Skip to content
NeuroDock

Privacy Policy

Last updated: 2026-05-31

NeuroDock is a local-first cognitive substrate. The short version: by default, nothing about you leaves your machine. This page explains that precisely, and states exactly what happens in the two cases where data can cross the network: the optional hosted remote server, and — only if you choose it — optional hosted storage for your own data.

What runs on your machine

Section titled “What runs on your machine”

When you install NeuroDock the normal way (@neurodock/cli, an .mcpb bundle, or the Claude Code plugin), every server runs locally over stdio and every byte of your data stays on your device. Specifically, these never leave your machine:

  • Your profile (~/.neurodock/profile.yaml) — including any self-identified neurotype information. Self-identification is never transmitted, never verified against any third party, and never required.
  • Your cognitive graph — the people, projects, decisions, and facts you record live in a local SQLite database.
  • Session and timing data — the chronometric server holds session state in memory on your machine only.
  • Message and document text you pass to any tool.

We do not have a server that receives this data, because for the local install there is no remote endpoint involved at all.

Operational logging

Section titled “Operational logging”

The local servers emit operational logs to standard error only (for example, “a tool was invoked”). By design they do not log the content you pass in — not message text, not goal descriptions, not project names (see ADR 0003 and ADR 0005). These logs stay on your machine and are never transmitted to us.

The optional hosted remote server

Section titled “The optional hosted remote server”

We may operate a hosted remote server (for example at https://mcp.neurodock.org/mcp) that you can connect to as an MCP connector. Using it is entirely optional — the default install does not use it. If and when you choose to connect to it, these commitments apply:

  • Only the stateless tools are available remotely. The hosted server exposes only the communication and planning tools: message translation, tone and rewriting help, the rumination / hyperfocus / over-validation guardrails, and goal decomposition. Your cognitive graph, profile, and session history are never reachable over the network — they have no remote endpoint by design.
  • Processing is ephemeral. Text you send to a remote tool is processed in memory to produce the response and is not stored, not written to a database, and not retained after the request completes.
  • No content logging. As with the local servers, request/response content is not logged. Operational logs record that a tool ran, not what was in it.
  • No training. Your data is never used to train any model. The servers run deterministic analysis and return structured prompts; no model is trained on, or fine-tuned from, anything you send.
  • No profiling or aggregation. We do not build user profiles and do not aggregate requests into population-level datasets.
  • Authentication. Access is gated by OAuth 2.1 via an identity provider. We receive only the minimal token claims needed to authorise the request; we do not store your credentials.
  • Transport. All remote traffic is encrypted in transit (HTTPS only).

Optional hosted storage for your own data

Section titled “Optional hosted storage for your own data”

By default, NeuroDock stores nothing about you anywhere but your own device, and anonymous or non-opted-in sessions store nothing at all. The stateful tools — your cognitive graph, your session and timing state, and your profile — are local-only unless you explicitly opt in.

This hosted-storage option is being introduced. Until it is available to you, everything stays on the stateless, local-first path described above. When it is available, opting in is a deliberate, separate step that asks for your explicit consent and states what will be stored, where, and how to delete it. If you do nothing, nothing changes.

When you opt in, you choose where your data lives:

  • Hosted per-user storage. Your cognitive graph, session state, and profile are stored on our server, kept separate from every other user’s, tied to your sign-in identity, and encrypted at rest. No other user can read it, and we never combine it with anyone else’s.
  • Bring-your-own-storage. You connect your own database (a libSQL or Turso-compatible URL and token). Your data lives in your database; we store none of it and only read and write to the database you point us at.
Section titled “Neurotype data and consent”

Self-identified neurotype information is sensitive personal data — under the GDPR it is special-category data. We do not store it on our server unless you opt in to hosted per-user storage and give explicit consent for that purpose. With bring-your-own-storage it never reaches us; with the default local install it never leaves your device. We do not require a diagnosis and never verify your neurotype against any third party.

Keeping or deleting your data

Section titled “Keeping or deleting your data”
  • Hosted per-user storage: you can delete your stored data at any time, and on account deletion; we then drop it from our server and keep no aggregate copy.
  • Bring-your-own-storage: disconnect at any time. We store nothing, so there is nothing on our side to delete; your data stays in your database.
  • Local install: delete the files in ~/.neurodock/ and the data is gone.

Where hosted data is held

Section titled “Where hosted data is held”

If you use hosted per-user storage, your data is held in a defined region, stated alongside the consent step at opt-in time. Any change to data residency will be recorded in this policy and in the public repository history.

What we never do

Section titled “What we never do”
  • We never sell or rent your data.
  • We never serve advertising or embed third-party trackers.
  • We never share your data with third parties for their own purposes.
  • We never aggregate detection events (rumination, hyperfocus, sycophancy) into population-level data — every such signal stays on your machine.

Your control and deletion

Section titled “Your control and deletion”

Because the local install keeps everything on your device, you are in control: delete the files in ~/.neurodock/ and the data is gone. The stateless hosted remote server stores no personal content, so there is nothing for us to retain or delete on your behalf. If you opt in to hosted storage (a forthcoming option), see “Optional hosted storage for your own data” above for what is kept and how to remove it.

Children

Section titled “Children”

NeuroDock is a professional productivity tool and is not directed at children.

Changes to this policy

Section titled “Changes to this policy”

If this policy changes materially, we will update the date above and record the change in the public repository’s history. Because the policy lives in the open-source repository, every revision is publicly auditable.

Contact

Section titled “Contact”

Questions about privacy can be raised as an issue on the NeuroDock repository or by email to the maintainer listed there.