Privacy Policy | WindowSill - Universal AI-Powered Command Bar for Windows

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Application, Website, or Service and tells You about Your privacy rights and how the law protects You. The Application collects anonymous Usage Data and performance metrics which are transmitted to Sentry for monitoring and improvement purposes only. By using the Service, You agree to the handling of information in accordance with this Privacy Policy.

1. Interpretation and Definitions

1.1 Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

1.2 Definitions

For the purposes of this Privacy Policy:

You means the individual accessing or using the Application, Website, or Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Application, Website, or Service, as applicable.
Developer (referred to as either "the Developer", "We", "Us" or "Our" in this Agreement) refers to WindowSill's owner and development team.
Application or App refers to the WindowSill software application for Windows devices.
Website refers to WindowSill's website, accessible from https://getwindowsill.app
Service refers to the Application, Website, Dashboard, and API collectively.
Country refers to: Washington, USA.
Extensions means third-party software components that enhance or extend the functionality of the Application.
WindowSill+ refers to premium features, subscriptions, or licenses available for the Application.
WindowSill Pro refers to premium features, subscriptions, or licenses available for the Application for enterprise organizations.
Microsoft Store refers to Microsoft's digital distribution platform for Windows applications.
AI Service Providers means third-party artificial intelligence service providers such as OpenAI, Anthropic, Azure OpenAI, Google (Gemini), xAI, OpenRouter, or other AI companies whose services are integrated with the Application.
Sentry refers to Sentry.io, a third-party error tracking and performance monitoring service used by the Application to collect anonymous usage data and performance metrics.
Stripe refers to Stripe, Inc., a third-party payment processor used by the Website and Service to handle subscription billing for enterprise organizations.
Dashboard refers to the web-based interface accessible through the Website where users can manage their accounts, organizations, billing, and settings.
Remote Settings refers to configuration settings managed through the Dashboard that are synchronized to the WindowSill desktop Application for enterprise deployments.
Device Token refers to an authentication token created by organization administrators that enables silent sign-in for the WindowSill desktop Application in enterprise deployments.
Subscription refers to a recurring payment arrangement for WindowSill+ or WindowSill Pro features, either through the Microsoft Store (for individuals) or Stripe (for enterprise organizations).
Service Provider means any natural or legal person who processes the data on behalf of the Developer. It refers to third-party Service Providers or individuals who facilitate the Service, provide the Service on behalf of the Developer, perform services related to the Service, or assist the Developer in analyzing how the Service is used.
Personal Data is any information that relates to an identified or identifiable individual.
Non-Personal Data is any information that does not relate to an identified or identifiable individual.
Device means any device that can access the Service such as a computer, cellphone, or digital tablet.
Usage Data refers to anonymous data collected automatically by the Application and transmitted to Sentry for performance monitoring and improvement purposes (for example, application crash reports, error logs, performance metrics, and feature usage statistics).

2. Information We Collect

2.1 Anonymous Usage Data and Performance Information

The Application automatically collects anonymous Usage Data and performance information which is transmitted to Sentry, a third-party error tracking and performance monitoring service. This data is collected for the purpose of Application performance monitoring, reliability improvement, and error detection. The collected data includes:

Application crash reports and error logs (anonymized)
Performance metrics (startup time, memory usage, response times)
Feature usage statistics (which features are used and how often)
Device information (operating system version, hardware specifications)
Application version and configuration information

Anonymous Data Collection: All Usage Data transmitted to Sentry is anonymous and does not contain any Personal Data. The Developer cannot identify individual users from this data. Your files, clipboard content, text You type, or any personally identifiable information is never collected or transmitted.

2.2 Sentry Integration

The Application uses Sentry.io for error tracking and performance monitoring. Anonymous Usage Data is transmitted to Sentry's servers located in the United States. This integration allows the Developer to:

Monitor application performance and stability
Identify and fix bugs and crashes
Understand how features are being used
Improve overall application quality

Sentry's data processing is subject to Sentry's Privacy Policy and their data processing agreements. Sentry is certified under various privacy frameworks and implements appropriate security measures for data protection.

Data Location: Usage Data transmitted to Sentry is stored on servers located in the United States. Sentry implements industry-standard security measures and complies with applicable data protection regulations.

2.3 Website Analytics

The Website may use standard web analytics tools to understand how visitors interact with the Website. This helps the Developer improve the Website experience and includes Non-Personal Data such as page views, referral sources, and general geographic regions. This is separate from the Application and applies only to Website usage.

