Legal

Privacy Policy

gaal is built privacy-first. We collect the minimum needed to know the project is alive and useful, and nothing more.

Last updated: April 27, 2026

Who we are

The gaal CLI and this website are operated by nlsio LLC, 1715 Enclave Parkway, Apt. 306, Houston, TX 77077, United States. You can reach us at hello@getgaal.com.

Scope of this policy

This policy covers the gaal open-source CLI for individual use and the marketing website at getgaal.com. It does not cover any third-party AI coding agent, MCP server, or repository host that you choose to use alongside gaal — those services are governed by their own privacy policies.

What we collect

gaal ships with opt-in usage telemetry. Telemetry is off by default. When you turn it on, the CLI records anonymous usage events — for example, that a command was run — so we can understand how the tool is used and prioritize what to build next.

Telemetry is collected through a self-hosted instance of Plausible Analytics, the open-source, cookie-free, GDPR-friendly analytics tool. Our Plausible instance runs on infrastructure provided by SNR, a hosting provider located in Germany. Data stays on European servers.

What we do not collect

We deliberately do not collect, transmit, or store:

  • The contents of your skills, MCP server configs, or any YAML you give to gaal
  • Your source code, repository contents, or file paths
  • Identifiers about your machine (hostname, username, MAC address, IP-derived location beyond coarse country, etc.)
  • Prompts, completions, or any data exchanged with AI coding agents
  • Personal information of any kind

Plausible Analytics by design does not use cookies and does not build a cross-site profile of you.

Website analytics

The same self-hosted Plausible instance powers analytics on getgaal.com. Page views are recorded anonymously, with no cookies and no personal identifiers.

Opting in and opting out

CLI telemetry is opt-in. You can disable it at any time by following the instructions in the gaal documentation, and any future events will simply not be sent. We do not retain a way to identify you, so there is no per-user record to delete.

Data sharing

We do not sell, rent, or share telemetry data with third parties. Aggregated, anonymous statistics may occasionally appear in blog posts or release notes (for example, “command X is the most used”).

Security

The telemetry endpoint is served over HTTPS. Because we never collect identifying data, the blast radius of any incident is limited to coarse, anonymous usage counters.

Changes to this policy

We may update this policy as gaal evolves. Material changes will be announced in the repository’s release notes, and the “Last updated” date above will be revised.

Contact

Questions or concerns? Email hello@getgaal.com or open an issue on GitHub.