Privacy policy

Aitopus Privacy Policy

Privacy is the foundation of Aitopus: a local-first AI workspace where your chats, attachments, local models, and settings stay on your device unless you explicitly choose a cloud provider. This page explains what data Aitopus stores, when information leaves your device, how to manage your data, and how cloud model requests work when you choose to use them.

Last reviewed: May 6, 2026

On this page

Summary

Local by default

Chats, attachments, settings, models, and retrieval indexes live on your device.

Explicit cloud route

Cloud requests are sent directly to the selected provider only after approval.

No Aitopus account

There is no sign-up, hosted profile, or Aitopus cloud copy of your chats.

Secure key storage

Provider API key secrets are stored through the operating system secure store.

  • No Aitopus account, sign-up, or hosted user profile is required.
  • Aitopus does not operate a hosted chat-sync service.
  • Chats, attachments, settings, downloaded local models, and local retrieval indexes are stored on your device.
  • API keys for cloud AI providers are stored in the operating system secure credential store.
  • A message leaves your device only when you select a cloud model and approve sending content to that provider.
  • Aitopus does not include advertising SDKs, analytics SDKs, crash-reporting SDKs, or tracking.
  • Aitopus does not sell personal data or use data for third-party advertising.

Accounts and sign-in

Aitopus does not require sign-up, email registration, social login, or an Aitopus-hosted user profile.

Because Aitopus does not create user accounts, there is no Aitopus account to delete. Users can delete local data from the app and by removing the app from their device, subject to the operating system's normal backup and storage behavior.

Data stored on this device

Local app data

Aitopus stores workspace data on your device.

Chats, files, indexes, models, settings, and provider-key records are kept locally unless you choose a cloud model for a request.

Chats

Conversations are stored in the app's local SQLite database.

Attachments and search data

Attachments, extracted text, attachment search indexes, and local retrieval indexes live in the app data folder.

Local models

Optional downloaded .gguf local model files are stored as local files under app data.

Settings

Settings are stored locally through the Tauri store.

Provider keys

API key metadata is stored locally, while API key secrets use the operating system secure store instead of the chat database. On Apple platforms, that means the native keychain or protected-store path used by the app's keyring integration.

When data leaves the device

Request privacy

Your data leaves the device only when you choose a cloud model for that request.

Aitopus prepares requests locally. Local models keep the work on your device; cloud models receive only the active request and context needed for a reply.

Local models

When you use a local model, generation runs on your device.

Your prompt, relevant chat context, compatible attachment text, and generated reply stay on your device.

Cloud models

When you choose a cloud model, Aitopus sends the active request directly to the selected provider over HTTPS.

The request may include your message, relevant chat context, and supported attachment content. Depending on the selected provider and model, attachment content may be sent as native image or file input, extracted text, retrieved snippets, or full text from attached documents.

Never sent by Aitopus

Aitopus does not send unrelated chats, your full local database, local model files, or API keys for other providers.

Analytics, advertising identifiers, and background telemetry are not included.

Attachments

Aitopus supports user-selected attachments such as images, PDFs, office documents, text files, Markdown, CSV, JSON, HTML, CSS, JavaScript, Python files, and selected open document formats.

Attachment behavior depends on the selected model.

  • Images may be sent as native image input to compatible cloud vision models.
  • PDFs and documents use extracted text or retrieval-augmented context.
  • Local models do not receive native binary attachment payloads.
  • File uploads are validated by type and size before use.
The app requests access only to files the user chooses. It does not scan the broader file system.

Data retention and deletion

Local retention

Your data stays on your device until you remove it.

Chats, attachments, downloaded local models, retrieval data, and settings are managed locally. Provider key secrets stay in secure system storage and can be removed from settings.

Chats and files

Remove conversation content and the files attached to it.

Delete individual chats from the chat history.

Delete attachments associated with chats.

Access and configuration

Clear the local settings that connect models and providers.

Remove saved provider API keys from settings.

Delete downloaded local models from the model management UI.

Full cleanup

Remove app-managed data when you want to reset the workspace.

Delete the retrieval model from the services UI.

Remove the app to delete app-container data according to the platform's normal uninstall behavior.

Cloud provider data is managed by that provider. When you choose a cloud model, the selected provider may keep request history, logs, or other copies according to its own policies. Aitopus cannot delete data held inside a third-party provider account.

Tracking, advertising, and analytics

No tracking. No ads. No background telemetry.

Aitopus does not track users across apps or websites, does not include advertising or analytics SDKs, and does not sell personal data.

No advertising SDKs

Aitopus does not embed ad networks or ad measurement code.

No analytics SDKs

There is no product analytics SDK measuring app behavior.

No crash-reporting SDKs

Aitopus does not include background crash-reporting SDKs.

No tracking prompts

Aitopus does not ask to track you across apps or websites.

No IDFA access

Aitopus does not access Apple advertising identifiers.

No fingerprinting

There is no third-party attribution or fingerprinting code.

Aitopus does not use background telemetry to observe how you work, what you write, which files you choose, or which models you use.

Content safety

Aitopus is not a social network, publishing platform, public feed, or anonymous chat service. User chats are private local conversations and are not posted to a shared Aitopus service.

AI model output can still be wrong, unsafe, or offensive. Users can report problematic responses through the contact page.

Report a response

Privacy questions

For privacy questions, support, or deletion requests, use the Aitopus contact page.

Ask a privacy question

Changes to this policy

This page shows the last reviewed date at the top. If this policy is updated, the reviewed date will change and the updated text will describe how Aitopus handles data.