Chimp is a local-first desktop application. Almost all data stays on your machine. We make a small number of outbound network requests (AI API calls, license validation, and a tools feed check) and collect nothing beyond what is strictly necessary to provide those services.
Chimp is developed and maintained by Cloudnate. References to "we", "us", or "our" in this policy refer to Cloudnate. For enquiries, visit cloudnate.com.
The following data is stored exclusively on your local machine in the Chimp application data directory (~/.config/Chimp/ and ~/.chimp/). It is never transmitted to Cloudnate's servers.
| Data | Location | Encrypted? | Notes |
|---|---|---|---|
| API key | ~/.config/Chimp/config.json | Yes | Encrypted via electron-store. Never exposed to the renderer process or written to logs. |
| License key | ~/.config/Chimp/config.json | Yes | Encrypted at rest. Transmitted to the license server only for validation. |
| Session credentials | ~/.config/Chimp/config.json | Yes | Only a bcrypt hash (10 rounds) is stored — never the plaintext password. |
| AI response cache | ~/.config/Chimp/ | No | Plain JSON. Cached AI topic content to avoid repeat API calls. |
| Notes | ~/.config/Chimp/ | No | Per-topic markdown notes. Never transmitted. |
| My Topics | ~/.config/Chimp/ | No | User-created knowledge entries. Never transmitted. |
| Projects & playbooks | ~/.chimp/projects/ | No | All project data, architecture diagrams, playbooks, runs, and findings. |
| AI conversations | ~/.chimp/conversations/ | No | AI Assistant chat history, scoped per project. |
| Content cache | ~/.chimp/content/ | No | Exported or imported content pack files. |
You own all data stored locally. Cloudnate has no ability to access it.
Chimp makes the following outbound connections. Each connection is only made when the listed action is triggered — there is no background telemetry or heartbeat beyond license validation.
| Endpoint | When | What is sent |
|---|---|---|
AI Provider APIapi.anthropic.com (or other configured provider) | When AI content is requested and not found in the local cache | Your prompt text and project context. Governed by your AI provider's privacy policy (e.g., Anthropic Privacy Policy). |
OpenAI APIapi.openai.com | Only when fetching the live model list for an OpenAI-configured provider | Your OpenAI API key (in the Authorization header). No prompt data. |
License serverapi.chimp.io | On first use and periodically (every 7 days) for license validation | Your license key and a device fingerprint (hashed hardware identifiers). No personal data beyond the key. |
GitHub (raw)raw.githubusercontent.com | On app start and when "Check for Updates" is triggered in Settings | No authentication. A plain HTTP GET to fetch the public tools feed and content manifest. |
Chimp does not collect usage analytics, crash reports, feature telemetry, or any form of behavioural tracking. We do not know what topics you browse, what projects you create, or what commands you run.
When you use AI-powered features (topic generation, AI Security Assistant, playbook enrichment, executive summary), your prompt text is sent to your configured AI provider. Chimp does not modify or log these requests beyond what appears in the local cache.
Please review the privacy policy of your chosen AI provider:
Your API key is stored encrypted and is never sent to Cloudnate's servers.
License validation requires transmitting your license key and a hashed device fingerprint to api.chimp.io. The device fingerprint is a one-way hash of hardware identifiers used solely to enforce the per-machine seat limit of your license. It cannot be used to identify you personally.
Validation occurs on first launch and no more than once every 7 days thereafter. If the app cannot reach the license server (e.g., no internet connection), it continues to function normally until the validation window expires.
Chimp is a professional security tool not intended for use by children under 16. We do not knowingly collect any information from persons under 16.
All locally stored data persists until you delete it. There is no automatic expiry except for the AI response cache, which expires according to the Cache TTL setting (default: 7 days) and is automatically pruned at startup. You can clear all local data at any time from Settings → Cache & Data → Clear Cache or by removing the application data directories manually.
Because Chimp stores your data locally, you are in full control of it. You can:
~/.config/Chimp/ and ~/.chimp/ directly.For any privacy questions, contact us at cloudnate.com.
We may update this policy as the app evolves. The effective date at the top of this page will reflect the most recent revision. Significant changes will be noted in the Changelog.