Kobel Icon

Privacy Policy

Last updated: 29 May 2026 · Version 1.2

This English version is provided for your convenience. For consumers, the language version provided to you applies; vis-à-vis businesses, the German version (datenschutz.html) is authoritative.

Kobel runs largely offline on your device. The app transmits data over the internet only in a few specific cases: floating-licence validation via device hash (Pro/Team/Pro one-time), the update check, purchase processing via Paddle, optional cloud connections, the optional ChatGPT tunnel via Cloudflare (Windows only), optional team-policy synchronisation set by your IT administrator, and the app-proxy subprocesses you set up yourself. Your files and settings otherwise never leave your device.

1. Controller

Amoria · Owner: Lara Möller · Lucia-Pogwisch-Ring 5 · 24253 Probsteierhagen · Germany · hello@kobel.app

2. Overview

Kobel is a desktop application that acts as an access gateway between your local files and AI applications. Its core functions (file-access gateway, knowledge store, MCP connection to AI apps) run entirely locally on your device. Personal data is transmitted only in the following cases:

In all other cases your data does not leave your device.

3. Data processed by the Kobel app (local)

3.1 State data (box-state.json)

Kobel stores a local configuration file on your computer: the paths of the folders and files you add (paths only, not file contents; these may contain your operating-system user name, e.g. C:\Users\YourName\Documents\…), the permission level (traffic-light colour) per file or folder, your project names and assignments, and your preferences (e.g. language).

Storage location — Windows: %APPDATA%\studio.amoria.box\ · macOS: ~/Library/Application Support/studio.amoria.box/ · Linux: ~/.local/share/studio.amoria.box/

3.2 Knowledge database (knowledge.db)

Kobel includes a local knowledge store in which connected AI applications can save notes, summaries, or project knowledge via the MCP interface. This database is stored exclusively on your computer (SQLite). Because AI applications can write to it freely, it may contain personal data if you share such information with the AI in conversation. Kobel does not collect this data itself. You can view and delete entries at any time in the Settings.

3.3 Detection of installed AI applications

When you want to connect an AI app, Kobel checks only whether known installation directories or configuration files exist on your computer. No file contents are read, and the results are neither stored nor transmitted.

3.4 AI app configurations

When you connect an AI application, Kobel writes a configuration entry to that app's config file. This entry contains only the path to the Kobel executable and the server name — no personal data.

3.5 File copies (permission level "Orange")

At the "Orange" level, Kobel creates a copy of your file in the same directory as the original (with a "_kopie" suffix) when requested by the AI application. The copy is subject to the same operating-system permissions as the original.

4. File sharing with AI applications

Kobel lets you share local files with AI applications (e.g. Claude Desktop, ChatGPT, GitHub Copilot) via the MCP protocol over local system connections (stdio pipes) — not over the network. You control access through the traffic-light system: Red (invisible to the AI), Yellow (read only), Orange (works on a copy), Green (may edit the original).

When an AI application retrieves the list of shared files it receives the full file paths, which may contain your OS user name. Kobel itself does not transmit this to the internet; however, the connected AI application may send conversation content (including file paths and file contents) to its own servers in accordance with that provider's own privacy policy (e.g. Anthropic for Claude, OpenAI for ChatGPT, Microsoft for GitHub Copilot). Amoria has no control over how AI providers process your data. Please review their privacy policies before sharing sensitive files.

5a. Licence validation (floating licence) — Pro one-time, Pro subscription & Team

For an active Pro one-time, Pro subscription, or Team licence, the software transmits once per month, encrypted over HTTPS, to kobel.app/api/check-abo.php: the licence key and a 32-character device hash (SHA-256 of the Windows MachineGuid or macOS IOPlatformUUID). The hash is not reversible, contains no personal data within the meaning of Art. 4(1) GDPR, and is used solely to bind the licence to a single device.

Purpose (floating licence): to prevent the simultaneous use of one licence on multiple devices. Per licence key, only one (1) device is concurrently activated.

Device transfer: When the key is entered on a new device, the previous device enters a seven-day grace period during which Pro features continue to work; thereafter, the old device falls back to the Basic version. Re-entering the key on the original device during the grace period reverses the transfer.

