The short version
Matadoor has no servers and collects no data.
No analytics. No telemetry. No account. No usage metrics. No crash reporting SDK. No advertising IDs. No fingerprinting. Matadoor pairs your iPhone or iPad with the free Matadoor Host app on your own Mac and drives terminals and AI coding agents over a direct, end-to-end connection between your devices. There is no Matadoor infrastructure in the middle — because there is none.
How your devices connect
A Matadoor session is a private link between your phone and your Mac. Two transports carry it, and neither passes through us:
- Same Wi-Fi (offline).On a shared local network the session runs over Apple's MultipeerConnectivity — device-to-device, encrypted by the system, with no internet involved at all.
- Remote. Away from your Mac, the session runs over a direct WebRTC data channel encrypted with DTLS (STUN only; no relay in v1). The bytes flow phone-to-Mac, not through any Matadoor server.
What pairing exchanges
Pairing is a QR scan plus an explicit approval on your Mac. The phone and Mac perform an X25519 key exchange to derive a session key, and the Mac operator must approve each device before any command runs. The camera is used only to read the pairing QR code shown by Matadoor Host; images are never stored or uploaded.
Optional remote signaling (your own iCloud)
To set up a remote WebRTC connection, the two devices need to exchange a small amount of connection information (SDP and ICE candidates). When you connect remotely, Matadoor exchanges this through your own private iCloud (CloudKit) database, under your Apple ID — never a Matadoor account or server. It carries connection metadata only, and it is sealed with ChaCha20-Poly1305 before it is written. On the same Wi-Fi, this step is skipped entirely. If you never connect remotely, nothing touches iCloud.
Agents and terminals run on your Mac
The terminals and coding agents (Claude Code, Codex, OpenCode, Cursor) run on your Mac, as your user, exactly as they would if you were sitting at the keyboard. Matadoor makes no LLM API calls of its own and ships no cloud component. What an agent you launch does is governed by that tool's own behavior and policies — Matadoor simply relays your input and its output over the encrypted session.
What we never see
Because there is no Matadoor server, none of the following exists in any infrastructure we operate (our infrastructure being: none):
- Your name, email, phone, IP address, or device identifiers.
- Your terminal input or output, the commands you run, the files on your Mac, or anything an agent reads or writes.
- Session timing, feature usage, taps, or any behavioural data.
- Crash reports. Matadoor implements no crash-reporting SDK.
In-app purchase
Matadoor unlocks with a single one-time purchase processed by Apple through the App Store. Apple handles the transaction under Apple's privacy policy; Matadoor receives only the entitlement (purchased or not) and never sees your payment details.
Children's privacy
Matadoor is rated 4+. Because no personal data is collected from any user, the same policy applies regardless of age: nothing collected.
Changes
If we ever materially change how Matadoor handles data, we will publish an updated version of this page and announce it in the release notes. The effective date at the top reflects the current policy. The current policy is: nothing is collected.
Contact
Questions about this policy: admin@ohmslaw.net