Privacy architecture

Privacy isn't a setting — it's the architecture

LogAgent is built to understand your work without harvesting it. Capture, classification and analytics run locally and offline; whatever leaves your device is your choice alone. This page explains exactly what is recorded, what never is, and how long it stays.

Local-first by default

Your data lives on your machine

There is no cloud account behind the tracking. Everything is computed and stored on the device you're working on.

On-device SQLiteYour activity lives in a local database on your machine — not on our servers.
No account to trackTracking, classification and analytics all work without signing in to anything.
Fully offlineCapture and insight generation run without a network connection.
Yours to exportExport everything to CSV or JSON at any time — or delete it.
What's recorded

What's captured — and what never is

LogAgent records the signals it needs to explain your day, and deliberately ignores the content behind them.

Captured — to explain your day

  • Active app and window title — for categorization, not content
  • Domains you visit — for web-activity classification
  • Input activity as counts — keystrokes and clicks as numbers, never the keys
  • Git commit metadata — counts, churn and a short message head
  • AI session aggregates — tokens, cost, model and working directory
  • Camera-derived metrics — posture angles, blink rate, fatigue score

Never captured

  • Screenshots or screen recordings
  • Keystroke content — what you actually type
  • File contents or clipboard data
  • Prompt and message content from AI tools
  • Code diffs or full commit messages
  • Passwords, form fields or private messages
  • Camera video or photos
Camera health

A camera that remembers nothing

Posture and fatigue monitoring uses your webcam — but the imagery never leaves the moment it's seen.

Local inference

Posture, blink, screen distance and pulse are computed by MediaPipe running in WebAssembly on your machine.

No frames, ever

Camera frames are never written to disk or sent anywhere — processing is frame-by-frame, in memory.

Only numbers persist

Just aggregate metrics — angles, blink rate, fatigue score — enter history; presence is a single boolean.

Off in one click

The camera runs only while enabled and the window is focused, and can be disabled at any time.

AI & code

Measured, not read

The deepest signals — your AI sessions and your commits — are reduced to numbers, never their contents.

AI agents: measured, not read

Only tokens, cost, model and working directory are stored. Prompt and message content never enter the database; an optional 200-character preview is debug-only and off by default.

Git: metadata only

A local-only read of your .git records commit counts and churn, the first 80 characters of the message plus a hash — never diffs or file contents.

Retention

You decide what's kept

Detailed data is pruned over time while the compact, valuable summaries stay. Nothing about billing is ever deleted automatically.

DataKept forNotes
Raw events & timeline90 daysFull detail, then pruned
5-minute aggregates1 yearCharts and trends
Daily totalsForeverCompact, lossless summaries
Billable work segmentsForeverNever auto-deleted
AI turn preview200 chars maxDebug only, off by default

Auto-vacuum keeps the database file compact. You can export everything or delete it at any time, and specific apps can be excluded from tracking entirely.

Optional sync

End-to-end encrypted — only if you ask

Sync to a paired device is off until you turn it on, and even then the server can't read your data.

Opt-in onlySync stays off until you pair a device. Nothing is uploaded without it.
End-to-end encryptedPairing uses a QR code and X25519 keys; batches are sealed with AES-GCM, so the relay server can't read them.
Aggregates, not raw dataUploads carry only summaries and daily totals — never raw events, window titles or URLs.
The boundaries

What LogAgent will never do

A short, firm list — the things this architecture is specifically designed to prevent.

  • Run ad networks or third-party tracking SDKs
  • Sell, rent or share your data
  • Read your content — messages, code, files or keystrokes
  • Upload anything without your explicit opt-in
  • Lock your data in — export and deletion are always available

Full legal detail

Read the complete Privacy Policy for data-controller details, your rights, and the regional regulations that apply.

Open the Privacy Policy