standard request information (such as IP address and user agent) under GitHub's own privacy practices.
App usage analytics
The app sends anonymous usage events through PostHog — counts of things like app launches, text expansions, and AI command runs, tagged with the app version and a random identifier created on your Mac. These events never include your command bodies, triggers, titles, clipboard, or AI text — only event names and counts. Usage analytics is on by default; you can turn it off any time in Settings ▸ Privacy & Diagnostics.
Diagnostic & crash reports
To find and fix bugs, the app may send de-identified diagnostic and crash reports through Sentry. These reports contain technical information such as the error, a stack trace, the app version, and your macOS version, and may include limited identifiers such as an IP address. They are scrubbed of your command bodies, triggers, titles, and clipboard data before being sent — a report carries only an opaque error id and counts, never your content. Crash reporting is on by default; you can turn it off any time in Settings ▸ Privacy & Diagnostics, which stops these reports.
Support
If you email support@slashcommand.app, we receive the information you choose to share (your email address and message) and use it only to respond to you.
3. AI commands
When you run an AI command, only the specific text you run that command on (together with any instructions contained in the command itself) is sent to an AI provider to generate a result. We do not send your other commands, clipboard, or app contents.
- Your own API key (free): if you bring your own key, requests go directly from your Mac to that provider (e.g. Anthropic, OpenAI, Google, Groq, OpenRouter) under their terms. Your key and those requests are not sent to us.
- Built-in AI (paid plans, when available): requests are routed through our managed proxy solely to fulfill the command, and we will require our AI provider not to use your inputs or outputs to train models.
4. Accounts, sync & encryption
Slash Command works fully with no account and no sign-up — that's the Free plan, and it never touches our servers. If you create an account and turn on Pro sync, your commands, snippets, and settings are encrypted on your device with AES-GCM before they're uploaded, and stored encrypted at rest on our servers so they carry across your Macs. Your clipboard history is excluded from sync by design and always stays local to each Mac.
Today this is managed encryption, not end-to-end: to make account recovery possible if you lose access to your account, we hold a wrapped copy of your sync encryption key rather than deriving it solely from something only you know. That means Choop Labs could technically unwrap the key and decrypt your synced content — for example if compelled by valid legal process — which is also what lets us recover your data if you forget everything. We do not read your synced content in the normal course of operating the Service, and we never sell, share, or train AI models on it. We do not currently offer an "end-to-end encrypted" mode where only you hold the key; we're building an optional zero-access mode for people who want that, and will update this policy and this page before it ships.
5. Payments
Payments for paid plans (Pro) are processed by Stripe through its Managed Payments service, under which Stripe acts as our Merchant of Record. Stripe collects and processes your payment and billing information under its own privacy policy; we do not receive or store your full payment card details. We receive limited order information (such as your email, plan, and country) needed to provide and support your subscription.
6. System permissions
To detect your trigger and insert text in other apps, macOS requires you to grant Accessibility (and possibly Input Monitoring) permission. The app uses these permissions locally on your Mac to watch for your configured trigger and perform the expansion. This activity does not leave your device and is not transmitted to us.
7. Service providers
We rely on a small set of third parties to operate the Service. Each processes only what's described above:
- Vercel — website hosting and privacy-friendly analytics
- GitHub — distribution of app downloads and updates
- Sentry — de-identified crash and diagnostic reports
- PostHog — anonymous product and usage analytics
- Stripe — payment processing (Merchant of Record via Stripe Managed Payments)
- AI providers — only the text you run an AI command on, as described in Section 3
8. Data retention
Your app data lives on your device for as long as you keep it; deleting the app or your data removes it. For the limited data we do hold: aggregate website analytics are retained in aggregate form; diagnostic and crash reports are retained for up to 90 days; and support emails are kept for up to 24 months to assist you and maintain records, unless a longer period is required by law.
9. Security
We use reasonable technical and organizational measures to protect the limited information we handle. Your clipboard contents never leave your device, and your commands and snippets only leave it, encrypted, if you turn on Pro sync (Section 4). No method of storage or transmission is completely secure, so we cannot guarantee absolute security. If a breach affects your personal information, we will notify you and any regulators as required by applicable law.
10. Cookies & tracking
We do not use advertising or cross-site tracking cookies, and our website analytics is cookieless. We do not track you across other websites or services. Where required, we honor browser privacy signals such as Global Privacy Control (GPC).
11. International data transfers
We are based in the United States, and our service providers (including Vercel, GitHub, Sentry, PostHog, Stripe, and AI providers) may process data in the United States and other countries. If you access the Service from outside the U.S., your information may be transferred to and processed in the U.S. Where required for transfers of personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
12. Your privacy rights
Because your content stays on your device, you control it directly — you can view, edit, export, or delete it in the app at any time. For information we do hold (such as support correspondence or, where applicable, order information), you can contact us at support@slashcommand.app to exercise your rights.
We do not sell or share your personal information (including for cross-context behavioral advertising), and we have not done so.
Depending on where you live, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, to data portability, and to withdraw consent. Our legal bases for processing (for users in the EEA/UK) are our legitimate interests in operating, securing, and improving the Service (analytics and diagnostics), performance of a contract (support and, in future, billing), and your consent where you enable optional features. You also have the right to lodge a complaint with your local data-protection authority. We will not discriminate against you for exercising these rights.
13. Children
The Service is not directed to children under 13 (or the age of digital consent where you live), and we do not knowingly collect personal information from them.
14. Changes to this policy
We may update this policy as the Service evolves — notably before introducing accounts, sync, or paid plans. We'll revise the "Last updated" date above and, for material changes, provide a more prominent notice.
15. Contact
Questions about privacy, or want to exercise a right? Email support@slashcommand.app. Choop Labs LLC is a Delaware limited liability company, United States.