Privacy Policy

Last updated: April 2026

What we collect

When you connect via GitHub OAuth, we store your GitHub username, primary email address, and a randomly generated UUID token. We log each task-shift detection event: the task type detected, confidence score, and timestamp. We never store the content of your conversations.

How we use it

Your token authenticates API requests. Your email is stored but not currently used for outbound email. Detection logs power your personal usage stats and, in aggregate and anonymised form, improve recommendations for all users. We will never sell or share individual user data with third parties.

Third-party services

• GitHub OAuth — for authentication. Governed by GitHub's Privacy Statement.
• Stripe — for payment processing. Governed by Stripe's Privacy Policy. We do not store card details.
• Anthropic — for task classification. Your last 3 messages and working directory are sent to Haiku for classification. No conversation history is retained by us.
• Render — our hosting provider. Data is stored in a Render-managed Postgres database in the US.

Local storage (XFMT)

Dispatch includes XFMT, a session memory system. XFMT stores all session snapshots locally on your machine at ~/.claude/xfmt/ — this data never leaves your device and is never transmitted to our servers. You are in full control of it and can delete it at any time.

Data retention

Your account data is retained while your account is active. Detection logs are retained indefinitely to power usage statistics. You can request deletion of your account and all associated data by opening a GitHub issue.

Contact

Questions about privacy? Open an issue at github.com/XpansionFramework/XF-Dispatch.