SideButton Privacy Policy
Last updated: April 2026
SideButton has two parts with different data profiles:
- Local software — runs entirely on your machine. No telemetry. Workflows, run logs, and browser data stay on your computer.
- Cloud services (portal and MCP connector) — optional. Only the data needed to run and dispatch your agent jobs is processed; details are in section 2.5 below.
1. Data Controller
The data controller responsible for processing your personal data on this website is:
SideButton
Email: [email protected]
Website: https://sidebutton.com
2. Data We Collect
2.1 The Software (Local Installation)
When you use SideButton locally, we collect no data. Everything runs on your machine:
- Workflows are stored locally on your computer
- Browser automation happens in your browser
- Run logs are stored locally
- No telemetry or analytics are sent
2.2 This Website
When you visit this website, the following data may be processed:
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address (waitlist) | Product launch notification | Consent (Art. 6(1)(a) GDPR) |
| IP address (fonts) | Font delivery via Google/jsDelivr | Consent (Art. 6(1)(a) GDPR) |
2.3 Third-Party Services
This website uses the following third-party services:
- Google Fonts (fonts.googleapis.com) — Font delivery. Google Privacy Policy
- jsDelivr CDN (cdn.jsdelivr.net) — Font delivery. jsDelivr Privacy Policy
- Google Forms — Waitlist signup collection. Google Privacy Policy
These services are based in the United States. By accepting cookies on this website, you consent to the transfer of your data (IP address) to these US-based services for the purpose of displaying fonts correctly.
2.4 Third-Party Integrations (Software)
If you configure SideButton to use third-party services (such as OpenAI, Anthropic, or other AI providers), your data may be sent to those services according to your workflow configuration. Please review the privacy policies of any third-party services you integrate with.
2.5 Cloud Services (Portal and Claude Connector)
SideButton also offers optional cloud services: the portal at
sidebutton.com/portal and the Claude
connector MCP endpoint at https://sidebutton.com/mcp/sse. When you
create a cloud account or use the connector, the following data is processed:
| Data | Purpose | Legal Basis |
|---|---|---|
| Email, display name, Auth0 subject | Account identity, login via Auth0 | Contract (Art. 6(1)(b) GDPR) |
| API token / agent token | Authenticate connector and agent requests | Contract (Art. 6(1)(b) GDPR) |
| Issue-tracker credentials (optional) | Dispatch jobs against your Jira / GitHub if you enable it | Consent (Art. 6(1)(a) GDPR) |
| Workflow dispatch metadata and run logs | Show job status, retry, audit | Contract (Art. 6(1)(b) GDPR) |
| Chat thread messages (if you use the in-portal chat) | Persist your assistant conversations | Contract (Art. 6(1)(b) GDPR) |
Cloud data is stored in a SQLite database on a dedicated server in the EU (Hetzner, Germany). Secrets and tokens are stored in the same database with restricted access.
Sub-processors we use for the cloud services:
- Auth0 (Okta) — account login and identity. Processes your email and password according to the Auth0 / Okta privacy policy.
- Hetzner Online GmbH — server and database hosting in Germany. Hetzner privacy policy.
- Cloudflare — CDN and TLS termination. Cloudflare privacy policy.
- Amazon Web Services (AWS) — agent virtual machines (where the actual work runs). EU region by default. AWS privacy notice.
- Anthropic — when you connect via Claude, OAuth tokens and MCP tool calls pass through Anthropic. Anthropic privacy policy.
When a connected AI agent executes a workflow, the agent VM may send inputs (including issue-tracker content you authorized, such as Jira ticket text) to the LLM provider configured for your account (OpenAI, Anthropic, etc.). You control which LLM provider is used, and you can revoke issue-tracker credentials or disable the connector at any time from the portal settings.
We do not use your cloud data to train AI models, and we do not sell it.
3. How We Use Your Data
We use the limited data we collect to:
- Send you a one-time product launch notification (if you joined the waitlist)
- Display fonts correctly on this website
- Authenticate and operate your cloud account (portal and Claude connector)
- Dispatch, execute, and show the status of workflow jobs you request
We do not sell your data. We do not use your data for advertising. We do not use your data to train AI models. We do not share your data with third parties except the sub-processors listed in section 2.5 and as described above.
4. Data Retention
| Data | Retention Period |
|---|---|
| Waitlist email addresses | Until product launch (estimated 1-2 months), then deleted |
| Cookie consent preference | Stored in your browser's localStorage until you clear it |
| Cloud account (email, tokens, settings) | Until you delete your account; then removed within 30 days |
| Workflow run logs and job metadata | 90 days, then purged |
| Chat thread messages | Until you delete the thread or your account |
5. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Right of Access (Art. 15) — Request a copy of your personal data
- Right to Rectification (Art. 16) — Request correction of inaccurate data
- Right to Erasure (Art. 17) — Request deletion of your data ("right to be forgotten")
- Right to Restrict Processing (Art. 18) — Request limitation of processing
- Right to Data Portability (Art. 20) — Receive your data in a structured format
- Right to Object (Art. 21) — Object to processing based on legitimate interests
- Right to Withdraw Consent (Art. 7(3)) — Withdraw consent at any time
To exercise these rights, contact us at [email protected].
6. Right to Lodge a Complaint
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.
A list of EU data protection authorities can be found at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
7. Cookies
This website uses the following types of data storage:
| Name | Purpose | Duration |
|---|---|---|
| sidebutton_cookie_consent | Remember your cookie consent choice | Persistent (localStorage) |
Third-party services (Google Fonts, jsDelivr) may set their own cookies. These are only loaded if you accept cookies via our consent banner.
8. Children's Privacy
SideButton is not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at [email protected].
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
10. Contact
For questions about this Privacy Policy or to exercise your data protection rights, contact us at:
Email: [email protected]
GitHub: https://github.com/sidebutton/sidebutton
Related Policies
- Terms of Service — legal terms for using SideButton
- Content Policy — guidelines for knowledge packs on the marketplace
- Imprint — legal notice and service provider information