Change vs. version 1.1: Earlier versions did not perform an online check for one-time Pro licences. With the introduction of the floating-licence model (v1.2), one-time purchase licences now also perform the monthly status check to verify device binding.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract). The validation request is not logged in personally identifiable form on the server; the activated device is stored in the activations table of the licence database licenses.sqlite (device hash, timestamp, status) and is automatically deleted after a licence transfer (status released) or licence end.

5b. Update check

To deliver security and program updates, the app periodically checks our server (kobel.app/releases/latest.json) for a newer version. As with any internet request, your IP address and the current app version are transmitted to the server in the process. No further personal data is collected, and the request is not used to create a user profile.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing a secure, up-to-date product) and, for security updates of digital products supplied to consumers, Art. 6(1)(c) GDPR in conjunction with the statutory update obligation.

5c. Purchase processing via Paddle

All paid purchases (Pro one-time, Pro subscription, Team subscription) are processed by Paddle.com Market Ltd. (Judd House, 18–29 Mora Street, London EC1V 8BT, United Kingdom) as Merchant of Record. Paddle acts as the seller towards the customer and processes payment data (card, PayPal, billing address, tax country, checkout IP address) on its own responsibility.

After a successful purchase, Paddle transmits the following data to the provider via webhook, which is stored in the licence database licenses.sqlite: licence key, plan type, status (active/cancelled), customer email, Paddle customer ID, activation count (to enforce seat limits), and creation/cancellation timestamps.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract); for the retention of tax-relevant data additionally Art. 6(1)(c) GDPR in conjunction with § 147 AO (German Fiscal Code). Retention: on cancellation the record is set to status=cancelled; tax/commercial records are kept for up to 10 years (§ 147 AO) and then deleted. Customer emails kept solely for support purposes without tax/commercial relevance are deleted no later than 24 months after the contract ends. Paddle privacy policy: paddle.com/legal/privacy

5d. Cloud connections (Google Drive, Dropbox)

At your explicit request, Kobel can connect folders from Google Drive and/or Dropbox via OAuth 2.0 (Authorization Code Flow with PKCE).

Independent third-party controllers: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google Drive); Dropbox International Unlimited Company, One Park Place, Upper Hatch Street, Dublin 2, Ireland (Dropbox).

Stored locally: access token (short-lived), refresh token (for silent renewal), and the email address of the connected account (for display in the UI), in %APPDATA%\studio.amoria.box\cloud-tokens.json on your device only. Tokens leave your device only towards the OAuth endpoints of the respective providers. Legal basis: Art. 6(1)(a) GDPR (consent by connecting the account); revocable at any time in the Kobel settings via "Disconnect cloud connection" and in your Google/Dropbox account.

5e. ChatGPT tunnel via Cloudflare (Windows, optional)

This feature is disabled by default and starts only on your explicit action (e.g. clicking "Connect ChatGPT"). It is not available in the Mac App Store version due to Apple sandbox requirements.

If you activate it, Kobel downloads the cloudflared helper once from GitHub, Inc. (88 Colin P Kelly Jr St, San Francisco, CA 94107, USA) and verifies it against a pinned SHA-256 hash. cloudflared then opens an encrypted tunnel to Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA) and provides a random *.trycloudflare.com URL through which ChatGPT (as an MCP client) can access your shared files. During download and operation, your IP address, user agent, and HTTP request headers are transmitted to GitHub and Cloudflare; Cloudflare may process connection and threat data under its own privacy policy.

International transfers: Cloudflare, Inc. and GitHub, Inc. are independent controllers based in the United States. Transfers rely on the EU-US Data Privacy Framework (Commission adequacy decision of 10 July 2023, OJ L 231) and additionally on EU Standard Contractual Clauses (Art. 46(2)(c) GDPR).
Legal basis: Art. 6(1)(a) GDPR (consent by activating the feature); for the international transfer additionally Art. 49(1)(a) GDPR. Revocable at any time with effect for the future via "Stop tunnel" in the Kobel settings; cloudflared.exe can be deleted manually from %APPDATA%\studio.amoria.box\.
Third-party privacy notices: Cloudflare · GitHub

5f. Team policy (IT-administrator configuration, optional)

Disabled by default. Applies only if an IT administrator of your organisation enters a policy source in the Kobel settings — either an HTTPS URL (e.g. https://it.example.com/kobel-policy.json) or a local/UNC path. Kobel loads the JSON file at start-up and periodically thereafter, and enforces the rules it contains (path block-lists, allowed file types, disabling of the app proxy, write/delete restrictions, AI whitelist, pre-installed app-proxy entries).