2.4 Website Cookies

The Website uses cookies to provide and improve the user experience. We use two types of cookies:

Essential Cookies: These are necessary for the Website to function properly and cannot be disabled. They enable basic functions like page navigation and access to secure areas of the Website.
Analytics Cookies: These cookies help us understand how visitors interact with the Website by collecting and reporting information anonymously. They are used with Google Analytics to measure Website performance and user engagement. These cookies are only set with your explicit consent.

Cookie Consent: When you first visit our Website, you'll see a cookie consent banner. You can choose to accept all cookies, decline optional cookies, or manage your preferences. Your consent choices are stored locally in your browser and you can change them at any time.

For analytics cookies, we use Google Analytics which is subject to Google's Privacy Policy. We have configured Google Analytics to anonymize IP addresses and use secure, strict cookie settings.

2.5 Account Data

When You create an account through the Dashboard, the Developer collects and stores the following Personal Data:

Email address - Used for account identification, authentication, and communication
Display name - Your chosen name displayed within the Service
Account type - Whether Your account is Individual or Enterprise
Account timestamps - When Your account was created and last login time
IP address - Temporarily stored when verification codes are requested, for security purposes

Passwordless Authentication: The Service uses passwordless authentication via email verification codes. No passwords are stored. Verification codes expire after 15 minutes (for sign-in) or 24 hours (for registration) and are automatically deleted after use.

2.6 Organization Data

If You create or join an organization through the Dashboard, the Developer collects and stores:

Organization name - The display name of Your organization
Domain - The email domain associated with Your organization (e.g., company.com)
Member information - List of organization members and their roles (Admin or Member)
Billing identifiers - Stripe customer and subscription IDs for payment processing
Remote Settings - Configuration settings that sync to the WindowSill desktop Application
Device Tokens - Authentication tokens for enterprise deployment (stored encrypted)
AI provider API keys - If configured, Your AI provider API keys are stored with AES encryption

2.7 Payment Processing

The Service uses different payment processors depending on Your subscription type:

For Individual Users (B2C): WindowSill+ subscriptions and lifetime licenses purchased through the Microsoft Store are processed entirely by Microsoft. The Developer does not have access to Your payment card information or billing details for these purchases.

For Enterprise Organizations (B2B): WindowSill Pro subscriptions and lifetime licenses are processed through Stripe. The Developer stores only Stripe identifiers (customer ID, subscription ID) and billing event history. Your payment card information is handled directly by Stripe and is never stored on the Developer's servers.

Stripe's data processing is subject to Stripe's Privacy Policy. Stripe is certified under various privacy frameworks including SOC 2 and implements appropriate security measures for payment data protection.

3. Third-Party AI Services

The Application integrates with various AI Service Providers to offer text assistance features. When You use AI-powered features, Your text may be sent to these third-party AI Service Providers for processing:

OpenAI: Subject to OpenAI's Privacy Policy
Anthropic: Subject to Anthropic's Privacy Policy
Azure OpenAI: Subject to Microsoft's Privacy Statement
Google (Gemini): Subject to Google's Privacy Policy
xAI: Subject to xAI's Privacy Policy
OpenRouter: Subject to OpenRouter's Privacy Policy
WindowSill AI: This provider relies on OpenAI models. The WindowSill AI service does not keep any personal information. However, since it relies on OpenAI, the use of WindowSill AI is subject to OpenAI's Privacy Policy
Other AI Service Providers: Each AI Service Provider maintains their own privacy policies, which are clearly listed within the Application

Note: You can also use local AI models for enhanced privacy. When using local models, Your data never leaves Your Device.

4. Extensions

The Application supports third-party Extensions that may enhance its functionality. From a privacy perspective:

4.1 Extension Data Handling

Extensions operate independently from the Application and may have their own data collection, processing, and privacy practices. The Developer has no control over or visibility into:

What data Extensions may collect from You or Your Device
How Extensions process or store Your information
Whether Extensions transmit data to external servers
Extension compliance with privacy laws and regulations

Important Privacy Notice: Each Extension may have its own privacy policy and data handling practices. The Developer strongly recommends reviewing each Extension's privacy policy before installation and use.

