Privacy Policy
Cato is a tool for supervising, approving and steering AI coding agents from your phone. It is built to be private by default: the parts of your work that matter — your code, terminal output, agent conversations, files and API keys — stay on your own machine. This policy explains the limited data we do handle to run your account, the optional Relay add-on, billing and error reporting.
Local-first by design
The Cato agent runs on your own computer and the Cato app runs on your phone. Your source code, terminal output, agent conversations, files and API keys stay on your machine. Cato does not collect, transmit to us, or store any of that content.
Your account
You sign in with OAuth through Apple, Google or GitHub. Authentication and account data are handled by Supabase Auth, hosted in the EU (Frankfurt region). We store account identifiers — your email address and your provider’s user id — to identify your account and to enable the Relay add-on and billing. We do not receive or store your OAuth password.
Relay (PRO add-on)
Relay is an end-to-end-encrypted, zero-knowledge relay that forwards traffic between your phone and your desktop when they are not on the same network. The relay server never sees your code, commands, keys or message contents — it only ever forwards encrypted data. To route that traffic it processes minimal metadata, such as which devices are connected and connection timing. It cannot decrypt what passes through it.
Push notifications
So we can alert you when an agent needs an approval or your attention, we store your device push token. Delivery runs through Expo Push and on to Apple (APNs) or Google (FCM). Notification payloads are kept minimal — a short summary and identifiers — and do not include sensitive content such as your code, commands or keys.
Billing
The Relay PRO subscription (€9 per month or €90 per year, with a 7-day free trial) is processed by Stripe. Stripe handles all payment and card data directly; we never see or store your card number. We store only your subscription status and the Stripe customer and subscription identifiers needed to manage your plan.
Error reporting
When enabled, optional crash and error telemetry is sent to Sentry to help us diagnose bugs. This may include device and operating-system information and stack traces. We do not intentionally send personally-identifying information — Sentry’s sendDefaultPii option is turned off.
Contact form & bot protection
Our contact form is protected by Cloudflare Turnstile in invisible mode. To distinguish humans from bots, Turnstile processes limited technical data (such as your IP address and browser signals). That processing is governed by the Cloudflare Turnstile Privacy Addendum. The name, email and message you submit through the form are stored solely so we can reply.
Third parties (sub-processors)
We rely on a small set of service providers to operate Cato:
- Supabase — authentication and database (EU region).
- Stripe — subscription payments.
- Sentry — optional error telemetry.
- Expo, Apple and Google — push notification delivery.
- Cloudflare — bot protection on the contact form (Turnstile).
Data location & your rights
The account, subscription and device data described above is stored in the EU. Where the GDPR applies, you have the right to access, export or delete your account data. Deleting your account removes your stored account, device and subscription records.
Retention
We keep account data until you delete your account. Billing records are retained for as long as required by applicable law (for example, tax and accounting obligations).
Children
Cato is not directed at children under the age of 16.
Contact
Questions about this policy or your data? Email us at hello@getcato.dev.
The data controller for the purposes of this policy is Lokalny s.r.o., a company established in Slovakia [registered address & company ID (IČO/DIČ) — to add].