Data Security

Where does Command E store data?

Document data synced from cloud APIs never leaves your laptop. The Command E desktop app fetches documents directly from cloud APIs (i.e. the G Suite API, the Asana API, etc.) to your local laptop. Documents never pass through our servers. Documents are never saved on our servers. We do not have a copy of your documents on our servers.

We spend a lot of time making sure we never see the contents of your documents, ever.

See our Security page for more information.

Is the data on my laptop encrypted?

The search index that the Command E desktop app builds is encrypted with 256-bit AES encryption. This application-level encryption sits on top of any encryption your laptop already uses.

API access tokens for cloud APIs are stored in your operating systems secure keychain (Keychain on macOS, Credential Vault on Windows).

Requests to cloud APIs are encrypted using SSL.

See our Security page for more information.

What is stored on Command E servers?

  • The email address you used to sign up for Command E
  • The name you used to sign up for Command E

Does my data travel through (i.e. "proxy" through) Command E servers?

No. After you authorize a cloud service, the Command E desktop app makes API calls directly from your laptop to the cloud service. None of the API calls (or responses) that sync cloud data travel through Command E servers. Command E servers are utilized to create the initial connection with a cloud account, but once you've authorized a cloud account we don't "proxy" or copy your data through Command E servers.

What data does the Chrome extension collect?

Data collected from the Chrome extension never leaves your laptop. The Chrome extension talks directly to the Command E desktop app, all within your laptop. We never sync Chrome data to our servers.

Data sent from the Chrome extension to the Command E desktop app:

  • Browser history, excluding anything accessed via Incognito mode
  • Bookmarks
  • Any pages you've saved using the "Save to Command E" feature
  • A list of the open tabs, and the title for each tab

Sending this data from Chrome to the Command E desktop app helps with search ranking, builds out your index in Command E, and allows you to find recently visited webpages (i.e. LinkedIn profiles).

Does my usage data go to third parties?

We use a small handful of industry standard monitoring services—Sentry, Datadog, and Mixpanel—to ensure the Command E desktop app is operating as expected. We do not send the contents of your documents to these services.

Data sent to 3rd parties:

  • The fact that you did a search, but not the query itself
  • The fact that you launched a Google Doc from Command E, but not the title or URL of the document you launched
  • Any bugs, crashes, or error logs that may have happened in Command E, but none of the document data

How do I disclose a vulnerability I've found with Command E?

Please contact Ben Standefer at security@getcommande.com

Did we miss something? Not to worry! Just email our support team at support@getcommande.com ✌️