Does Coord run on my computer?

Coord's platform lives in the cloud — that's where you plan, track, and collaborate on jobs. The Runner is a lightweight app that runs on your computer and executes agent sessions locally using your own compute and API keys.

A runner is a lightweight desktop app that connects your machine to Coord. It polls for available jobs, claims work from the queue, and spawns agent sessions locally. Your API keys and compute stay on your machine.

What is an agent farm?

An agent farm is a network of runners across your team's machines, each spawning and executing AI agent jobs. Coord coordinates the farm — queuing work and distributing jobs to keep everything running.

Can I use my own AI providers?

Yes. Coord currently supports Claude Code (Anthropic), Codex (OpenAI), and Gemini (Google). You bring your own API keys — agents run locally on your machine, so your keys stay with you and are never sent to Coord's servers.

How many runners can I run?

You can run a runner on as many machines as you want to increase execution capacity. Each machine runs one runner instance. The number of jobs a runner can handle simultaneously depends on your subscription tier and available system resources.

Do agents and teammates work together?

Yes. Every job has a team. Add any workspace member to a job and they get live visibility into agent sessions, shared notes, and the ability to step in — provide input when agents are blocked, review output, or pick up where an agent left off. Jobs flow between agents and teammates with full context at every handoff.

Can multiple people work on the same job?

Absolutely. Every job can have team members. Everyone on the job sees the same live progress, can add notes, upload files, and step in at any point. Whether it's two developers and an agent, or a designer and a project lead reviewing output — Coord keeps everyone in sync without status meetings or message threads.

How does the GitHub integration work?

Install the Coord Bot GitHub App on your repos. When an agent runs a repo-scoped job, it clones the repo, creates an isolated branch, writes code, and opens a draft PR automatically. You review the PR in Coord or GitHub, and Coord can monitor CI and merge when checks pass.

What happens during code review?

You can view diffs directly in Coord or in GitHub. Approve the PR and Coord merges it, or request changes and the agent revises with full context from its previous session. Review feedback creates a new attempt on the same job — no need to start over.

Can agents access my private repos?

Yes, if you grant the Coord Bot GitHub App access to those repos. Access is controlled at two levels — scoped per GitHub App installation, then further refined per workspace. You choose exactly which repos each workspace can access, even if the installation covers more.

How are job files handled?

It depends on the job type. For repo jobs, code stays between your machine and GitHub — Coord never stores your source code. For local and user jobs, files and deliverables are uploaded to Coord's encrypted storage so teammates on the job can access them.

What happens when a job fails?

Coord automatically retries failed jobs up to five times, resuming from where the agent left off with full session context. If it still fails, the job surfaces in your activity feed so you can intervene or restart manually.

How does Coord handle data security?

All data stored in Coord is fully encrypted. Scale plans include dedicated encryption keys, and Enterprise clients can bring their own keys (BYOK).

Privacy Policy

Effective Date: March 19, 2026 | Version 2.0

NIM Labs LLC | nim-labs.com | privacy@coord.io

1. Introduction and Scope

NIM Labs LLC ("NIM Labs," "we," "us," or "our"), a Delaware limited liability company, operates the Coord agentic job orchestration platform available at coord.io (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect personal data and other information when you use the Service, visit our website, or communicate with us.

This Policy applies to all users of Coord, including individuals using the Service in a personal capacity and individuals using the Service on behalf of an organization. If you are using Coord under an enterprise agreement that includes a Data Processing Agreement (DPA), the DPA governs data processing activities to the extent it conflicts with this Policy.

Coord operates a local-execution model: Jobs run on machines you control via the Toolbar Runner. NIM Labs does not have access to your local file systems, execution environments, or the contents of files processed by Jobs unless you explicitly transmit that content to our platform.

2. Information We Collect

2.1 Account and Registration Information

When you create an Account, we collect:

Name and email address
Organization name (optional at registration, may be required for team plans)
Authentication credentials (passwords are hashed and never stored in plaintext)
Billing contact information (collected by our payment processor Polar.sh; we do not store full payment card numbers)

2.2 Usage Analytics and Telemetry

We collect data about how you interact with the Service to operate, improve, and secure it. This includes:

Feature interactions: which views, workflows, and settings you use
Session data: login timestamps, session duration, device type, and browser/OS information
Navigation data: pages visited within the Service and referring URLs
Performance data: API response times, error rates, and feature load times
Account-level aggregates: number of Jobs created, Workspaces, and active users

2.3 Job Execution Logs, Session Records, and Agent Communication

To provide the orchestration service, we collect and process metadata about Job executions. This includes:

Job identifiers, names, and configuration metadata
Execution status (queued, running, completed, failed) and timestamps
Error messages and stack traces generated during Job execution
Concurrency and run duration statistics
Tool approval requests and execution events: when an AI agent requests permission to use a tool (e.g., file system access, terminal execution), the question text, tool name, and truncated tool input are transmitted to the Coord platform so they can be displayed to team members for review
Session communication records: Coord stores the prompts it sends to launch and direct your agent (Claude Code, Codex, Gemini, or other supported agents) and the responses it receives back. These session records are stored in S3, count against your account storage quota, and are subject to user-controlled deletion as described in Section 6. Coord is an orchestration layer — it does not operate the LLM or AI agent itself. The agent runs on your own machine under your own OS permissions using your own API keys and LLM account.