When using an HTTPS URL, Kobel transmits your IP address, user agent, and possibly cookies to the policy server when fetching the file; this server is operated by your organisation or its provider — Amoria has no influence over it. The most recently loaded policy is cached locally in box-state.json.

Notice to employees: if you use Kobel within your employment relationship and your employer has set a policy source, your employer can centrally restrict Kobel's functionality on the workplace device. The employer is an independent controller and fulfils its own information obligations under Art. 13 GDPR / § 26 BDSG. Kobel itself does not transmit the contents of your shared files to the policy server as part of the synchronisation.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest of the provider and the organisation in secure, compliant use); in the employment context additionally § 26(1) BDSG / Art. 88 GDPR with the applicable national rules.

5g. App proxy (external MCP servers, optional)

At your explicit request, Kobel can launch external MCP-compatible applications as subprocesses. Each app is added manually by you (or by your IT administrator via the team policy, Section 5f). For each entry, box-state.json stores the display name, executable path, launch parameters, and any environment variables (env) you provide. The latter often contain third-party credentials (e.g. API keys for GitHub, Notion, Slack, databases, or in-house systems). They are stored in plain text in the local app-data folder, protected by your operating-system file permissions, and do not leave the device toward Amoria or Paddle.

What the MCP servers you start actually do lies outside Kobel's control. A subprocess may itself open network connections to its own third parties (e.g. GitHub API, Notion API, internal corporate servers). The provider of the relevant MCP server is the controller for those processings; please consult its privacy policy.
Legal basis: Art. 6(1)(b) GDPR (provision of the feature at your request); for the local storage of the env variables Art. 6(1)(f) GDPR. Recommendation: use API keys with the minimum required scope ("least privilege") per third party and revoke tokens with the relevant third party when no longer needed.

6. When you visit this website

When you access this website, the web host stores technical access data (IP address, browser type and version, operating system, referrer URL, date/time of the request, data volume transferred, HTTP status code) in the server log. These data serve solely for the technical provision, error analysis, and IT security of the website and are not combined with other data sources.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a technically sound and secure website). Retention: a maximum of 14 days, then automatic deletion or anonymisation. Host: the website is hosted by 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; a data processing agreement under Art. 28 GDPR has been concluded.

6.1 Anonymous server statistics

For certain server requests (downloading an installer, licence checks against our API) we increment a purely statistical counter. No personal data is stored: the IP address is immediately converted into a country code within the PHP script and then discarded. Countries with fewer than 5 events are grouped as "XX" (k-anonymity). There is no tracking, profiling, or session tracking. Legal basis: Art. 6(1)(f) GDPR.

6.2 Cookies

This website uses only technically necessary cookies required for operation and security. No tracking, analytics, or advertising cookies are used. Legal basis: § 25(2) no. 2 TDDDG and Art. 6(1)(f) GDPR.

6.3 Fonts

Fonts (Google Fonts) are embedded locally. When the page loads, no connection to Google servers is established and no IP addresses or other personal data are transmitted to Google.

6.4 Contact by email and security reports

If you contact us by email, the data you provide are used to process your request and then deleted. Vulnerability reports sent to security@kobel.app are processed to maintain product security and to meet statutory reporting obligations (EU Cyber Resilience Act); details are set out in our security policy.

7. Legal bases (GDPR)

8. Retention and deletion

Local data on your device (configuration, knowledge database, cloud tokens) are not deleted automatically; they remain until you remove them. You can delete all locally stored data at any time by removing the folder listed in Section 3.1. When uninstalling, this data may remain — please delete the folder manually if you wish to remove everything. Cloud tokens can additionally be removed via "Disconnect cloud connection" in the settings.

Licence database (Paddle webhook): during the contract term the data are stored to enforce the subscription and seat limit; after cancellation the record is set to cancelled; tax/commercial invoicing data are kept for the statutory periods (up to 10 years, § 147 AO; 6 years, § 257 HGB) and then deleted; customer emails without tax/commercial relevance are deleted no later than 24 months after the contract ends.

