NextProb Privacy Policy

Last Updated: April 29, 2026

Helicase Space LLC (“we,” “us,” or “our”) built NextProb as a local-first desktop application. This Privacy Policy explains what information we do and do not collect when you use NextProb. Please read it together with the NextProb Terms of Service. By using NextProb, you consent to the practices described here.

1. Summary

• NextProb is designed so that your notes and workspace stay on your own device. We do not receive your notes, files, attachments, scripts, or their contents.
• We do not store information about you on our servers. Our marketing site is hosted by Cloudflare, Inc., which receives standard web-request data on our behalf and produces aggregated, cookieless visit statistics for us via Cloudflare Web Analytics. We do not receive your IP address. See Sections 2.2, 2.3, and 4.3.
• NextProb offers sync modes that send your workspace directly to a destination you configure and control. For example, a Git repository you own or an SSH/SFTP server. In those modes, we do not receive your workspace; the destination’s terms and privacy practices govern that transfer.
• Apart from those aggregated statistics, the only information we receive today is what you choose to send us — for example, when you email support.
• We do not sell personal information.
• We do not use data we receive to train AI models.
• AI features run through command-line tools or remote AI providers that you install or configure. Your content travels directly from your device to the AI provider you chose; it does not pass through our servers. What that provider does with your content is governed by its terms and privacy policy.
• To stay current, the Software periodically fetches built-in resources from a public GitHub repository we maintain. This connection is between your device and GitHub; we do not receive any data from this fetch. GitHub’s handling of the connection is governed by GitHub’s privacy policy.

2. Information We Collect

2.1 Information you provide to us

• Support communications. If you email us or submit feedback, we receive what you send us, including your email address and any information you include.

2.2 Information collected automatically

Desktop Software. NextProb does not transmit telemetry, analytics, or crash reports to us.

Update fetches. The Software downloads built-in resources from a public GitHub repository we maintain. We do not receive any data from this fetch; the connection is governed by GitHub’s terms and privacy policy.

Marketing site. Our marketing site is hosted and delivered by Cloudflare, Inc., which receives the data sent in a standard web request — your IP address, the page you are visiting, the referring URL, your user-agent, and timing information — to deliver the site, protect it from abuse, and produce aggregated visit statistics for us via Cloudflare Web Analytics. Cloudflare Web Analytics does not use cookies, localStorage, or browser fingerprinting; we do not receive your IP address, and the information we see is aggregated counts of pageviews, referrers, browsers, operating systems, and visitor countries.

2.3 Cookies

The desktop Software does not use cookies. The marketing site sets no analytics or advertising cookies. Our hosting provider may set strictly-necessary cookies for security and abuse prevention; these are not used for analytics or advertising and require no consent banner under the EU ePrivacy Directive or UK PECR.

2.4 Device permissions (microphone, camera)

To let notes you or an AI author record audio or capture video, the Software requests microphone and camera permissions from your operating system where applicable. Those permissions are used only by the note you run inside the Software and only when that note asks your operating system for them. Audio and video captured by a note stay inside that note’s folder on your device. We do not receive microphone or camera data.

3. How We Use Information

We use the limited information we receive to:

• Respond to your support requests and feedback;
• Operate, secure, and measure the performance of our marketing site (via the aggregated, cookieless statistics described in Section 2.2);
• Detect, investigate, and prevent abuse of any communication channel you use to reach us;
• Comply with legal obligations.

We do not use any User Content or other data we receive to train or improve AI models, and we do not provide such data to any third party for that purpose. Content you send directly to a third-party AI provider through the Software is not received by us; whether that provider uses it for training is governed by that provider’s terms (see Section 4.1).

For users in the European Economic Area or the United Kingdom, our legal basis for the processing described above is our legitimate interest (Article 6(1)(f) GDPR / UK GDPR) in operating the Software, responding to users who contact us, and protecting our rights and the Software from misuse. Where required by law, we rely on your consent (Article 6(1)(a)).

4. How We Share Information

We do not sell, rent, or trade your personal information. We share only in the specific situations below.

4.1 AI providers

When you use AI features, you do so either by running an AI command-line tool inside the Software’s terminal or by configuring a remote AI provider in the Software. In both cases, your content travels directly from your device to the AI provider you chose. It does not pass through, and is not stored on, our servers. That transmission is governed by the terms and privacy policies of the tool or provider you selected. NextProb does not operate any AI service.

4.2 Destinations you control

When you sync to a destination you configure (such as a Git repository you own or an SSH/SFTP server), your workspace goes directly from your device to that destination. We do not receive, host, or process the content of that transfer. The destination’s operator and your own configuration there govern what happens to your data.

4.3 Service providers (sub-processors)

We rely on the following service providers. They process data on our behalf under Data Processing Addenda that restrict use of the data to providing services to us.

• Cloudflare, Inc. — hosting, content delivery, edge security and DDoS mitigation, and aggregated marketing-site analytics (Cloudflare Web Analytics). Subject to Cloudflare’s Customer Data Processing Addendum and Cloudflare’s adherence to the EU-US Data Privacy Framework.
• Zoho Corporation — email hosting for our helicase.space addresses (e.g., support, privacy, legal). Subject to Zoho’s Privacy Terms with EU Standard Contractual Clauses and the UK International Data Transfer Addendum incorporated.

4.4 Legal requirements and protection

We may disclose information we hold (for example, support correspondence) if required by law or if we reasonably believe disclosure is necessary to (a) comply with a legal obligation, court order, or government request; (b) protect and defend our rights or property; (c) prevent fraud or abuse; or (d) protect the safety of users or the public.

