Privacy Policy

1. Information we collect

1.1 Account information (via Google Sign-In)

When you sign in to Cinch using Google, we receive a limited set of profile fields from your Google account. Specifically, we use Google's OAuth 2.0 service with the openid, email, and profile scopes, which give us:

• your Google account's email address;
• your display name;
• your profile picture URL (if you have one set on your Google account); and
• a stable Google account identifier used to recognize returning users.

We do not request, receive, or store any other category of Google user data. Cinch does not access your Gmail, Google Drive, Calendar, Contacts, or any other Google service.

1.2 Device information

When you pair a device, Cinch generates and stores a per-device record so that your clips can be routed correctly. Each device record contains:

• a device identifier and a human-readable device name you provide;
• a per-device access token (stored as a hash on the server);
• the device's operating system family (e.g. "macOS", "linux", "windows");
• the timestamps at which the device was first paired and last seen.

1.3 Clipboard content ("clips")

When you push a clip from one device, the relay server holds the clip so it can be delivered to your other devices. A clip consists of the payload (text or image bytes), a content type label, a size value, and a timestamp. Clips are scoped to your account and are only delivered to devices you have paired.

If you enable client-side encryption (recommended and on by default for new accounts), Cinch encrypts each clip on the sending device using AES-256-GCM before it ever leaves that device. The relay server only sees the ciphertext; the encryption key never reaches our servers.

1.4 Operational and diagnostic data

The relay records minimal operational information needed to run the Service reliably, including:

• server-side request logs (timestamp, HTTP method, status code, IP address, and user agent), retained for a short window for abuse mitigation and debugging;
• aggregate, non-identifying analytics on the public website at cinchcli.com, collected via a self-hosted Umami instance that does not use cookies or cross-site tracking.

1.5 What we do not collect

Cinch does not collect or store: the contents of clips that your desktop app excludes locally (such as items from supported password managers or items marked as org.nspasteboard.ConcealedType), your contacts, your location, advertising identifiers, or browsing history outside the cinchcli.com website.

2. How we use information

We use the information described above for the following purposes only:

• To provide the Service. We use your account identifier to authenticate you, your device records to deliver clips to the right destinations, and your clip data to perform the synchronization itself.
• To secure the Service. We use request logs and rate-limit signals to detect and prevent abuse, brute-force attacks, and other security threats.
• To communicate with you. We may use your email address to send transactional messages about your account, security notifications, or material changes to this policy. We do not send marketing email.
• To comply with the law. We may process information when required by applicable law or a valid legal process.

We do not use your information to build advertising profiles, to train machine learning models, or to make automated decisions that produce legal effects.

4. How we share information

We do not sell, rent, or trade your personal information. We share information only in the limited circumstances below.

• With your other devices. The whole point of Cinch is to deliver your clips to devices you have paired. Clips are not shared with anyone else's devices.
• With service providers acting on our behalf. The relay runs on infrastructure providers (currently cloud hosting and a managed PostgreSQL database) that process data on our instructions and under contractual confidentiality obligations.
• For legal reasons. We may disclose information if we believe in good faith that disclosure is necessary to comply with a law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Cinch, our users, or the public.
• In a business transfer. If the operation of Cinch is transferred to another party, your information may be transferred as part of that transaction, subject to a privacy notice consistent with this one.

5. Data retention

• Clips on the hosted relay. Server-side clips are retained according to the per-account retention window (default 7 days). An hourly sweep automatically deletes clips that exceed the window. The hosted relay is best-effort and subject to fair-use and abuse limits.
• Local clip history. Clips stored locally by the desktop app live in a SQLite database under your operating system's application-data directory and are pruned according to your local retention setting (default 30 days). You can clear all local clips at any time from the Settings pane.
• Account and device records. We keep account and device records for as long as your account is active. If you delete your account, these records and any associated clips are deleted, except where we are required to retain limited information to comply with legal obligations or to resolve disputes.
• Operational logs. Server request logs are retained for up to 30 days and then automatically discarded.

Cinch does not send clipboard content to AI providers during ordinary sync. Provider calls happen only when you explicitly run cinch ai without --no-send and have configured a provider.

6. Security

We use a combination of administrative, technical, and physical safeguards to protect your information. These include:

• transport-layer encryption (TLS) for every connection to the relay;
• optional end-to-end encryption of clip payloads using AES-256-GCM with keys held only on your devices;
• X25519 Diffie-Hellman key exchange to share encryption keys between your own devices without exposing them to the server;
• per-device access tokens that can be individually revoked;
• storage of access tokens as hashes, never as plaintext;
• credentials stored on your devices using the platform secure store (macOS Keychain, Linux Secret Service, or the Tauri secure store on the desktop app).

No security measure is perfect. If we ever become aware of a security incident that affects your information, we will notify you as required by applicable law.

7. Your rights and choices

Depending on where you live, you may have the following rights with respect to your information:

• Access. You can request a copy of the information we hold about you.
• Correction. You can ask us to correct inaccurate information.
• Deletion. You can ask us to delete your account and the personal information associated with it.
• Revocation. You can revoke Cinch's access to your Google account at any time from your Google Account permissions page.
• Device unpairing. You can unpair any device from inside the Cinch desktop app or by running cinch auth logout on that device. Unpairing immediately invalidates that device's access token.
• Local control. The desktop app gives you direct controls to change retention, clear local history, and exclude specific applications from clipboard capture.

To exercise any of these rights, write to us at the address in section 12. We will respond within a reasonable time and in accordance with applicable law.

8. International data transfers

Cinch is operated by an individual maintainer and uses infrastructure providers that may store and process data outside your country of residence. By using the Service, you understand that your information may be transferred to and processed in countries that have different data-protection rules than your own. We take reasonable steps to ensure that any such transfer is protected by appropriate safeguards.

9. Children's privacy

Cinch is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so that we can delete it.

10. Open source

The Cinch client, desktop app, and relay are open source under the AGPL 3.0 license. You can read the code at github.com/cinchcli and audit exactly what we do with your data. If you self-host the relay, this Privacy Policy describes the privacy practices of the Cinch-operated relay only; the operator of a self-hosted relay is the data controller for that deployment.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If the changes are material, we will provide notice by email to the address associated with your account or by a prominent notice in the Service before the changes take effect. Your continued use of the Service after the effective date of an updated policy means you accept the updated policy.

12. Contact

If you have questions about this Privacy Policy or about how Cinch handles your information, please reach out:

Email: [email protected]
Project: github.com/cinchcli