Session communication records (prompts and responses) and files associated with sessions and jobs are stored in S3 and count against your account storage quota. The contents of these records may include personal data depending on what you or your agents process. Coord does not have access to your local file system beyond what is explicitly transmitted to the platform as described in this Section.

For GitHub Repository Jobs, Coord accesses your GitHub repositories via an authorized GitHub App integration. Code changes are made directly on GitHub (branch creation, pull requests) without your repository code transiting Coord's S3 storage. Coord processes GitHub installation tokens, repository metadata, issue references, and branch/commit information for these jobs.

2.4 Communications

If you contact us for support, provide feedback, or respond to surveys, we retain those communications and any information you provide within them.

2.5 Website Analytics

When you visit coord.io, we collect aggregated, non-personal usage data via Vercel Web Analytics and Vercel Speed Insights. These services are privacy-focused and do not use cookies, do not collect personal identifiers, and do not track users across websites. Data collected includes aggregated page views, referrer URLs, device type, browser and OS type, geographic region, and performance metrics (Core Web Vitals). Visitors are identified by a temporary hash derived from the incoming request, which is automatically discarded after 24 hours and cannot be used to reconstruct an individual's browsing session or personally identify a visitor. Vercel Analytics is used on both the coord.io marketing website and the authenticated Coord application.

2.6 Information We Do Not Collect

To be explicit, NIM Labs does not collect:

The contents of your local file systems or execution environments
Your Third-Party LLM API keys — NIM Labs does not collect, store, or have access to your LLM API keys. They remain on your local machine and are used directly by the AI agent running locally. They are never transmitted to Coord's servers.
Payment card numbers or banking information (handled by Polar.sh)
Sensitive personal categories of data such as health, biometric, or financial account data

3. How We Use Your Information

3.1 Service Operations

We use collected data to:

Provision, operate, and maintain your Account and Workspace
Execute and orchestrate Jobs as directed by your configuration
Authenticate your identity and enforce access controls
Send transactional emails (account confirmations, password resets, Job notifications)
Calculate and enforce subscription tier limits (active runs, storage, Workspace members)

3.2 Service Improvement

We use aggregated and de-identified analytics data to:

Understand feature usage patterns and prioritize product development
Diagnose and resolve technical issues
Optimize platform performance and reliability
Develop new features and improve existing ones

We do not use individual User Content or Job execution data to train AI or machine learning models.

3.3 Security and Compliance

We use data to detect and prevent fraudulent, abusive, or illegal activity; to enforce our Terms of Service and Acceptable Use Policy; and to comply with applicable legal obligations.

3.4 Communications

We may use your email address to:

Send service-related announcements, security alerts, and policy updates
Respond to your support requests and inquiries
Send product updates and feature announcements (you may opt out of marketing emails at any time)

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data under the following legal bases:

Legal Basis	Processing Activities
Contract Performance (Art. 6(1)(b))	Account registration, subscription management, Job orchestration, technical support
Legitimate Interests (Art. 6(1)(f))	Usage analytics, platform security, fraud prevention, product improvement (where interests do not override your rights)
Legal Obligation (Art. 6(1)(c))	Tax and financial record-keeping, compliance with court orders and lawful requests
Consent (Art. 6(1)(a))	Marketing emails (you may withdraw consent at any time). Note: Vercel Analytics does not use cookies or collect personal data and does not require consent.

5. Data Sharing and Disclosure

5.1 Service Providers (Sub-processors)

We share data with trusted third-party service providers who process data on our behalf under written data processing agreements. These include:

Cloud hosting, backend infrastructure, and file storage: Amazon Web Services (AWS)
Frontend web application hosting: Vercel Inc.
Payment processing: Polar.sh
Analytics: Vercel Web Analytics and Vercel Speed Insights (cookie-free, no personal data collected)
Email delivery: Resend

A current list of sub-processors is maintained at coord.io/subprocessors.

5.2 Third-Party LLM Providers

When you configure Jobs to use Third-Party LLMs (e.g., OpenAI, Anthropic, Google), the AI agent running on your local machine communicates directly with your LLM provider using API keys stored on your machine. Coord does not proxy, route, or have access to these API calls. Those providers process data under their own privacy policies and terms. NIM Labs is not responsible for the data practices of Third-Party LLM providers.

5.3 Business Transfers

If NIM Labs undergoes a merger, acquisition, reorganization, or sale of all or substantially all of its assets, your data may be transferred as part of that transaction. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

5.4 Legal Requirements

We may disclose your information where required by law, regulation, or valid legal process (e.g., subpoena, court order, or government request), or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of NIM Labs, our users, or the public.

5.5 No Sale of Personal Data

NIM Labs does not sell, rent, or trade your personal data to third parties for their independent marketing or commercial purposes.