4.5 Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We will notify you of any such change affecting your information.

4.6 With your consent

We may share information with third parties when you give us your consent.

5. Data Security

We use reasonable technical and organizational measures to protect the limited information we hold (for example, support correspondence). User Content that stays on your device is protected only by your operating system’s security features. We recommend enabling the full-disk encryption offered by your operating system and using a strong account password on your device.

No security measure is perfect. You are responsible for protecting your device, the destinations you sync to, and any scripts or third-party code you run inside the Software.

6. Data Retention

• Local data. Content on your device is retained until you delete it. Uninstalling the Software does not automatically delete your workspace; those files remain in the folder you chose.
• User-controlled destinations. When you sync or transmit content to a destination you control, we do not receive or retain a copy and cannot delete it on your behalf. Retention and deletion at that destination are governed by its operator’s terms and your own configuration there.
• Support correspondence. We retain emails you send us for as long as needed to respond to your inquiry and for a limited period afterward as needed to comply with legal obligations or resolve disputes.

7. Your Rights and Choices

Depending on your location, you may have rights regarding your personal information. Because the only information we hold about you today is what you have sent us directly (for example, by email), most of these rights have a narrow scope:

• Access. Request a copy of any communications we hold from you.
• Correction. Ask us to correct anything we hold from you.
• Deletion. Request deletion of any communications we hold from you, subject to limited exceptions (such as legal retention obligations).
• Data portability. NextProb stores your notes as plain files on your disk, so the primary way to export your content is to copy the workspace folder.
• Object / withdraw consent. Object to certain processing or withdraw consent you previously gave.
• Lodge a complaint with a supervisory authority. EU residents may complain to their local data protection authority. UK residents may complain to the UK Information Commissioner’s Office (ICO). A list of EU authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

To exercise these rights, email privacy@helicase.space. We will respond within the time required by applicable law.

8. Third-Party Links and Services

The Software can open external URLs and interoperate with third-party tools, services, or destinations you install or configure. We are not responsible for the privacy practices of those third parties. Review their policies before providing them with information.

9. International Data Transfers

When you use the Software locally, no transfer of your User Content occurs from your use of the Software. If you configure a sync to a destination you control, the transfer happens directly between your device and that destination, which may be in any region you choose. We are not a party to that transfer, and it is governed by the destination operator’s terms, not ours.

When you visit our marketing site, request data is processed by Cloudflare, Inc. on our behalf, primarily through Cloudflare’s global edge network. Cloudflare is self-certified under the EU-US Data Privacy Framework, and our agreement with Cloudflare incorporates the Standard Contractual Clauses approved by the European Commission, and the UK equivalent, for transfers of personal data outside the EEA and the UK.

If you email us, your message is processed by our email service provider, which may store and process your message in countries other than your country of residence. The data-protection laws in those countries may differ from yours. Where we transfer personal data outside the EEA or the UK, we rely on appropriate safeguards under Article 46 GDPR and UK GDPR, including Standard Contractual Clauses approved by the European Commission (and the UK equivalent), where applicable. To minimize cross-border processing of personal information, we ask that you avoid including sensitive personal information in support emails.

For further information about these arrangements, contact us at privacy@helicase.space.

10. Children’s Privacy

NextProb is not intended for individuals under 18 years of age. We do not knowingly collect personal information from individuals under 18. If you believe we have done so, please contact privacy@helicase.space.

11. California Residents

If you are a California resident, the following additional disclosures apply under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). These disclosures supplement, and do not replace, the rest of this Privacy Policy.

11.1 Categories of personal information we collect

In the last twelve months, the CCPA statutory categories of personal information we have collected are:

• Identifiers. Your email address and the contents of your message, when you choose to email us.
• Internet or other electronic network activity. Limited request metadata generated when you visit our marketing site (IP address, page URL, referrer, user-agent, timing). This is processed by Cloudflare, Inc. on our behalf for hosting, security, and aggregated analytics. We receive only aggregated, non-identifying statistics. We do not use this information for cross-context behavioral advertising.

We do not collect: customer records (no accounts); commercial information (no transactions); internet or network activity from the desktop Software (no telemetry, analytics, or crash reporting); precise geolocation (only an approximate country derived from IP for marketing-site analytics); biometric information; sensory data we receive from you (microphone and camera capture stay on your device; see Section 2.4); professional or employment information; education records; or inferences drawn from any of the above.

11.2 Categories of sources

• Directly from you. When you contact support.
• Automatically when you visit the marketing site. Request metadata generated by your browser, processed by Cloudflare, Inc. on our behalf.

11.3 Your rights

You have the right to know what personal information we collect, to request deletion and correction, to opt out of the sale or sharing of personal information, and to limit the use of sensitive personal information. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

11.4 How to exercise these rights

To exercise these rights, email privacy@helicase.space. We will respond within the time required by applicable law.

11.5 How we verify requests

To protect your information, we will verify your identity before fulfilling a rights request. Verification is typically done by responding to the email address from which the request was sent, or by asking you to confirm details we already hold.

11.6 Authorized agents

You may designate an authorized agent to make a rights request on your behalf. We may require the agent to provide signed written authorization from you and, where permitted, may also require you to verify your identity directly with us.

11.7 Non-discrimination

We will not discriminate against you for exercising any of these rights.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or product scope. When we make material changes, we will notify you by updating the “Last Updated” date and, where appropriate, by in-app or email notice. Your continued use of the Software after the effective date constitutes acceptance of the revised Privacy Policy.

13. Contact Us

Questions, concerns, or privacy requests may be sent to:

Helicase Space LLC Privacy: privacy@helicase.space Legal: legal@helicase.space