docs: add privacy policy#150
Merged
Merged
Conversation
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Review of the policy against the code surfaced a few claims that don't match what the app actually does: - MiniMax is not a subprocess CLI; Parallel Code's main process makes a direct HTTPS request to api.minimax.io with the user's API key (electron/ipc/ask-code-minimax.ts). Moved out of the third-party CLI list into the "Network activity initiated by Parallel Code itself" section, with the endpoint, what gets sent, and how the key is held. - Update checks include a User-Agent identifying app name/version/OS; the previous "no identifying info" framing was too strong. Also noted autoInstallOnAppQuit: a confirmed update installs on next quit. - GitHub PR status polls via `gh` every 30s while the task is visible; surfaced as its own bullet rather than hiding under "git operations". - Mobile-monitoring server binds to all interfaces and exposes terminal scrollback + the ability to send input/stop agents to anyone with the bearer token; spelled that out. - Storage paths use the productName "Parallel Code" (capitalized, with a space) — fixed from the lowercase placeholder. Added the `.parallel-code/` repo directory next to `.claude/`. - Promoted the doc heading from H2 to H1 for GitHub rendering. - Children's privacy section reframed: the app collects no data from anyone, including children (instead of the COPPA-style boilerplate).
Round-2 review surfaced a factual error introduced by the previous fixup, plus a few more details worth correcting: - Mobile clients are read-only. electron/remote/server.ts:783-789 rejects input/resize/kill from mobile tokens with 4003 Forbidden. Only the coordinator token (which never leaves the main process) can write. The previous wording overstated the exposure. - Mobile-monitoring traffic is plain HTTP and the access token is included in the URL (and in the QR code). Document this so users know to treat the underlying network as trusted (LAN or Tailscale). - PR-status polling is gated on the app window being visible, not per-task. Pending PRs poll every ~30s; settled PRs every ~5min (SETTLED_REFRESH_MS in electron/ipc/pr-checks.ts). - `.parallel-code/` in repos is created only for Docker-isolated sub-tasks (electron/ipc/register.ts:1504-1509); non-Docker sub-tasks use the bundled mcp-server.cjs. Qualified accordingly. - Section framing relaxed: PR-status (via gh) and "Other git operations" (via git) are subprocess-mediated, not direct calls from Parallel Code's own process. Reframed as "initiated by Parallel Code itself, either directly or by invoking local tooling on your machine." - MiniMax bullet leads with "unlike the CLIs above, MiniMax is called directly" so the distinction is obvious without code knowledge. Added line range and system instruction to the list of sent fields; dropped the jargon parenthetical. - Update-check: clarified the User-Agent claim to what the update library actually sends (app name and version), dropped the unverifiable OS/arch detail. Also noted the user-initiated "Check for updates" path. - Small trims: "including but not limited to" -> "including"; removed "They only occur in the cases listed" (redundant with the per-bullet "when you ..." conditions); "telemetry payload" -> "analytics data" (matches summary).
Expand the original privacy policy through several rounds of review: - Multi-agent review (codebase accuracy, adversarial threat model, legal/policy framing, editorial clarity) corrected factual claims against the code, added disclosures for Codex argv token exposure, Docker non-isolation framing including API-key env forwarding, Remote Access token-in-URL exposure surface, a comprehensive Local storage inventory, microphone auto-approval, plan-viewer block index, dropped-image filename pattern, settings.json placeholders, rendered markdown scope, .git/info/exclude entries, and the maintainer's identity. - Split mega-bullets (Remote Access, MCP, Docker task isolation) into nested sub-bullets for skim-ability. - Disclose sub-task system-prompt preamble injection so the third- party-CLI disclaimer no longer elides Parallel Code's active role in shaping the data flow. - Tighten the updater UUID framing (drop softening; document UUID rotation by deleting .updaterId; specify "about ten seconds"). - Replace closing "not a contractual undertaking" with a non-self- defeating no-warranty note scoped to the software. - Add a "Your data and rights" section honest for a no-server tool. - Disclose Chromium's empty cache directories in the userData dir to pre-empt readers who poke around.
Owner
|
Thank you very much! <3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a top-level
PRIVACY.mdto the project, following the convention of including a privacy policy in the GitHub project root.What it says
.claude/steps.jsoninside repos).Test plan
electron/ipc/updater.ts(startup check is unconditional on supported platforms; downloads are user-initiated)🤖 Generated with Claude Code