Privacy boundary
Conversation content, prompts, responses, and source code are not part of the website's v1 telemetry model. The collector uploads usage metadata and normalized counters needed for limit windows, burn-rate, history, and API analytics.
Credential handling
OAuth tokens remain on the collector machine. Server API tokens are expected to use bearer authentication and hashed storage. The production server should run on infrastructure controlled by the user.
Network posture
The default deployment posture is private-first: a server reachable over WireGuard or a similarly restricted network path, with HTTPS at the edge where appropriate.
Website collection
The public website does not add analytics, cookies, account systems, or data collection by default.