4.2 Developer's Responsibility Regarding Extensions

The Developer does not:

Monitor or control Extension data collection practices
Have access to data collected by Extensions
Validate Extension privacy policies or practices
Accept responsibility for Extension privacy violations
Provide support for Extension-related privacy issues

4.3 Your Privacy Rights with Extensions

When using Extensions, You should:

Review each Extension's privacy policy before installation
Understand what permissions and data access Extensions require
Contact Extension developers directly for privacy-related concerns
Remove Extensions if You are uncomfortable with their privacy practices
Monitor Extension behavior and data usage on Your Device

5. Microsoft Store Integration

The Application is distributed through the Microsoft Store. Microsoft handles all purchase transactions, subscription management, and payment processing for WindowSill+ subscriptions and lifetime licenses. The Developer does not have access to Your payment information or Personal Data from Microsoft Store purchases.

For subscription management, refunds, or billing inquiries, please refer to:

6. Data Security

The security of Your anonymous Usage Data is important to us. The following security measures apply:

Only anonymous, non-personal data is transmitted from the Application
No Personal Data is collected or transmitted by the Application
Access to Usage Data is restricted to authorized personnel for application improvement purposes only

Note: This section applies only to data transmitted by the Application to Sentry. Extensions and AI Service Providers may have different security practices over which the Developer has no control.

7. Data Retention

The Developer retains different types of data for different periods based on operational and legal requirements:

Account Data: Retained until You request account deletion. Upon deletion request, Your data will be removed within 30 days, except where retention is required by law.
Verification Codes: Automatically expire (15 minutes for sign-in, 24 hours for registration) and are deleted after use or expiration.
Organization Data: Retained while the organization is active. When a member leaves an organization, their membership data is deleted, except for billing event records.
Billing Events: Retained for approximately 30 days after organization departure for operational purposes, and up to 7 years for tax and audit compliance where required by law.
Anonymous Usage Data (Sentry): Retained according to Sentry's data retention policies. Since this data is anonymous and cannot be linked to individual users, it is used solely for application improvement purposes.

Note: Extensions may have their own data retention policies that are independent of the Application. Please consult individual Extension privacy policies for their data retention practices.

8. Your Rights and Choices

8.1 Privacy Choices

Regarding data management and privacy choices, You have the following options:

Anonymous Data: Since all Usage Data transmitted to Sentry is anonymous, the Developer cannot identify or modify data associated with individual users
Local AI Only: Choose to use only local AI models to ensure all AI processing remains on Your Device
Cookie Management: You can manage your cookie preferences for the Website through the cookie consent banner or by clearing your browser's cookies. Analytics cookies are only set with your explicit consent and can be declined at any time
Extension Control: You can install, uninstall, or disable Extensions at any time through the Application's settings
Contact Developer: Contact the Developer if You have questions about the Application's data handling or would like to request information about the types of data collected

8.2 Data Subject Rights (GDPR/CCPA)

Depending on Your location, You may have certain rights under data protection laws such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). These rights may include:

Right to Access: Request a copy of the Personal Data the Developer holds about You
Right to Rectification: Request correction of inaccurate Personal Data
Right to Erasure: Request deletion of Your Personal Data (subject to legal retention requirements)
Right to Data Portability: Request Your data in a structured, commonly used format
Right to Restriction: Request limitation of processing of Your Personal Data
Right to Object: Object to processing of Your Personal Data for certain purposes

To exercise any of these rights, please contact the Developer at support@getwindowsill.app. The Developer will respond to Your request within 30 days and may require verification of Your identity.

Account Deletion: To request deletion of Your account and associated data, contact the Developer at support@getwindowsill.app. Your data will be deleted within 30 days, except for billing records retained for legal compliance.

Extensions Privacy: For privacy choices related to Extensions, You must contact each Extension developer directly. The Developer cannot control or modify Extension privacy settings.

9. Children's Privacy

The Application does not knowingly collect Personal Data from children under 13. The anonymous Usage Data collected through Sentry cannot be linked to individual users, including children. If You are a parent or guardian and have concerns about Your child's use of the Application, please contact the Developer.

Extensions Warning: Extensions may have different age restrictions and privacy practices regarding children. Parents should review each Extension's privacy policy before allowing children to use them.

10. Changes to This Policy

The Developer may update this Privacy Policy from time to time. The Developer will notify users of any material changes through the Application or on the Website. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

11. Contact Information

If You have any questions about this Privacy Policy or the Developer's privacy practices, please contact the Developer:

Email: support@getwindowsill.app
Discord: Join our Discord community

Extension Privacy Questions: For privacy questions related to specific Extensions, please contact the Extension developers directly. The Developer cannot provide support for Extension privacy matters.

12. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the jurisdiction where the Application is developed and maintained.

For the most up-to-date version of this Privacy Policy, please visit the Website regularly.