ommandable

Legal & Compliance

Terms of Service

These Terms of Service ("Terms") govern your use of the Commandable platform (the "Service"). By accessing or using the Service you agree to be bound by these Terms. If you do not agree with any part of the Terms, you may not access the Service.

1. You are responsible for your use of the Service and any content you create or deploy using Commandable.
2. We grant you a limited, non-exclusive, non-transferable license to use the Service.
3. The Service is provided "as-is" without warranties of any kind.
4. To the maximum extent permitted by law, Commandable is not liable for indirect or consequential damages.
5. We may update these Terms from time to time. Continued use of the Service constitutes acceptance of the revised Terms.

Privacy Policy

We respect your privacy. Commandable collects the minimum amount of data necessary to operate the Service and improve your experience. We never sell personal data.

• Data we collect: account information you provide (such as email address), usage logs and agent telemetry.
• How we use data: to operate the Service, improve reliability and inform product decisions.
• Data retention: we retain data only as long as necessary for the purposes above.
• Your rights: you can request deletion of your personal data at any time by contacting theo@commandable.ai.

Security & Compliance

Security is foundational to Commandable. Our infrastructure follows industry best practices:

  • Data in transit is encrypted via TLS 1.2+; data at rest is encrypted with AES-256.
  • Role-based access control and least-privilege principles across our systems.
  • Regular vulnerability scanning and third-party penetration testing.
  • Continuous monitoring and automated alerting for anomalous activity.
  • GDPR-aligned data processing and sub-processor agreements.

Integration-Specific Terms

This section explains how Commandable handles data obtained through third‑party integrations. Provider‑specific terms may apply as outlined below.

Google API Services & Limited Use

Commandable integrates with Google APIs using OAuth 2.0 and adheres to Google's API Services User Data Policy, including the Limited Use requirements.

  • Limited Use compliance: We use Google user data only to provide or improve user‑facing features that are prominent and expected within Commandable. We do not use Google user data for serving ads.
  • No unwanted transfer: We do not sell or transfer Google user data to third parties, except (a) to service providers acting as processors bound by written data protection terms, (b) to comply with applicable law, or (c) with your explicit direction or consent.
  • Restricted human access: We do not allow humans to read Google user data unless necessary for security (e.g., abuse investigation), to comply with law, to meet applicable regulatory requirements, to fix an issue with your explicit request, or when data is aggregated and de‑identified.

How we access, use, and share Google user data

  • Access: Access is obtained via OAuth 2.0 after you explicitly grant consent on Google's consent screen. We never request your Google account password. OAuth tokens are stored securely and encrypted at rest.
  • Use: We use the data strictly to perform the actions you initiate or enable in the product (for example, reading limited metadata to display content, or writing updates you explicitly trigger). We request the minimum set of scopes necessary for the relevant feature, and scopes are disclosed on the consent screen.
  • Sharing: We do not share Google user data with third parties other than subprocessors necessary to deliver the Service, each bound by confidentiality and data protection obligations. We never sell Google user data.
  • Retention: We retain Google user data only for as long as needed to provide the Service you enabled. Cached data and tokens are deleted when you disconnect your Google account or when no longer required.
  • Revocation and deletion: You can disconnect Commandable from your Google account at any time within the product. You can also revoke our access directly in your Google Account settings at myaccount.google.com/permissions. For data deletion requests, email privacy@commandable.ai.

If our use of Google user data changes, we will update this policy and request consent again where required.

Legal entity: Tepid Innovations Limited

Registered address: 79 Beauval Road, London, England, SE22 8UH

Contact: theo@commandable.ai