CommonCompute
Log inGet started
Log in
Get startedDownload the Mac app
Privacy

Privacy Policy

Last updated: April 22, 2026

This policy explains what Common Compute, Inc. (“Common Compute”, “we”) collects, why, how we use it, and your rights. It covers customers who submit workloads, providers who run them, and visitors to commoncompute.ai.

Privacy at a glance
What the app and service collect, in App-Store-card form. The detail is below.
Linked to you
  • Email + display name
  • Hashed password
  • Billing identifiers (Stripe customer ID, last-4 of card)
  • API key hashes
  • Job metadata: workload type, duration, cost, provider ID
Not linked to you
  • Device capability (chip, memory, OS)
  • Anonymous crash + performance reports (Apple MetricKit)
  • HTTP request logs (IP, user-agent, path) — retained ≤30 days
Never collected
  • Files outside the job sandbox
  • Screenshots, clipboard, microphone, camera
  • Browsing history, other apps' data
  • Job content used to train ML models
You can turn off
  • Diagnostics (Settings → Advanced → Diagnostics in the Mac app)
  • Email notifications (per your account settings)
  • Provider participation (sign out or quit the app)

1. Plain-English summary

  • We do not sell your data. Ever.
  • We do not retain your task inputs or outputs by default beyond what is needed to deliver the result.
  • Provider machines see only the bytes needed to execute your task — not your email, name, or account metadata.
  • We collect the minimum account, billing, and telemetry data required to operate the network.
  • You can export or delete your account and associated data on request.

2. What we collect

Account data

Email, hashed password, display name, role (customer or provider), email-verification state, API key hashes, and audit timestamps. We use this to authenticate you and deliver the service.

Billing data

We use Stripe for payments. Stripe holds your card details; we store only the Stripe customer ID, the last 4 digits of the card (when returned by Stripe), and ledger entries for your credits and usage. Stripe’s own privacy policy applies to payment processing.

Workload data (customers)

When you submit a job, we process your inputs only as long as needed to dispatch, execute, and return the result. Inputs and outputs are held in encrypted object storage (Cloudflare R2) with short presigned URLs. We aim to delete both within 30 days of completion; you can request earlier deletion from [email protected]. Request and response metadata (job ID, workload type, token count, duration, cost, provider ID) is retained for auditing and billing.

Device telemetry (providers)

The provider app reports device capability (Apple Silicon chip family, unified memory, macOS version, available runtimes), health (CPU/GPU/thermal state), and uptime. We use this to match jobs to capable devices and to surface your earnings accurately. We do not read files, screenshots, clipboard contents, or non-job network traffic.

Website data

We collect standard HTTP logs (IP address, user-agent, path, timestamp) for abuse prevention and debugging. Logs are retained for up to 30 days. If we enable a product-analytics tool we will update this policy and announce it via email before turning it on.

3. How we use data

  • Authenticate accounts and authorize API requests.
  • Match workloads to capable providers and settle per-job billing and earnings.
  • Send transactional email (verification, receipts, security notices) via Resend.
  • Prevent fraud, abuse, and violations of the acceptable-use policy.
  • Improve reliability and performance of the network.

We do not use your inputs, outputs, or telemetry to train or fine-tune machine-learning models.

4. Subprocessors

We use a small number of well-established vendors to operate the service. Each is bound by a data processing agreement and processes personal data only on our instruction:

  • Cloudflare (Workers, D1, R2, Durable Objects) — application hosting and storage.
  • Stripe — payment processing.
  • Resend — transactional email delivery.

We will announce material subprocessor changes in this policy at least 14 days before they take effect.

5. Your rights

Depending on where you live, you may have rights under GDPR, CCPA, or other laws to access, correct, port, or delete your personal data; to object to certain processing; and to lodge a complaint with a supervisory authority. Email [email protected] with the subject line “Privacy request” and we will respond within 30 days.

6. Security

Passwords are hashed with bcrypt; API keys are hashed on storage; all traffic to the API is over TLS. Task inputs and outputs are held in encrypted object storage with short-lived presigned URLs. Provider devices execute in a sandboxed runtime with no outbound network access by default. Report security issues to [email protected]; we acknowledge within 72 hours.

7. International transfers

Our service runs on Cloudflare’s global edge. Depending on routing, your data may be processed in the United States, the European Union, or other regions where Cloudflare operates data centers. Transfers from the EEA or UK rely on Standard Contractual Clauses.

8. Children

The service is not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has created an account, contact us and we will delete it.

9. Changes

We may update this policy. Material changes will be announced by email to the address on your account at least 14 days before they take effect.

10. Contact

Common Compute, Inc. — Delaware, USA. [email protected]