Privacy Policy

Effective Date: March 20, 2026  •  Last Updated: March 22, 2026

1. Introduction

This Privacy Policy describes how Sci-pilot ("the Software", "the App"), developed by kingsaventure-byte ("Developer", "we", "us"), handles your information. We are committed to protecting your privacy and being transparent about our data practices.

Sci-pilot is a desktop application. By design, your data stays on your device. This policy explains what data exists, how it is handled, and your rights regarding that data.

2. Data We Collect

2.1 Data Sci-pilot Does NOT Collect

• The desktop application does not collect, transmit, or store any user data on our servers (the website uses Supabase for authentication and waitlist management — see Section 2.4)
• We do not operate telemetry or tracking systems within the desktop application
• We do not collect usage statistics, crash reports, or diagnostic data from the desktop application
• We do not have access to your API keys, conversations, files, or any other data processed by the Software
• We do not use cookies for tracking purposes

2.2 Data Stored Locally on Your Device

Sci-pilot stores the following data exclusively on your local machine:

• API Keys — Your LLM provider credentials, stored in local configuration files and browser storage
• Conversations — Chat session history for continuity across sessions
• Memory — Agent long-term memory and diary entries
• Vector Embeddings — Local semantic search index, generated entirely on-device
• Agent Configurations — Sub-agent personalities and settings
• Workflow & Team Data — Workflow definitions, task lists, and team configurations
• Application Settings — Your preferences, provider configurations, and UI state
• Notification History — Record of dispatched notifications

All of the above is stored on your local filesystem. None of this data is transmitted to Sci-pilot servers.

2.3 Vector Embeddings

Sci-pilot uses a local AI model to generate vector embeddings for the memory system. This processing happens entirely on your device — no data is sent to external embedding services.

2.4 Website Services (Supabase)

The Sci-pilot website (scipilot.app) uses Supabase for authentication, waitlist management, and community features. The following data is stored on Supabase's servers:

Authentication

• Email address — used for authentication via magic link sign-in
• Authentication metadata — session tokens, sign-in timestamps
• User ID — a unique identifier for your account

Waitlist

When you join the closed beta waitlist, we collect and store:

• Email address — to contact you when a spot opens up
• Name (optional) — to personalize communications
• Reason for interest — to help us prioritize and understand our users
• Application status — pending, approved, or rejected
• Submission date — when you joined the waitlist

All website data is processed by Supabase under their Privacy Policy. Supabase servers are hosted in the EU/US depending on project configuration. We use this data solely for operating the service — we do not sell it or share it with third parties for marketing purposes.

You can request deletion of your data at any time by contacting us.

2.5 Website Analytics

The Sci-pilot website uses Google Analytics 4 to understand how visitors use our website. Analytics cookies are only set after you accept the cookie consent banner. If you decline, no analytics data is collected. We have enabled IP anonymization so your full IP address is never stored. See our Cookie Policy for full details.

3. API Keys

• API keys for third-party LLM providers are stored locally in your configuration files and browser localStorage
• Keys are stored in plaintext on your device (encrypted storage may be added in a future release)
• Sci-pilot does not transmit your API keys to any server we operate
• API keys are sent directly from your machine to the respective LLM provider's API endpoints
• You are responsible for securing your device and the API keys stored on it
• We recommend using API keys with appropriate spending limits and access restrictions

4. Third-Party Services

When you use Sci-pilot with third-party services, data is transmitted directly between your device and those services. Sci-pilot acts as a local client — we are not an intermediary.

4.1 LLM Providers

When you send a message through Sci-pilot, your prompts, conversation context, and related data are sent directly to the LLM provider you have configured (e.g., OpenAI, Anthropic, Google). Each provider has its own privacy policy:

• OpenAI: openai.com/privacy
• Anthropic: anthropic.com/privacy
• Google (Gemini): ai.google.dev/terms
• Groq: groq.com/privacy-policy
• Mistral: mistral.ai/terms
• DeepSeek: deepseek.com/privacy
• xAI: x.ai/legal
• OpenRouter: openrouter.ai/privacy
• Together: together.ai/privacy
• Ollama: Runs locally on your machine; no data is sent externally

You are responsible for reviewing and accepting the privacy policies of any third-party provider you use.