6. Data Retention

6.1 Account Data

We retain your Account data for as long as your Account remains active, plus a period of 90 days following Account deletion to allow for recovery if deletion was inadvertent. After that period, Account data is purged from our systems.

6.2 Job Execution Logs

Job execution metadata, session communication records, and associated files are stored in S3 and count against your account storage quota. You have full control over deletion: you may delete individual sessions or jobs at any time, configure automatic expiry periods per job, perform bulk deletion as a Workspace Owner, and selectively delete specific file types within a session.

6.3 Analytics Data

Aggregated, de-identified analytics data may be retained indefinitely for business intelligence purposes. Vercel Analytics retains visitor session hashes for a maximum of 24 hours; aggregated analytics data is retained by Vercel in accordance with their data retention policies.

6.4 Communications

Support communications and feedback are retained for up to 3 years to facilitate ongoing support and for quality assurance purposes.

6.5 Legal and Compliance

Where required by applicable law (e.g., tax records, financial transaction records), data may be retained for up to 7 years regardless of Account status.

7. Data Security

NIM Labs implements commercially reasonable technical and organizational security measures, including:

Encryption of data in transit using TLS 1.2 or higher
Encryption of data at rest for all stored User data, credentials, and files. Encryption key management is tiered by plan: Free, Starter, and Team plans use NIM Labs-managed shared encryption keys; Scale plans use a dedicated per-customer encryption key managed by NIM Labs; Enterprise customers may bring and manage their own encryption keys (BYOK)
Access controls limiting internal access to personal data on a need-to-know basis
Regular security monitoring, logging, and vulnerability management
LLM API keys: NIM Labs does not collect or store Third-Party LLM API keys — they remain on your local machine. OAuth authentication tokens (for GitHub and Google sign-in) are encrypted at rest using AES-256-GCM.

Despite these measures, no security system is impenetrable. In the event of a data breach that affects your personal data, we will notify affected users as required by applicable law (including within 72 hours of discovery for breaches subject to GDPR, where feasible).

8. Cookies and Tracking Technologies

The only cookies used on coord.io are strictly necessary cookies for authentication and security:

Cookie Name	Provider	Duration	Purpose
coord_session	NIM Labs	Session	Maintains authenticated user session
csrf_token	NIM Labs	Session	Security token to prevent cross-site request forgery

Vercel Web Analytics and Vercel Speed Insights are used to collect aggregated usage and performance data. These services do not use cookies, do not collect personal identifiers, and do not track users across websites. No analytics consent banner is required because no cookies or personal data are involved.

Full details are provided in our standalone Cookie Policy.

9. International Data Transfers

NIM Labs is based in the United States. If you are accessing the Service from outside the United States, including from the European Economic Area (EEA), please be aware that your personal data will be transferred to and processed in the United States, which may have different data protection laws than your home country.

For transfers of personal data from the EEA, UK, or Switzerland to the US, we rely on one or more of the following transfer mechanisms:

Standard Contractual Clauses (SCCs) approved by the European Commission
The EU-US Data Privacy Framework (where certified)
Other lawful transfer mechanisms as applicable

Enterprise customers who require Standard Contractual Clauses as part of a Data Processing Agreement may request these by contacting privacy@coord.io.

10. Your Privacy Rights

10.1 Rights Under GDPR (EEA / UK / Switzerland)

If you are located in the EEA, UK, or Switzerland, you have the following rights under the GDPR:

Right of Access: Request a copy of the personal data we hold about you
Right to Rectification: Request correction of inaccurate or incomplete personal data
Right to Erasure: Request deletion of your personal data in certain circumstances
Right to Restriction: Request that we restrict processing of your personal data
Right to Data Portability: Request your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests or direct marketing
Rights related to automated decision-making: Request human review of automated decisions

To exercise any of these rights, please submit a request to privacy@coord.io. We will respond within 30 days (extendable by a further 60 days for complex requests, with notice). We may verify your identity before processing your request.

10.2 Rights Under CCPA (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, and disclose
Right to Delete: Request deletion of personal information we have collected about you
Right to Correct: Request correction of inaccurate personal information
Right to Opt Out of Sale/Sharing: NIM Labs does not sell or share personal information for cross-context behavioral advertising
Right to Limit Sensitive Personal Information: We do not collect sensitive personal information as defined by CPRA
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To submit a CCPA request, contact privacy@coord.io or use the privacy request form at coord.io/privacy-request. We will respond within 45 days (extendable by a further 45 days with notice).

10.3 Other Users

Regardless of your location, you may access, update, or delete your Account information directly through your Account settings. To request complete Account deletion, use the Account deletion option in settings or contact privacy@coord.io.

11. Children's Privacy

The Service is not directed to children under 13 years of age (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact privacy@coord.io and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy periodically. If we make material changes, we will notify you by email to your registered address or via in-product notification at least 30 days before the changes take effect. The updated Policy will be posted at coord.io/privacy with the revised effective date.

13. Contact Us

For privacy questions, data subject requests, or concerns, contact:

NIM Labs LLC

Privacy Inquiries: privacy@coord.io

Data Subject Requests: coord.io/privacy-request

Address: 1907 Olympic Blvd, Santa Monica, CA 90404