9. Your rights under the GDPR

You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17, subject to statutory retention obligations), restriction (Art. 18), data portability (Art. 20), and objection to processing based on Art. 6(1)(f) (Art. 21). You may withdraw consent with effect for the future at any time (Art. 7(3)), in particular for the cloud connections. To exercise your rights, contact hello@kobel.app.

You also have the right to lodge a complaint with a supervisory authority (Art. 77). The competent authority for us is the Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD), Holstenstraße 98, 24103 Kiel, Germany, datenschutzzentrum.de.

10. International privacy information

Kobel is available worldwide via the Microsoft Store and the Mac App Store. The country-specific notes below supplement the information above; the data flows described in Sections 5a–5d apply in all cases.

10.1 California, USA (CCPA/CPRA)

California residents have the right to know about, delete, and correct personal information concerning them, and to opt out of its "sale" or "sharing". Amoria does not sell or share personal information as defined by the CCPA/CPRA. The payment and licence data required for a purchase or subscription are processed via Paddle (Merchant of Record) and in the provider's licence register (see Section 5c). To exercise your CCPA/CPRA rights, contact hello@kobel.app.

10.2 United Kingdom (UK GDPR)

For UK users the principles of the UK GDPR apply as described above. You may complain to the Information Commissioner's Office (ICO): ico.org.uk.

10.3 Canada (PIPEDA)

For Canadian users the principles of PIPEDA apply to the processing described above. For payment processing, data are transmitted to Paddle (Section 5c).

10.3a Québec, Canada (Law 25 / Bill 64)

Users resident in Québec also benefit from the Loi modernisant des dispositions législatives en matière de protection des renseignements personnels (Law 25, formerly Bill 64) read together with the Loi sur la protection des renseignements personnels dans le secteur privé. You have, in particular, the right to access, rectify, port (since September 2024), and restrict the processing of your personal information. A privacy impact assessment is performed before any transfer of personal information outside Québec; processing by Paddle (UK) and, where applicable, Cloudflare and GitHub (US, optional ChatGPT tunnel) takes place on the basis of your consent and with contractual safeguards. Requests under Law 25: hello@kobel.app. Supervisory authority: Commission d'accès à l'information du Québec (CAI), cai.gouv.qc.ca.

10.4 Brazil (LGPD)

For Brazilian users the principles of the LGPD apply to the processing described above. The data subject rights under Art. 18 LGPD can be exercised at hello@kobel.app.

10.5 Australia (Privacy Act)

For Australian users the Australian Privacy Principles (APPs) of the Privacy Act 1988 apply to the processing described above.

10.6 Note on AI applications

The AI applications you connect may transmit conversation content (including file paths and file contents) to their servers according to their own privacy policies. This processing is not controlled by Kobel or Amoria. Please review the privacy policies of the AI applications you use.

11. Third-party providers and processors

Kobel uses open-source libraries that run locally on your computer; a full list with licences is available in the application under Help → Licenses. For individual services the providers named in Sections 5c, 5d, 5e, and 6 are used: Paddle as Merchant of Record (5c), Google and Dropbox for optional OAuth cloud connections (5d), Cloudflare and GitHub for the optional ChatGPT tunnel of the Windows version (5e), and IONOS as web host (6). Subprocesses launched by you via the app proxy (5g) and the third parties they connect to act on their own responsibility. Where providers act on our behalf, the data processing agreements required under Art. 28 GDPR have been concluded; where they act as independent controllers (in particular Paddle for payment processing, and Cloudflare/GitHub for their respective services), data are transmitted on the legal bases set out in Section 7.

12. Children

Kobel is a paid productivity tool aimed at adults and businesses. A contract is concluded only with persons who are at least 18 years old. Amoria does not knowingly collect personal data from children under 16. If we become aware that personal data of a minor has been processed without the required parental consent, we will delete the record without undue delay. Please send any related notice to hello@kobel.app.

13. Changes to this privacy policy

Changes to this privacy policy are published together with software updates. The current version is always available within the application and on this website.

14. Contact

Amoria · Lara Möller · Lucia-Pogwisch-Ring 5 · 24253 Probsteierhagen, Germany · hello@kobel.app