Privacy Policy

Last updated: March 28, 2026

Baton is a desktop application developed and operated by Tafjord Invest AS ("we", "us", "our"), a company registered in Norway. This policy explains what data we collect, why, and how we handle it.

1. Data We Collect

When you purchase a license:

• Email address — provided during Stripe checkout. We use it to deliver your license key and send purchase-related communications.
• Payment information — processed entirely by Stripe. We do not store credit card numbers, billing addresses, or other payment details on our servers.

When you activate a license:

• License key — sent to our server to verify validity.
• Machine identifier — a locally-generated hash used to tie an activation to a device.
• Machine name — your device's human-readable name (e.g. "John's MacBook"), used to help you identify activations.
• Platform and app version — your operating system and Baton version number.

Usage analytics:

• Baton sends aggregated telemetry by default: app version, platform, CPU architecture, and which AI agent is in use. This data is counted in daily aggregate and contains no user identifier, license key, or machine ID in the payload.
• If you leave usage analytics enabled, Baton also sends aggregated daily usage metrics such as workspace and terminal counts, feature usage counts, enabled feature flags, session duration, licensing state, and active agent names. We use this to understand feature adoption and guide product development.
• You can disable usage analytics at any time in Settings → Privacy. Disabling usage analytics stops Baton from sending these richer usage summaries, but basic install and heartbeat telemetry still helps us measure installs and active app versions.
• We do not collect any data about your projects, code, files, or AI agent conversations.

Error reports:

• When Baton encounters an unhandled error, it may send an automatic error report containing the error message, stack trace, app version, platform, and architecture. No project data, code, or file contents are included.

AI utilities (workspace and branch naming):

• Baton includes built-in AI utilities that automatically generate workspace and branch names. When enabled, only your first prompt for a new workspace is sent to a Baton-managed inference service. Prompts are not stored and are processed by providers that do not train on your data.
• No code, files, project contents, or subsequent prompts are sent — only the initial prompt text used to derive a name.
• This feature is enabled by default. You can disable it or configure your own provider in Settings → AI Utilities at any time.

Feedback (user-initiated):

• If you submit feedback through the app, we collect your description, optional email address, optional screenshots, and system information (app version, platform, OS version). This data is sent to help us improve the product.

2. How We Use Your Data

• Deliver license keys via email (Resend).
• Validate and manage license activations.
• Monitor aggregate install and usage trends to guide development.
• Diagnose crashes and bugs via error reports.
• Generate workspace and branch names via AI utilities.
• Respond to support or feedback requests.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

• Stripe — payment processing. Subject to Stripe's Privacy Policy.
• Resend — transactional email delivery. Subject to Resend's Privacy Policy.
• Cloudflare — hosting and CDN. Subject to Cloudflare's Privacy Policy.
• AI inference providers — when AI utilities are enabled with the default Baton-managed provider, your first prompt for a new workspace is routed through a Baton-operated service to a third-party model provider for inference. Prompts are not stored by Baton or the provider, and the provider does not train on your data. You can disable this or configure your own provider in the app settings.
• Internal notification services — feedback submissions and error reports may be forwarded to private internal channels for team review. No data is made public.
• First-party analytics — we track basic website usage (page views, country via Cloudflare headers) using our own server. No cookies are set, no personal data is stored, and no data is shared with third parties.

4. Data Storage & Retention

License records (email, license key, activation details) are stored in a Cloudflare D1 database. We retain this data for as long as your license is active. Aggregated telemetry statistics are stored in the same database without personal identifiers. If you request deletion of your personal data, we will remove it within 30 days.

Feedback and error reports may be forwarded to private internal channels and are not stored in our database long-term.

5. Cookies

Our website does not use cookies. We use first-party analytics in cookieless mode — no cookies or local storage are set, and no consent banner is required. No persistent tracking occurs across sessions.

6. Your Rights

Under GDPR and applicable Norwegian law, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Object to or restrict processing.

To exercise any of these rights, contact us.

7. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the service after changes constitutes acceptance.

8. Contact

Tafjord Invest AS
Contact us