Privacy Policy

Last updated: April 14, 2026 · Effective: April 14, 2026 · Questions? [email protected]

    Short version: AiMote is a developer tool that runs on your own machine. We do not collect, store, or transmit your personal data, your AI conversations, or your source code. This policy explains in detail what little data does touch our infrastructure.
  

1. What AiMote Is

AiMote consists of two components:

AiMote Server — open-source software you install and run on your own computer. It communicates with Claude Code CLI and Codex CLI that you have already installed.
AiMote Mobile App — a mobile application that connects to your AiMote Server over a WebSocket connection.

All AI processing happens on your machine through your own Anthropic and OpenAI accounts. AiMote does not proxy, intercept, or log any AI conversations.

2. Data We Do NOT Collect

We want to be explicit. The following data never leaves your device or your server, and AiMote, Inc. never receives it:

Your AI conversations (prompts, responses, tool use)
Your source code, files, or project contents
Your Anthropic or OpenAI API keys
Your AiMote PIN or JWT tokens
Any content you type into the mobile app
Your filesystem structure or directory listings

3. AiMote Cloud Tunnel (*.aimote.net)

If you choose the AiMote Cloud connection mode, your server traffic is routed through a Cloudflare Tunnel. This means:

Cloudflare sees your IP address when you make a tunnel connection and when traffic passes through their network. This is governed by Cloudflare's Privacy Policy.
We do not see the contents of your tunnel traffic. Cloudflare tunnels are end-to-end encrypted between your server and the mobile app client.
Your subdomain (e.g. a1b2c3d4.aimote.net) is derived from a one-way hash of your computer's hostname. We store this subdomain in our Cloudflare DNS configuration. The subdomain itself is not personally identifiable.
Tunnel tokens are stored locally on your machine in ~/.aimote/config.json, which is created with restricted permissions (mode 0600).

4. Mobile App

4.1 Data stored on-device

The app stores the following data locally on your phone using the OS secure storage (SharedPreferences / Keychain):

Server connection details you have entered (host, port, PIN)
Draft message text saved per session (so unsent text survives app restarts)
Your language preference (English or Chinese)

None of this data is transmitted to AiMote's servers. It stays on your device and is cleared when you delete the app.

4.2 Crash reporting and analytics

The current version of the AiMote app does not include any third-party analytics, crash reporting, or ad frameworks. We do not use Firebase, Mixpanel, Amplitude, or similar services.

4.3 Push notifications

The app requests notification permission to deliver local notifications (e.g. "Claude session finished"). These notifications are generated on-device based on server messages and are not routed through AiMote's servers.

5. AiMote Server

The server software runs entirely on your computer. All data it handles — sessions, messages, files — stays on your machine. The server does not phone home, send telemetry, or contact AiMote's infrastructure (except to establish the Cloudflare tunnel if you use that mode).

Server logs are written to your terminal's stdout/stderr only and are not persisted or uploaded anywhere.

6. Children's Privacy

AiMote is a developer tool designed for adults. We do not knowingly collect information from anyone under 13 years of age. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].

7. Your Rights

Because we do not collect personal data, most data-protection rights (GDPR Article 15–22, CCPA) are satisfied by the fact that your data never reaches us. Specifically:

Right to access / erasure: Delete ~/.aimote/config.json on your server and uninstall the mobile app to remove all AiMote-related data from your devices.
Right to data portability: Your config is plain JSON at ~/.aimote/config.json and is fully portable.
DNS records: If you wish to have the subdomain DNS record we created for your AiMote Cloud tunnel removed from our Cloudflare account, email [email protected] with the subdomain name. We will process this within 30 days.

8. Data Security

We apply the following security measures to the small amount of infrastructure we operate:

Cloudflare tunnel configurations use short-lived tokens and follow the principle of least privilege.
The ~/.aimote/config.json file is created with permissions 0600 (owner read/write only).
All WebSocket connections require PIN-based authentication and JWT tokens signed with a 32-character random secret unique to each installation.

9. Third-Party Services

When you use AiMote, you may interact with the following third-party services. Each has its own privacy policy:

Cloudflare (tunnel infrastructure) — cloudflare.com/privacypolicy
Anthropic (Claude Code CLI) — anthropic.com/privacy
OpenAI (Codex CLI) — openai.com/policies/privacy-policy

AiMote is not affiliated with, endorsed by, or sponsored by Anthropic, OpenAI, or Cloudflare.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in the project's GitHub repository and noted at the top of this page with an updated "Last updated" date. Continued use of AiMote after such changes constitutes acceptance of the new policy.

11. Contact

For privacy-related questions or requests, contact us at:

Email: [email protected]
X: @aimotehq