Privacy Policy

The short version: I do not collect your personal data. The Software runs entirely on your machine. The Site has no analytics, no cookies, and no tracking.

1. Who I Am (Data Controller Identity)

For the purposes of the General Data Protection Regulation (GDPR) and equivalent laws, the data controller for any personal data processed in connection with this site is:

Sharmin Sirajudeen
Email: hey@drengr.dev

I do not have a Data Protection Officer. You may contact me directly at the email above for any privacy-related matter.

2. What I Do Not Collect

The Software collects no personal data, sends no telemetry, and performs no analytics or tracking of any kind.

Specifically:

• No usage statistics about how you use the Software
• No crash reports or error logs sent from your machine
• No device identifiers, IP addresses, or hardware fingerprints
• No information about the Devices you connect to using the Software
• No screen content, UI trees, or screenshots captured by the Software are sent to me
• No commands executed by the Software on your Devices are sent to me
• The SDK Server, when enabled, listens only on localhost (127.0.0.1) and does not transmit any data to me

The Site collects no personal data. The Site sets no cookies, tracking pixels, or local storage items. I do not use Google Analytics, Plausible, Fathom, Mixpanel, or any other analytics service. I do not embed third-party scripts that collect user data. The Site is a static site — no server-side logging of visitor IP addresses or request metadata is retained by me (though hosting infrastructure providers may maintain server access logs at their platform level as a technical necessity — I do not control or access such logs).

3. Data Flows to Third Parties

While I collect no data, the Software enables data flows to third parties that you initiate and control. You are the data controller for these flows. I am not a party to them.

3.1 AI Providers (OODA Mode)

When you use the Software's OODA Mode (drengr run) or any mode that calls an AI Provider API, the Software transmits to the AI Provider you have configured:

• Screenshots captured from the connected Device
• UI element trees and accessibility metadata from the Device screen
• Your natural language prompts and instructions
• Context information assembled by the Software

This data is transmitted using API credentials you supply. I do not see, receive, store, or process this data. The transmission occurs directly between your machine and the AI Provider's servers.

If screen content contains personal data — such as names, contact details, messages, or other information about identifiable individuals visible on the Device screen — that personal data is transmitted to the AI Provider. You are responsible for ensuring this transmission is lawful, including under the GDPR, CCPA, or other applicable law.

Each AI Provider's handling of data is governed by their own privacy policy:

• OpenAI: openai.com/policies/privacy-policy
• Anthropic: anthropic.com/legal/privacy
• Google: policies.google.com/privacy
• Groq: groq.com/privacy-policy

3.2 Cloud Device Providers

When you configure the Software to connect to remote Devices via Appium-compatible Cloud Device Providers (such as BrowserStack or Sauce Labs), commands and screen data flow to those providers under your account and under their terms and privacy policies. I am not a party to that data flow.

3.3 MCP Clients

When you connect the Software to an MCP client (such as Claude Desktop, Cursor, or Windsurf), that client may send commands to Drengr and receive screen data from connected Devices. The data flows between the MCP client and your Device pass through the Software on your local machine. I do not see, intercept, or store any of this data. Your use of MCP clients is governed by the respective client's privacy policy.

3.4 npm Registry and Install Script

If you install the Software via npm, the npm registry (operated by GitHub, Inc.) may collect installation metadata including your IP address and package version, in accordance with npm's privacy policy.

If you install via the curl install script from drengr.dev, your IP address will be visible to the server hosting the install script as part of the HTTP request. I do not log or retain these IP addresses.

4. Legal Basis for Processing (GDPR)

Because I do not collect or process personal data through the Software or the Site, no legal basis under GDPR Article 6 is applicable to my operations as a controller.

To the extent that any incidental processing of personal data occurs in connection with operating the Site (for example, through infrastructure-level server logs maintained by hosting providers), the legal basis is my legitimate interest (Article 6(1)(f)) in maintaining the security and operation of the Site, and such processing is proportionate to that interest. I do not use such data for any analytical or marketing purpose.

