Files
opensquilla--opensquilla/PRIVACY.md
T
2026-07-13 13:12:33 +08:00

5.9 KiB

OpenSquilla Privacy Policy

OpenSquilla is a local-first desktop and CLI application. This policy describes what project-distributed OpenSquilla software stores locally, what it may send over the network, and how users can opt out or delete local data.

This policy covers OpenSquilla release artifacts published by the OpenSquilla project. Third-party AI providers, search providers, operating systems, app stores, package registries, and GitHub are governed by their own policies.

Local Data

OpenSquilla stores user configuration, sessions, logs, memory, scheduler state, cache, and provider settings on the user's machine. The default CLI/gateway state lives under ~/.opensquilla. The Electron desktop app also uses the platform Electron userData directory for desktop-specific configuration, encrypted credentials when Electron safeStorage is available, and gateway logs.

OpenSquilla does not require an OpenSquilla account. Provider API keys are configured by the user and are kept locally as environment variables, local configuration references, .env files, or desktop encrypted storage depending on the installation path and setup choices.

Provider Requests

OpenSquilla sends prompts, messages, tool results, selected files, or generated context to third-party AI providers only when the user configures a provider and starts a workflow that uses that provider. The exact data sent depends on the active provider, model, command, channel, skill, and user-selected context.

Users should review their configured provider's terms and privacy policy before using external models. OpenSquilla cannot control how an external provider stores, logs, filters, trains on, or processes requests after the provider API receives them.

Search, Channels, And Integrations

Features such as web search, channel connectors, GitHub workflows, browser automation, or other integrations may contact external services when the user configures and invokes them. OpenSquilla does not send those requests unless the corresponding feature is enabled by configuration or user action.

Network Observability Controls

OpenSquilla groups non-user-initiated network observability under one switch. Set this before startup to disable automatic install telemetry, passive update checks, and desktop startup auto-update checks:

OPENSQUILLA_PRIVACY_DISABLE_NETWORK_OBSERVABILITY=true

The same control can be set in configuration:

[privacy]
disable_network_observability = true

Legacy environment variables remain honored for compatibility:

OPENSQUILLA_TELEMETRY_DISABLED=true
OPENSQUILLA_UPDATE_CHECK_DISABLED=true

Manual user-initiated actions may still contact network services after user intent, including manual release, download, or update checks and configured providers, search, channels, automation, or integrations.

Installation Telemetry

OpenSquilla uses anonymous installation telemetry to estimate install counts, version adoption, and runtime compatibility. Telemetry is sent on first gateway startup and once per OpenSquilla version. Uploads use a short timeout and never block startup.

Telemetry payloads include:

  • schema version
  • locally generated stable install_id digest
  • OpenSquilla version
  • event type, such as install or version_seen
  • install method, such as pip, source, docker, desktop, or unknown
  • operating system, OS version, CPU architecture, and Python major/minor version
  • first-seen and sent timestamps
  • CI/test-environment marker

The install_id is a local one-way SHA-256 digest derived from usable MAC addresses, then local IP addresses when no MAC is available, with a random persisted fallback. Raw MAC addresses and raw IP addresses are not uploaded.

Telemetry does not include usernames, hostnames, local paths, API keys, provider configuration, chat content, session content, memory content, agent content, file names, or file contents. Source IP addresses may be visible to HTTP servers at the transport layer, but are not part of the telemetry payload.

Use the unified network observability switch above to opt out before startup. The legacy telemetry opt-out OPENSQUILLA_TELEMETRY_DISABLED=true remains honored for compatibility.

Advanced deployments can direct installation telemetry to their own endpoint:

OPENSQUILLA_TELEMETRY_ENDPOINT=https://example.com/v1/install

Logs And Diagnostics

OpenSquilla writes local logs for gateway, desktop, workflow, and troubleshooting purposes. Logs may include command names, runtime errors, provider identifiers, timestamps, local status, and diagnostic context. Users should review logs before sharing them publicly because logs may reflect local configuration or workflow details.

Updates And Downloads

OpenSquilla release downloads are hosted on GitHub Releases. Downloading release assets may expose standard request metadata, such as IP address and user agent, to GitHub and network intermediaries. Release checksums are published in SHA256SUMS when release assets are generated.

The unified network observability switch disables passive update checks and desktop startup auto-update checks. Manual release, download, or update checks may still contact GitHub after the user asks OpenSquilla to perform them.

Deletion

Use opensquilla uninstall to remove OpenSquilla. By default it removes the program and keeps user data. To delete local state and configuration, opt in:

opensquilla uninstall --purge-state
opensquilla uninstall --purge-config
opensquilla uninstall --purge-all

The command previews and limits deletion to OpenSquilla-owned paths. Desktop and Docker installs may require platform-specific removal steps shown by the uninstall command; desktop data cleanup does not remove the OS app bundle.

Security And Privacy Reports

Report security or privacy issues through the process documented in SECURITY.md. Please do not include secrets, API keys, private conversation content, or unrelated personal data in public issues.