Data Privacy
Understand how your data is stored, who has access, and how you maintain control over your information.
Your data privacy is a core design principle. The platform follows a local-first approach where possible, minimizing data sent to external services and giving you full control over your information.
Where Your Data Lives
Web Platform
| Data Type | Storage | Access |
|---|---|---|
| Account information | Supabase (PostgreSQL) | You + team admins |
| Chat conversations | Supabase (PostgreSQL) | You + team members (if shared) |
| Generated images/files | Supabase Storage | You + team members (if shared) |
| Authentication tokens | Supabase Auth | System only |
| Billing information | Stripe / Lemon Squeezy | Payment processor only |
Desktop App
| Data Type | Storage | Access |
|---|---|---|
| Task sessions & messages | SQLite (local) | You only |
| Long-term memories | SQLite with vector index (local) | You only |
| Generated files | Local filesystem | You only |
| MCP configurations | Local JSON files | You only |
| OAuth tokens | Encrypted local storage | System only |
| API keys | Encrypted with AES-256-GCM | System only |
Data You Control
View Your Data
- Web: Access your data through the dashboard and settings
- Desktop: All data is stored in local files you can inspect
Export Your Data
- Export chat histories and generated content
- Download all generated images and files
- Request a full data export from account settings
Delete Your Data
- Delete individual conversations or generated content
- Clear long-term memory in the desktop app
- Delete your account and all associated data
What We Send to AI Providers
When you use AI features, your prompts are sent to the selected AI provider (Anthropic, OpenAI, Google, etc.) for processing. Important points:
- Prompts and responses are sent to the AI provider you choose
- AI providers process your data according to their own privacy policies
- No training — We use API access which typically does not use your data for model training (verify with each provider's terms)
- Desktop agent — Prompts include only the content you provide and the context from your workspace (files the agent reads during execution)
What's NOT Sent
- Your account credentials
- Other users' data
- Data from other conversations (unless you reference it)
- Your billing information
Credential Security
API Keys
API keys for AI providers are stored with multiple layers of protection:
- AES-256-GCM encryption with unique initialization vectors per field
- PBKDF2-SHA512 key derivation for the encryption key
- Keys are never logged or exposed in error messages
- Keys are never sent to our servers (desktop app stores them locally)
OAuth Tokens
For integrations like Google Workspace and Slack:
- Tokens encrypted at rest
- Stored locally on your machine (desktop app)
- PKCE flow for secure OAuth exchanges
- Tokens can be revoked at any time from settings
What's Protected from Agents
The desktop app prevents agents from accessing sensitive files:
- SSH keys (
~/.ssh/) - AWS credentials (
~/.aws/) - GPG keys (
~/.gnupg/) - Docker configurations
- Environment files containing secrets
These protections are enforced at the OS level and cannot be bypassed by the agent.
Multi-Tenant Isolation
Web Platform
- Row-Level Security (RLS) ensures database queries only return data belonging to your account
- Team boundaries prevent cross-team data access
- Role-based permissions control what team members can see and do
Desktop App
- Workspace isolation confines all agent file operations to your chosen directory
- Folder permission consent requires explicit approval before accessing new directories
- No cross-session leakage — each task session has its own context
Third-Party Services
| Service | What It Receives | Privacy Policy |
|---|---|---|
| Anthropic | Prompts when using Claude | anthropic.com/privacy |
| OpenAI | Prompts when using GPT models | openai.com/privacy |
| Google AI | Prompts when using Gemini | ai.google/privacy |
| Supabase | Account data, web platform content | supabase.com/privacy |
| Stripe | Billing and payment data | stripe.com/privacy |
Tips
- Use the desktop app for maximum privacy — your data stays on your machine
- Review AI provider terms to understand how your prompts are handled
- Rotate API keys periodically for security hygiene
- Revoke unused OAuth connections from Settings > Integrations