Code stays local on the Free tier

Security

Written for the person reviewing 0dai before InfoSec sign-off. Data flow, retention in days, sub-processors, SOC 2 status. The longer procurement view lives on the Trust Center.

Data flowRetentionSub-processorsSOC 2DPA

SOC 2

In progress — target H2-2026

Evidence collection and control mapping have started. We will not claim certification before an attestation report exists. If a vendor questionnaire needs a status letter today, email hello@0dai.dev.

Data flow

What crosses your machine boundary

The CLI runs on your machine. The arrows below are the only paths that leave it. Everything else stays in your repo.

Your machineSource, .env, secrets, ai/ graph0dai CLIreads repo, writes ai/Local graph (file-backed)JSON-on-disk, project-scoped0dai APIauth, telemetry, billingPostgres (DigitalOcean)accounts, sessions, telemetryModel providerAnthropic / OpenAI / etc.OAuth providerGoogle or GitHubtelemetryprompts (BYOK direct)sign-in
Solid boxes are systems. Arrows are the only network paths the CLI opens. When you bring your own model key, prompts go from your machine to the model provider directly — they do not transit the 0dai API.

Stays on your machine

  • Repository source files
  • Environment files (.env, .env.local, etc.)
  • API keys, tokens, private keys
  • The local knowledge graph (file-backed in ai/)
  • Agent session transcripts (stay in the CLI's own state)

May cross the boundary (Pro and Team only)

  • Knowledge graph history sync (Pro, Team) — only the graph JSON, not source
  • Cross-agent session handoff (Pro, Team) — task description and outcome, not code
  • Team knowledge graph (Team) — shared graph among invited seats
  • Dashboard usage analytics (Pro, Team) — counts and outcomes, not file contents

Each cloud feature is off until you turn it on. None of them upload source files.

We do not log

Repository file contents, prompt bodies routed to providers, response bodies, decrypted secrets, or anything inside your .env. The API stores request envelopes (path, status, duration), not bodies.

Open source

For maintainers running it on a public repo

If you maintain an open-source project, the question is usually: what does the CLI phone home, and does my repo end up on someone's server. Here is the whole answer.

Telemetry the CLI sends

  • Detected stack (language, framework, package manager)
  • Command name and outcome (init, sync, doctor — success or failure)
  • CLI version
  • An anonymous machine fingerprint hash

No file paths, no file contents, no commit messages, no remote URL. Set ODAI_TELEMETRY_DISABLED=1 to opt out.

What stays in the repo

On the Free tier the knowledge graph and session data never sync to our cloud. The graph is file-backed JSON under ai/ — it lives in your working tree, so you can read it, diff it, and commit it like any other file. Agent transcripts stay in the CLI's own local state. Graph history sync is a Pro and Team feature that is off until you turn it on.

Retention

How long each data type lives

The full Privacy Policy is at /legal/privacy. The table below is the operational summary.

Data type
Account record (email, name, OAuth ID)
Retention
Until account deletion + 30 days
Notes
Hard delete on request. Backups roll off within 90 days.
Data type
Session and swarm metadata (task descriptions, model, cost, status)
Retention
180 days
Notes
Used for cost dashboards and model-routing decisions.
Data type
CLI telemetry (stack, command outcome, version, fingerprint hash)
Retention
365 days
Notes
Aggregated for product analytics after 90 days; raw rows deleted.
Data type
API server logs (IP, path, status, latency)
Retention
30 days
Notes
Abuse and rate-limit forensics. No request bodies stored.
Data type
Web analytics (Umami)
Retention
365 days
Notes
No cookies, no user IDs. Daily rollups kept indefinitely in aggregate.
Data type
Feedback you submit via the CLI or dashboard
Retention
Until you ask us to delete it
Notes
Text content is yours. We index it for product triage only.
Data type
Backups (Postgres, object storage)
Retention
90 days
Notes
Encrypted at rest. Hard-deleted at the 90-day mark.

Sub-processors

Who else touches your data

Listed in the order data reaches them. Model providers only see what you choose to send when you run an agent.

Anthropic
Purpose
Claude model inference for agent runs
Data
Prompt + tool I/O that the operator sends to Claude
Region
US
OpenAI
Purpose
GPT model inference where the operator selects it
Data
Prompt + tool I/O that the operator sends to OpenAI
Region
US
OpenRouter
Purpose
Multi-provider model gateway (Pro tier model routing)
Data
Prompt + tool I/O for the routed provider
Region
US
GitHub
Purpose
OAuth sign-in, public repository hosting, issue mirroring
Data
OAuth identity claims; nothing private from your repo is mirrored
Region
US
Google
Purpose
OAuth sign-in
Data
OAuth identity claims (email, name, avatar URL)
Region
US
DigitalOcean
Purpose
Production hosting for 0dai.dev, API, and dashboard
Data
Server logs, account metadata, service telemetry
Region
EU (FRA1) primary; US backups
Cloudflare
Purpose
DNS, TLS termination, edge caching for 0dai.dev
Data
Request metadata (IP, path, status code) for abuse prevention
Region
Global edge
Umami (self-hosted)
Purpose
Web analytics on 0dai.dev
Data
Page views, referrers, country-level geo. No cookies, no IDs.
Region
Same host as 0dai.dev

We notify customers on the Pro and Team plans by email at least 14 days before adding a sub-processor that touches customer data.

DPA

Data Processing Agreement

A signable DPA covering GDPR Article 28 obligations is drafted for Q3-2026. For deals that need a DPA today, request a redlined draft from hello@0dai.dev. The placeholder lives at /legal/dpa.

Need the procurement view?

Controls, FAQ, and vulnerability disclosure live on the Trust Center.

Open Trust Center