Scope and publisher
This notice applies to the open-source Second Opinion by AmanERP Codex plugin. It does not replace the privacy notices of Anthropic, GitHub, OpenAI, your employer, or any other service you choose to use with the plugin.
AmanERP publishes the plugin and its documentation. The plugin runs on your workstation and does not create an AmanERP account or connect to an AmanERP-operated plugin service.
Language notice: this English notice is the authoritative version for the plugin.
Content sent to Anthropic
When you explicitly invoke a plugin skill, the local runner sends the content you selected—such as a question, context file, supplied diff, or pull-request metadata and diff—to Anthropic through your separately installed and authenticated Claude Code CLI.
The plugin discloses this transfer before execution. Content travels from your workstation to Anthropic; AmanERP does not operate a proxy and does not receive the prompt, source material, credential, or model response.
Credentials and child processes
Your Claude Code and, for GitHub PR mode, GitHub CLI credentials remain under the control of those locally installed tools. The runner passes each child process a separate, minimal environment allowlist and does not write credential values to plugin artifacts.
The runner intentionally removes custom endpoint and unsupported cloud-provider configuration from the model child. Your workstation, credential provider, proxy, certificate store, Claude Code, and GitHub CLI may have their own logging or data practices.
Local artifacts and retention
Successful and failed runs can create owner-only local files containing sanitized request metadata, content hashes, the model response, a schema-validated result, a rendered report, a provenance receipt, and redacted diagnostics. By default these files are stored in .codex/amanerp-second-opinion/runs/ inside the current workspace.
AmanERP cannot view, recover, retain, or delete these local artifacts. You control their retention through your filesystem, backup, repository-ignore, and organizational data-handling policies. Removing the plugin does not remove existing artifacts.
Plugin telemetry
The plugin contains no AmanERP analytics, advertising identifier, background reporting, publisher account, or hosted storage. AmanERP therefore receives no plugin usage telemetry.
Codex, Claude Code, Anthropic, GitHub CLI, GitHub, your operating system, or your organization may independently collect data under their own settings and policies. Visiting this website is covered by the main AmanERP website privacy policy.
Sensitive and personal data
The runner rejects common sensitive filenames and high-confidence credential patterns by default, but it is not a complete data-loss-prevention system. Minimize and sanitize context before sending it. Do not send secrets, regulated data, personal data, or confidential source unless you are authorized and the transfer complies with your applicable policies and Anthropic agreement.
An explicit sensitive-input override exists for exceptional authorized use and is recorded in the local receipt. Using that override does not transfer compliance responsibility to AmanERP.
Your choices
- Do not invoke the plugin; both skills are explicit-only.
- Use a smaller, sanitized context bundle or a synthetic diff.
- Inspect local artifacts, move approved records to your retention system, or delete them.
- Revoke or change credentials through Claude Code, Anthropic, GitHub CLI, or GitHub.
- Uninstall the plugin from Codex at any time.
Security, questions, and changes
Report vulnerabilities through the repository's private GitHub vulnerability-reporting flow. For privacy or publisher questions, email hello@amanerp.com. Never email credentials or confidential source material.
Material changes to this notice will update the date above and the public repository history. The version in force when you use a release applies to that use.