matron

Privacy Policy

Effective date: 16 July 2026

Matron is a client for a coding agent that runs on your own computer. The short version: your data goes to a server you run, not to us. We designed Matron this way on purpose — conversations with a coding agent contain your code, your files, and your ideas, and none of that is ours to hold.

Where your data goes

Matron talks to a Matron journal server. You choose that server when you sign in, and you (or your team) operate it — we do not run a server that stores your conversations, and the app has no server of ours to default to. Everything the app transmits goes to the server you configured:

The operator of that server is whoever runs it — you, or whoever gave you your account. Their handling of this data is under their control, not ours.

What we receive

With one narrow exception — the push-notification relay described below — nothing. Matron has no analytics, no crash-reporting service, no advertising identifiers, and no tracking of any kind. We do not receive, store, or process your conversations, files, credentials, or usage data.

Push notifications

Delivering an Apple push notification requires credentials tied to the app, which self-hosted servers don't have. So, if your journal server has push enabled, it sends each notification through a relay we operate (push.matron.chat), which forwards it to Apple.

The relay is content-blind by design — the request format has no field for message text, sender names, or conversation content. A push request contains only:

The relay turns the category into a fixed phrase (for example, “Your agent needs you”), hands it to Apple, and forgets it: requests are not stored, and logs never contain request bodies or full tokens. What your agent actually said appears only when you open the app and it syncs from your own server.

What stays on your device

Your conversation history is cached locally so the app works quickly and offline. The local search index is stored with file protection enabled. Sign-in credentials and recovery keys are stored in the system Keychain. Settings such as your appearance choice and recently used folders are stored in local app preferences and never leave the device.

Agent access to your computer

Matron is a remote control for an agent running on your own machine. Anything you ask that agent to do — read files, run commands, change code — happens on your computer, under your control. Command output and file contents the agent sends back into a conversation are stored on your journal server with that conversation, as described above.

Voice notes and photos

Microphone access is used only to record a voice note when you choose to record one. Photo library access is used only to attach a photo you pick. Neither is accessed in the background, and neither is used for any purpose other than sending the attachment you selected — to your own server.

Retention and deletion

Because your data lives on your own server and your own devices, retention is in your hands: delete conversations from your server, or delete the app to remove the local cache. We hold nothing to delete on our side.

Your rights

Depending on where you live, you may have rights to access, correct, export, or delete personal data. Since we hold none of your data, these rights are exercised against the operator of your journal server. If you believe we hold anything about you, contact support@matron.chat and we'll tell you (the expected answer is that we don't).

Children

Matron is not directed at children and is not intended for use by anyone under 13.

Changes

If this policy changes materially — for example, if we ever add another optional service operated by us — the new version will be posted here with an updated effective date, and it will describe exactly what that service sees.

Contact

support@matron.chat