5. Your Rights Under GDPR (EEA, UK, and Switzerland Residents)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights with respect to personal data I control:

• Right of access (Article 15) — You may request confirmation of whether I process personal data about you and, if so, access to that data.
• Right to rectification (Article 16) — You may request correction of inaccurate personal data.
• Right to erasure (Article 17) — You may request deletion of personal data in certain circumstances.
• Right to restriction of processing (Article 18) — You may request that I restrict my processing of your personal data in certain circumstances.
• Right to data portability (Article 20) — You may request that I provide personal data you have given me in a structured, commonly used, machine-readable format.
• Right to object (Article 21) — You may object to processing based on legitimate interests.
• Right to withdraw consent (Article 7(3)) — Where I rely on consent as a legal basis, you may withdraw that consent at any time. Because I do not rely on consent as a legal basis for any current processing, this right is not presently applicable.

Because I do not collect personal data, a request to exercise any of these rights will typically result in a response confirming that I hold no personal data about you. To submit a request, contact me at hey@drengr.dev. I will respond within thirty (30) days.

You also have the right to lodge a complaint with your local supervisory authority. In the EEA, the list of supervisory authorities is available at edpb.europa.eu. In the UK, the supervisory authority is the Information Commissioner's Office.

6. Your Rights Under CCPA/CPRA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:

• Right to Know — You have the right to request disclosure of the categories and specific pieces of personal information I have collected about you, the sources of that information, my business purpose for collecting it, and the categories of third parties with whom I share it.
• Right to Delete — You have the right to request deletion of personal information I have collected about you.
• Right to Correct — You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing — You have the right to opt out of the sale or sharing of your personal information. I do not sell or share personal information.
• Right to Limit Use of Sensitive Personal Information — I do not process sensitive personal information.
• Non-Discrimination — I will not discriminate against you for exercising any of these rights.

Because I collect no personal information about you, a request to exercise any of these rights will confirm that I hold no personal information subject to a CCPA response. To submit a request, contact me at hey@drengr.dev.

Note: The CCPA applies to for-profit businesses meeting specific thresholds (annual gross revenue exceeding $25 million; buying, selling, or receiving personal information of 100,000+ California residents per year; or deriving 50%+ of annual revenue from selling personal information). I currently do not meet any of these thresholds. I provide these disclosures as a matter of transparency.

7. Children's Privacy

The Software is not directed to children under the age of 13 (or 16 in the EEA). I do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided personal information to me, please contact me at hey@drengr.dev and I will delete any such information. If I become aware that I have collected personal information from a child under the applicable age threshold without verifiable parental consent, I will take steps to delete that information promptly.

8. International Data Transfers

To the extent any personal data is processed in connection with the Site (for example, through hosting infrastructure), it may be transferred to and stored in countries other than your country of residence, including the United States.

Where such transfers involve personal data of EEA, UK, or Swiss residents, I rely on appropriate transfer mechanisms including the EU-US Data Privacy Framework (where applicable) or Standard Contractual Clauses adopted by the European Commission.

Because I collect no personal data through the Software, the GDPR's restrictions on international data transfers do not apply to data flows from the Software to AI Providers — those transfers are made by you, under your control, as the data controller.

9. Cookie Policy

The Site uses no cookies, web beacons, pixel tags, local storage objects, or equivalent tracking technologies. No consent banner is required because no tracking technologies are deployed.

10. Data Retention

Because I collect no personal data, there is no personal data to retain or delete. If you contact me by email, I may retain that correspondence as part of normal email archiving for as long as is reasonably necessary for the purpose for which it was sent.

11. Third-Party Links

The Site and Software documentation may contain links to third-party websites and services. This Privacy Policy does not apply to those third parties. I encourage you to review the privacy policies of any third-party services you use.

12. Changes to This Policy

I may update this Privacy Policy from time to time. If I make material changes, I will update the “Last updated” date at the top of this page. Your continued use of the Software or Site after any change constitutes your acceptance of the updated policy. If you disagree with a change, you should stop using the Software and Site.

13. Contact

For all privacy-related inquiries, to exercise your rights, or to raise a concern:

Sharmin Sirajudeen
Email: hey@drengr.dev