Last updated: May 17, 2026.
Cmdhub is operated by Stochastic Consulting Pty Ltd. Contact us at support@cmdhub.run.
This policy covers the cmdhub website, account system, waitlist, billing/account features, and the cmdhub command-line tools.
What cmdhub is
Cmdhub is a suite of local command-line tools for working with third-party services such as Google Workspace, Microsoft 365, Slack, and Notion. The hosted website provides account login, waitlist signup, binary registry data, documentation, and billing/account features. The provider CLIs run locally on your machine.
Website data we store
The website stores the minimum data needed to run the service:
| Data | Why it is stored |
|---|---|
| Waitlist email address, daily tools list, signup source, user agent, and timestamps | To manage launch updates, understand early-access fit, and avoid duplicate signups. |
| Account email, display name, login provider, provider account subject ID, and timestamps | To identify your cmdhub account and let the same identity sign in from the website and CLI. |
| Hashed cmdhub session tokens, session type, auth provider, expiry/revocation timestamps, and last-seen timestamps | To keep web and CLI sessions working without storing raw long-term session tokens. |
| Temporary CLI login handoff records | To let cmdhub auth login complete in the browser and return a cmdhub session token to the CLI. These records expire. |
| Provider login handoff records | Retired. Provider CLIs should perform provider OAuth locally and store provider tokens only in the local credential store. |
| Subscription, entitlement, and billing-event metadata once paid Pro is enabled | To show account status, suppress Pro upgrade reminders for paid users, and reconcile merchant of record webhooks. |
| Server logs | To operate, debug, secure, and monitor the website. |
CLI data and telemetry
The CLIs send limited, opt-out telemetry so cmdhub can understand which command families are used, which commands fail, and whether installed binaries run successfully at least once.
Telemetry can include an anonymous install ID, first-run event, CLI name and version, platform, command family/action, flag names present, sanitized typed/final command shapes with values redacted, alias/rewrite diagnostics, whether arguments or piped input were present, argument count, duration, exit code, structured error code, local event time, and cmdhub account email only after a valid cmdhub CLI session is verified.
Telemetry does not include provider content, command argument values, OAuth tokens, message bodies, subjects, calendar titles, file names, file contents, Slack messages, Notion page content, full URLs, provider object IDs, local file paths, or other third-party payloads.
You can disable telemetry with:
cmdhub telemetry disable
or with CMDHUB_TELEMETRY=0, CMDHUB_TELEMETRY_DISABLE=1, or DO_NOT_TRACK=1.
Provider data and OAuth tokens
Provider app authentication is separate from cmdhub account login.
Cmdhub does not currently store long-term Gmail, Google Calendar, Google Drive, Microsoft Outlook, Microsoft Calendar, Microsoft To Do, Microsoft OneDrive, Notion, or Slack provider tokens on the website. Those provider credentials are stored locally by the CLI using the configured local credential backend.
If hosted provider token storage is introduced later, it will be optional, disclosed before use, and protected with encryption.
Website account sign-in scopes
The website account system uses basic identity scopes only:
| Provider | Scopes | Why |
|---|---|---|
| Google account sign-in | openid, email, profile | To identify your cmdhub account, display your email/name, and link the Google identity to that account. |
| Microsoft account sign-in | openid, email, profile, User.Read | To identify your cmdhub account and read your Microsoft profile from Microsoft Graph. |
The website Google account sign-in flow does not request Gmail, Calendar, or Drive permissions.
Provider CLI permissions
Provider CLI permissions are requested only when you connect a provider for local command-line use. The exact scopes may evolve as commands are added or removed, but the current intended permission groups are:
| Tool | Provider permissions | Why |
|---|---|---|
gmail | openid, email, profile, https://mail.google.com/ | To read, search, create, send, update, label, delete, and inspect Gmail messages, threads, drafts, labels, and attachments through local CLI commands. |
gcal | openid, email, profile, https://www.googleapis.com/auth/calendar | To list calendars, read events, create/update events, and query free/busy availability. |
gdrive | openid, email, profile, https://www.googleapis.com/auth/drive | To list, search, upload, download, export, update, trash/untrash, delete, and share files and folders. |
mscal | offline_access, User.Read, Calendars.ReadWrite | To keep Microsoft CLI auth usable between sessions and to read/write Outlook calendar events and availability. |
msoutlook | offline_access, User.Read, Mail.ReadWrite, Mail.Send | To keep Microsoft CLI auth usable between sessions and to read, create, update, send, reply, forward, archive, and delete Outlook messages/drafts. |
msdrive | offline_access, User.Read, Files.ReadWrite | To keep Microsoft CLI auth usable between sessions and to read/write OneDrive files, folders, and permissions. |
mstodo | offline_access, User.Read, Tasks.ReadWrite | To keep Microsoft CLI auth usable between sessions and to read/write Microsoft To Do lists and tasks. |
slack | channels:read, groups:read, im:read, mpim:read, channels:history, groups:history, im:history, mpim:history, channels:write, groups:write, chat:write, users:read, users:read.email, reactions:read, reactions:write, search:read | To list conversations, read message history, post messages, manage reactions, search Slack, and identify the authenticated Slack user. |
notion | Notion private session token, not OAuth | To operate against the Notion workspace selected by the user. This token is stored locally by the CLI. |
Provider data is used to perform the command you ask the CLI to run. Cmdhub does not sell provider content, use provider content for advertising, or use provider content to train models.
Cmdhub’s use and transfer of information received from Google APIs will follow the Google API Services User Data Policy, including Limited Use requirements.
Sharing and processors
Cmdhub uses service providers to operate the website and business. These can include hosting, database, email, analytics/monitoring, source hosting, and merchant of record/payment services. Provider APIs such as Google, Microsoft, Slack, and Notion receive requests only as needed to perform the commands or authentication flows you initiate.
Payment information is handled by the selected merchant of record or payment provider. Cmdhub should not store full payment card details.
Data deletion
To request deletion of website account data, waitlist data, hosted usage records, or support records, email support@cmdhub.run from the relevant account email.
Deletion generally covers website account records, sessions, waitlist entries, hosted usage records, and provider-login handoff records that are still present. Some billing, tax, fraud-prevention, security, or compliance records may need to be retained by cmdhub or by the merchant of record.
You can revoke provider access directly in the relevant provider account settings, and you can remove local CLI credentials with the relevant auth logout command.
Changes
This policy will be updated as cmdhub moves from alpha to broader public launch. Material changes will be reflected on this page.