Cookd is built by CodeClowns Technologies LLP. This policy explains, in full, what the cookd companion (the npx @codeclowns/cookd CLI) reads from your machine, what the cookd app stores about you, what gets sent to our servers, what never leaves your device, and how to get all of it deleted.
The short version: we read numbers, not your work. No email. No password. No prompts. No code. No file contents. Just token counts, model names, and how badly you cooked yourself tonight.
- We collect token counts, timestamps, model names, and tool names, never content.
- Your identity on our servers is a random 32-character device ID. No email or username is required to use the companion.
- All data is stored on Supabase, our database and infrastructure provider.
- You can ask us to delete everything tied to your device ID at any time.
1. The companion (CLI)
When you run cookd init or cookd watch, the companion reads the Claude Code transcript files at ~/.claude/projects/**/*.jsonl: the session logs Claude Code already writes to your machine. From each entry it reads token counts, timestamps, model identifiers, boolean flags, and tool names. It never reads message content. The parser that touches these files lives in one place in our source code (src/adapters/claude-code/transcript.ts) and is documented in SECURITY.md in our repository.
1.1 ONCE: WHEN YOU LINK A DEVICE
On first run, the companion generates a deviceId, a random 32-character hex string, created locally on your machine. This is sent to our backend once. It is the only persistent identity our servers ever hold for the companion. No hostname, username, email, or machine name accompanies it.
1.2 ONGOING: EVERY SYNC
cookd watch syncs a summary of your rolling 5-hour window whenever it shifts by 2% or more, a rate-limit event fires, or every 5 minutes, whichever comes first.
| FIELD | TYPE | WHAT IT IS |
|---|---|---|
| status | idle | cooking | cookd | Current rolling-window state |
| usedTokens | integer | Weighted tokens used in the current 5-hour window |
| limitTokens | integer | null | Your measured token ceiling |
| pctUsed | float | null | Percentage of your limit consumed |
| windowStart / resetsAt | timestamps | When your current window opened and resets |
| calibrationConfidence | none | low | medium | high | Confidence in your limit estimate |
| modelBreakdown | { model: tokens } | Weighted tokens per Anthropic model in the window |
| dailyStats.* | integers / dates | Tokens, sessions, prompts, tool calls, rate-limit hits, peak hour, per day |
| tonight.* | integers / booleans | Live session anatomy: prompt count, agent runs, cache hit rate, tool names + counts, time-to-cooked, top project |
1.3 ONCE PER WINDOW: WHEN YOU GET COOKED
When your 5-hour window hits its limit, one additional event is sent:
| cookedAt | When you hit the limit |
| usedTokens / limitTokens | Your numbers at the moment of the hit |
| timeToCookMins | Minutes from first prompt to hitting the wall |
| topModel | The model that did the most damage |
| resetsAt | When your next window opens |
1.4 WEEKLY: LIFETIME STATS, AND ONCE: HISTORICAL BACKFILL
On the first sync of each week, an all-time summary is sent. On cookd init, a one-time backfill of your historical daily stats (same shape as 1.2's dailyStats) is sent so your dashboard has history from day one. It is never re-sent.
| totalTokens / tenureDays / prompts | All-time totals |
| topModel / models | Lifetime model breakdown |
| topProject | Project directory name (basename only) with the most usage |
| peakHour / busiestDay / busiestDayTokens | When you do your worst damage |
| maxContext / agentHeavyPct | Largest context window ever; % of usage from agent turns |
Note on model names: identifiers like claude-sonnet-4-6 are public strings published by Anthropic to describe which model answered a request, they are not derived from, or specific to, your account.
2. What we never read or transmit
The companion has read access to your Claude Code transcripts, which technically contain your full conversation history. We treat that as a trust boundary, not an opportunity. The following is never read, stored, logged, or transmitted, under any circumstance:
- Prompt text: anything you typed in a Claude Code session
- Model responses: anything Claude returned to you
- Code, file contents, or clipboard data
- Tool arguments: what was passed to Read, Edit, Bash, or any other tool
- Full file paths: only the directory basename (e.g. cookd, my-app)
- Your machine's hostname, username, or any system identifier
- Your email address, name, or any other personal information
Your Anthropic credentials (~/.claude/.credentials.json) are never read or touched. Local state is kept at ~/.cookd/ with chmod 600 on credential files, readable only by you.
3. The app: press codes & handles
To connect the companion to the cookd app, the companion prints a six-character press code. You enter that code in the app to link your device. No email or password is ever requested. If you choose a handle (e.g. @ria_ships) so others can find your roast cards on the front page, that handle is the only identity attached to your account, it does not need to be your real name. Roast cards, heat index data, and front-page posts are generated from the usage numbers described in Section 1, formatted as editorial copy.
4. How your data is used
- To show your live usage, window percentage, and Tonight's Anatomy in the app.
- To calibrate your personal token ceiling and rate-limit window over time.
- To generate your roast card and front-page posts when you hit your limit.
- To compute aggregate, non-identifying statistics (e.g. site-wide token totals shown on this website).
- To debug and improve the companion and the app.
We do not sell your data. We do not share it with advertisers. We do not use it to train models.
5. Where your data lives
All synced data is stored on Supabase, which provides our database, authentication, and serverless functions. Supabase acts as our infrastructure provider/sub-processor and does not use your data for its own purposes. All companion-to-server requests happen over HTTPS. Subprocess calls made by the companion on your machine use explicit argument arrays (execFile), never shell-string execution, to prevent command injection.
6. Data retention
We retain usage data for as long as your device ID remains linked to an account, so that your dashboard, heat index, and lifetime stats stay accurate. Per-event sync data is not stored individually, only the rolling-window and daily/lifetime aggregates described in Section 1. If you stop using the companion, your data simply stops updating; it is not automatically purged unless you request deletion (Section 7).
7. Your rights: "burn my file"
Because the only identity we hold is a random device ID, there is nothing to de-anonymize. You can ask us to:
- Export everything tied to your device ID.
- Delete everything tied to your device ID: all sync history, lifetime stats, roast cards, and your handle.
- Unlink a device without deleting your account data.
To request any of the above, email info@codeclowns.com with the subject line burn my file. We will action verified requests within 30 days. Uninstalling the companion (npm uninstall -g @codeclowns/cookd and deleting ~/.cookd/) stops all future syncing immediately but does not, on its own, delete data already on our servers; email us for that.
8. This website
cookd.lol (this marketing site) does not set tracking cookies and does not run third-party analytics. The numbers shown here (tokens torched, press pool size, heat index) are aggregate figures, not tied to any individual visitor. If that changes, this policy will be updated and the date at the top will reflect it.
9. Children's privacy
Cookd is a developer tool intended for professional and hobbyist software engineers. It is not directed at children, and we do not knowingly collect data from anyone under 16.
10. Changes to this policy
If we change what the companion reads or what gets synced, we will update this page, the SECURITY.md file in our open-source repository, and the date at the top of this policy. Material changes, anything that expands what leaves your machine, require a new version bump and a CHANGELOG entry before release.
11. Contact
CodeClowns Technologies LLP
Email: info@codeclowns.com
Source & full field-level documentation: github.com/codeclowns01/cookd. See SECURITY.md and docs/architecture/decisions/010-privacy-data-model.md.