4.2 Integration Services

If you enable integrations (Discord, Telegram, GitHub, Gmail, YouTube), data may be exchanged with those services according to their respective privacy policies. Sci-pilot facilitates these connections locally but does not collect or store this data on our infrastructure.

4.3 Web Search and Browsing

The web search and browser automation MCP servers may transmit search queries and visit URLs on your behalf. This traffic originates from your machine and is subject to the privacy policies of the search engines and websites accessed.

4.4 Website Hosting (Cloudflare)

The Sci-pilot website is hosted on Cloudflare Pages. Cloudflare may automatically collect standard server logs including your IP address, browser user agent, and pages visited. This data is processed by Cloudflare under their Privacy Policy. We do not have direct access to individual visitor logs. Cloudflare may also use cookies for security purposes (e.g., bot detection via __cf_bm).

5. Data Sharing

We do not share, sell, rent, or trade any user data with third parties. We do not have access to your data in the first place.

The only data sharing that occurs is between your device and the third-party services you explicitly configure and use (as described in Section 4).

6. Data Security

6.1 Local Storage Security

• All data is stored locally on your device using standard filesystem permissions
• API keys are currently stored in plaintext configuration files (encrypted storage is planned for a future release)
• The security of your data depends on the security of your device and operating system
• We recommend standard security practices: device encryption, strong passwords, keeping your OS up to date

6.2 Network Security

• All API calls to LLM providers use HTTPS/TLS encryption
• Internal communication between app components occurs locally on your device only
• No data is transmitted to Sci-pilot-controlled servers

7. Data Retention and Deletion

7.1 Retention

Data is retained locally on your device for as long as you use the Software. There is no server-side retention because there is no server-side storage.

7.2 Deletion

• Uninstalling Sci-pilot removes the application binary
• To fully delete all data, remove the Sci-pilot application directory, any user-level configuration folder, and clear your browser's localStorage for the app
• Once deleted, your data is permanently removed. We have no backups or copies

7.3 Individual Data Deletion

You can delete specific data at any time through the application's settings interface:

• Conversations: Clear session history from the app
• Memory: Reset agent memory from the settings
• API Keys: Remove them from the provider settings
• Agent Configs: Delete agent profiles from the agents settings

8. Children's Privacy

Sci-pilot is not directed at children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect data from children. If you believe a child has used the Software, no data will have been transmitted to us regardless — all data remains local.

9. GDPR and International Privacy Rights

9.1 For Users in the European Economic Area (EEA)

Because Sci-pilot does not collect, process, or store personal data on our servers, many GDPR obligations that apply to cloud services do not apply in the traditional sense. However, we respect your rights:

• Right to Access: All your data is stored locally on your device and is fully accessible to you at all times
• Right to Rectification: You can modify any data stored by the Software by editing local files or using the UI
• Right to Erasure: You can delete all data by removing the relevant files or uninstalling the Software
• Right to Data Portability: All data is stored in standard formats (JSON, Markdown) that can be freely copied and used
• Right to Object: You can stop using the Software at any time

9.2 Data Processing by Third Parties

When you use third-party LLM providers, those providers may process your data under their own GDPR policies. The legal basis for this processing is your explicit consent (by configuring and using the provider). Review each provider's data processing practices before use.

9.3 California Consumer Privacy Act (CCPA)

We do not sell personal information. We do not collect personal information on our servers. Your CCPA rights to know, delete, and opt out are inherently satisfied by the local-only architecture of the Software.

10. Future Changes

10.1 Planned Features

We may introduce optional cloud features in the future (e.g., Supabase authentication for licensing, optional cloud sync). If and when these features are introduced:

• They will be opt-in and clearly disclosed
• This Privacy Policy will be updated before any cloud features launch
• You will be notified of material changes through the Software or our website
• No existing local-only functionality will be changed to require cloud services without your explicit consent

10.2 Analytics

The website currently uses Google Analytics 4 with consent-based cookie activation (see Cookie Policy). The desktop application does not collect any analytics or telemetry. If we introduce analytics in the desktop application in the future:

• It will be opt-in or clearly disclosed before implementation
• This Privacy Policy will be updated accordingly
• We will provide a mechanism to opt out

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Last Updated" date. We encourage you to review this policy periodically.

For significant changes, we will make reasonable efforts to provide notice through the Software or our website.

12. Contact

If you have questions or concerns about this Privacy Policy, contact us:

Email: contact@scipilot.app