Last updated: April 30, 2026.
Cmdhub is operated by Stochastic Consulting Pty Ltd. Contact us at support@cmdhub.run.
This policy covers the cmdhub website, account system, waitlist, billing/account features, and the cmdhub command-line tools.
What cmdhub is
Cmdhub is a suite of local command-line tools for working with third-party services such as Google Workspace, Microsoft 365, Slack, and Notion. The hosted website provides account login, waitlist signup, binary registry data, documentation, and billing/account features. The provider CLIs run locally on your machine.
Website data we store
The website stores the minimum data needed to run the service:
| Data | Why it is stored |
|---|---|
| Waitlist email address, signup source, user agent, and timestamps | To manage launch updates and avoid duplicate signups. |
| Account email, display name, login provider, provider account subject ID, and timestamps | To identify your cmdhub account and let the same identity sign in from the website and CLI. |
| Hashed cmdhub session tokens, session type, auth provider, expiry/revocation timestamps, and last-seen timestamps | To keep web and CLI sessions working without storing raw long-term session tokens. |
| Temporary CLI login handoff records | To let cmdhub auth login complete in the browser and return a cmdhub session token to the CLI. These records expire. |
| Temporary Slack provider login handoff records, if Slack brokered login is used | To exchange Slack OAuth credentials through the website and pass the resulting user token to the CLI. These records expire and are not intended as long-term hosted token storage. |
| Subscription, entitlement, and billing-event metadata once paid Pro is enabled | To show account status, suppress Pro upgrade reminders for paid users, and reconcile merchant of record webhooks. |
| Server logs | To operate, debug, secure, and monitor the website. |
CLI data and telemetry
The CLIs currently write local trace records on your own machine unless disabled. Local trace records can include tool name, command arguments with known secret flags redacted, profile name, start time, duration, exit code, provider name, HTTP status code, and error category/message.
You can disable local trace recording with:
CMDHUB_TRACE_DISABLE=1
Hosted CLI usage reporting is not active yet. When hosted usage reporting is enabled, it is intended to collect only limited operational data such as tool name, command group/action, success/failure status, duration bucket, CLI version, platform, local event time, client install ID, and account ID if signed in.
Hosted usage reporting should not include provider content, command arguments, OAuth tokens, message bodies, message subjects, calendar event titles, file names, file contents, Slack message text, Notion page content, or other third-party payloads.
Before broad public launch, cmdhub will document the available telemetry control for hosted reporting.
Provider data and OAuth tokens
Provider app authentication is separate from cmdhub account login.
Cmdhub does not currently store long-term Gmail, Google Calendar, Google Drive, Microsoft Outlook, Microsoft Calendar, Microsoft To Do, Microsoft OneDrive, or Notion provider tokens on the website. Those provider credentials are stored locally by the CLI using the configured local credential backend.
One current exception is Slack brokered login: because Slack app credentials are held by the website, the website performs the Slack OAuth token exchange and temporarily stores the Slack user token in a short-lived login handoff record so the CLI can retrieve it. The CLI then stores the Slack token locally.
If hosted provider token storage is introduced later, it will be optional, disclosed before use, and protected with encryption.
Website account sign-in scopes
The website account system uses basic identity scopes only:
| Provider | Scopes | Why |
|---|---|---|
| Google account sign-in | openid, email, profile | To identify your cmdhub account, display your email/name, and link the Google identity to that account. |
| Microsoft account sign-in | openid, email, profile, User.Read | To identify your cmdhub account and read your Microsoft profile from Microsoft Graph. |
The website Google account sign-in flow does not request Gmail, Calendar, or Drive permissions.
Provider CLI permissions
Provider CLI permissions are requested only when you connect a provider for local command-line use. The exact scopes may evolve as commands are added or removed, but the current intended permission groups are:
| Tool | Provider permissions | Why |
|---|---|---|
gmail | openid, email, profile, https://mail.google.com/ | To read, search, create, send, update, label, delete, and inspect Gmail messages, threads, drafts, labels, and attachments through local CLI commands. |
gcal | openid, email, profile, https://www.googleapis.com/auth/calendar | To list calendars, read events, create/update events, and query free/busy availability. |
gdrive | openid, email, profile, https://www.googleapis.com/auth/drive | To list, search, upload, download, export, update, trash/untrash, delete, and share files and folders. |
mscal | offline_access, User.Read, Calendars.ReadWrite | To keep Microsoft CLI auth usable between sessions and to read/write Outlook calendar events and availability. |
msoutlook | offline_access, User.Read, Mail.ReadWrite, Mail.Send | To keep Microsoft CLI auth usable between sessions and to read, create, update, send, reply, forward, archive, and delete Outlook messages/drafts. |
msdrive | offline_access, User.Read, Files.ReadWrite | To keep Microsoft CLI auth usable between sessions and to read/write OneDrive files, folders, and permissions. |
mstodo | offline_access, User.Read, Tasks.ReadWrite | To keep Microsoft CLI auth usable between sessions and to read/write Microsoft To Do lists and tasks. |
slack | channels:read, groups:read, im:read, mpim:read, channels:history, groups:history, im:history, mpim:history, channels:write, groups:write, chat:write, users:read, users:read.email, reactions:read, reactions:write, search:read | To list conversations, read message history, post messages, manage reactions, search Slack, and identify the authenticated Slack user. |
notion | Notion private session token, not OAuth | To operate against the Notion workspace selected by the user. This token is stored locally by the CLI. |
Provider data is used to perform the command you ask the CLI to run. Cmdhub does not sell provider content, use provider content for advertising, or use provider content to train models.
Cmdhub’s use and transfer of information received from Google APIs will follow the Google API Services User Data Policy, including Limited Use requirements.
Sharing and processors
Cmdhub uses service providers to operate the website and business. These can include hosting, database, email, analytics/monitoring, source hosting, and merchant of record/payment services. Provider APIs such as Google, Microsoft, Slack, and Notion receive requests only as needed to perform the commands or authentication flows you initiate.
Payment information is handled by the selected merchant of record or payment provider. Cmdhub should not store full payment card details.
Data deletion
To request deletion of website account data, waitlist data, hosted usage records, or support records, email support@cmdhub.run from the relevant account email.
Deletion generally covers website account records, sessions, waitlist entries, hosted usage records, and provider-login handoff records that are still present. Some billing, tax, fraud-prevention, security, or compliance records may need to be retained by cmdhub or by the merchant of record.
You can revoke provider access directly in the relevant provider account settings, and you can remove local CLI credentials with the relevant auth logout command.
Changes
This policy will be updated as cmdhub moves from alpha to broader public launch. Material changes will be reflected on this page.