Privacy Policy

OpenClone is local-first. All captured data — audio transcriptions, screen OCR, browsing history, journal entries — is stored exclusively in your Obsidian vault as plain .md files on your own machine or server.

The backend daemon does not phone home, does not send usage telemetry, and makes no outbound connections except to the AI provider you explicitly configure (see BYOK section below).

All macOS plugins process data locally before sending anything to the backend:

• – mac-audio: audio captured via ScreenCaptureKit and AVFoundation, transcribed on-device by Whisper (local model, no cloud STT). Only the text transcript is sent to your backend via localhost.
• – mac-screen: screenshots OCR'd on-device via Apple Vision framework. Only extracted text is forwarded. Raw images are never stored or transmitted.
• – Browser extension: captures page URLs and readable text from the current tab. Data is sent directly to your backend. No data is sent to any OpenClone-operated server.

All plugins require explicit permission in System Settings (Screen Recording, Microphone). Plugins are disabled by default and must be opted in.

The iOS and macOS companion apps communicate exclusively with your backend — the URL you configure in Settings. No requests are made to any OpenClone-operated server in self-host mode.

During the TestFlight beta, Apple may collect anonymous crash reports and basic usage metrics as part of the TestFlight platform. This is standard Apple infrastructure and is subject to Apple's Privacy Policy. OpenClone itself embeds no analytics SDK in the app.

OpenClone is Bring Your Own Key. Your AI API key (OpenAI, Anthropic, OpenRouter, Gemini) is stored in your own .env file on your server. It is never sent to OpenClone servers.

When you ask a question, your backend sends a request directly to your chosen AI provider, including relevant context excerpts from your vault. This data is subject to your AI provider's privacy policy — not ours.

The Claude Code CLI agent mode runs as a subprocess on your machine. It reads your vault files locally (Grep/Read/Glob), then calls the Anthropic API directly. Your vault content that gets sent to the API is determined by what the agent chooses to include as context — exactly as if you ran claude yourself in the terminal.

During the 30-day trial, your data is hosted on our infrastructure in a dedicated, isolated container. All data is encrypted at rest (AES-256 disk encryption). We do not access, read, analyze, or sell your data.

After trial expiration, your data is permanently deleted from our servers within 7 days. We provide export tools so you can migrate to self-host or Auto-VPS before the trial ends.

For the Auto-VPS tier, the server lives in your own cloud account (Hetzner, OVH). We never have persistent access to it. We may temporarily connect during initial provisioning, and that's it.