DOCS · SECURITY & PRIVACY
Your data stays yours.
SynthOS is the AI operating system for a company of one, and it runs on your Mac. Your vault, your run history, and your credentials live on your machine — not on our servers. This page is the honest account of where your data sits, the guardrails that keep an autonomous system in check, how the bring-your-own-key model handles data, and how to reach us if you find a security issue. No marketing — just what is and isn’t true.
LOCAL-FIRST BY DESIGN
It lives on your Mac.
Local-first is the default, not a setting you have to find. The things that matter — what you’ve built, what has run, and the keys that power it — sit on your machine, in your filesystem.
Your vault is your files. Everything agents produce is written as ordinary, Obsidian-compatible markdown in a folder you choose, on your disk. You can open it in Obsidian, a text editor, or git — with or without SynthOS running, and without us in the loop. Back it up, sync it, or move it to another machine; it stays readable without us.
Your run history stays local. The record of what SynthOS has done — the cards, the receipts, the audit trail — is kept on your Mac. We don’t need a copy of your runs to make the app work, so by default we don’t have one.
Your credentials stay local. Your AI provider key and the credentials SynthOS uses to do its work are stored on your machine, not on our servers. We’re not a middleman holding your secrets.
One honest caveat: the AI model still runs in your provider’s cloud, because that is where the model is. Local-first means your data, keys, and history stay on your Mac — the only thing that leaves it is the specific request you chose to send to your provider.
SIGN-IN SCOPE
What sign-in is — and isn’t — for.
You sign in to manage your relationship with us, not to route your work through us. The account and the operating part of SynthOS are deliberately separate.
Sign-in exists to sync across your devices and manage your plan — your subscription, your billing, and your app download. That’s the job of the account: to know which plan you’re on and let you move between machines.
Sign-in is not a pipe your work flows through. We don’t need your vault, your run history, or your provider key to run your subscription — and we don’t collect them as a condition of signing in. The operating part runs locally against your own key.
In short: the account handles billing and the download; the work happens on your Mac.
THE GUARDRAIL STACK
Autonomy with a brake.
An autonomous system without oversight is just risk. SynthOS asks before anything risky, leaves a receipt for every action, and keeps a full local audit trail of what ran and why — guardrails that ship in every tier, never a paid add-on.
Before a step that’s hard to undo — deleting files, spending money, sending something out, running a destructive command — SynthOS stops and asks first. You approve or decline. Routine, reversible work proceeds; the consequential moves wait for your say-so.
Every action leaves a receipt: what tool ran, what it was given, and what it returned. A receipt is a readable record, not a black box — you can see exactly what happened after the fact, not just a spinner that finished. It’s honesty about what ran, kept where you can check it.
Those receipts add up to a local audit trail of everything SynthOS has done on your machine — what ran, in what order, and why. It lives on your Mac, so you can review a run, see what an agent touched, and trace any change back to the request that caused it.
Plainly stated: the audit trail is a local record kept for your review — it is not a tamper-proof or legally-notarized log, and we don’t claim it to be one. Its value is transparency: you can always read what an autonomous system did on your machine.
SPENDING CONTROLS & THE KILL-SWITCH
A ceiling you set. A stop you own.
Two limits keep an autonomous system from running away from you: a spend ceiling you decide on, and a single control to halt everything at once.
You set a spend ceiling — a cap on how much an automated run is allowed to cost before it pauses for you. Because usage runs on your own provider key, that bill is between you and your provider; the ceiling is your guardrail against a long run quietly spending more than you intended.
When you want everything to stop, the kill-switch stops it — all running agents at once. No hunting through tabs to cancel work one piece at a time. One control halts the lot, and the receipts still show you what had already happened.
Together with ask-first approvals, these are the limits that let you run an autonomous system without handing it a blank cheque.
YOUR PROVIDER KEY & DATA HANDLING
Your key. No markup.
SynthOS runs on a key you bring. You own the account that powers it, the bill stays between you and your provider, and the key itself never leaves your Mac for our servers.
Bring your own key, stored locally. You connect your own AI provider account, and your key is stored on your Mac — not on our servers. SynthOS uses it from your machine to talk to your provider directly.
No token markup. The usage bill stays between you and your provider — we don’t resell tokens or add a margin on top. What the model costs is what your provider charges you, nothing more from us.
What actually leaves your Mac. To do its work, SynthOS sends the specific request you asked for to your provider’s API — that’s how the model thinks. Your provider’s own terms and data-handling apply to those requests. Everything else — vault, history, credentials — stays local.
The split is deliberate: your machine runs the tools, holds the files, and keeps the receipts; your provider’s cloud runs the model. Choosing your own provider means you also choose whose data terms your requests are governed by.
REPORTING A SECURITY ISSUE
Found something? Tell us.
We practise coordinated disclosure. If you’ve found a vulnerability, email us directly and give us a chance to fix it before it’s public — please don’t open a public issue for a security report.
Email [email protected] with what you found and how to reproduce it. We’ll acknowledge your report and work with you on a fix and a coordinated timeline for disclosure.
Don’t open a public issue for a security report, and don’t disclose the details publicly before we have had a chance to address them. Coordinated disclosure protects the people using SynthOS while the fix ships.
Our machine-readable policy lives at /.well-known/security.txt (RFC 9116) — the same contact address and the same coordinated-disclosure request, in the standard format security researchers expect.
SECURITY CONTACT[email protected]/.well-known/security.txtFor anything that isn’t a security report — questions, bugs, feedback — write to [email protected] instead.
WHAT WE DON’T CLAIM
The honest fine print.
Trust is easier to earn by being clear about the limits. Here is what SynthOS does not claim — so you never have to read between the lines.
We don’t claim the audit trail is notarized. It’s a local, readable record of what ran — useful for review and tracing a change back to its cause. It is not a tamper-proof, cryptographically-sealed, or legally-notarized log, and we won’t describe it as one.
We don’t say it runs “while you sleep.” SynthOS can run automated and scheduled work, but it does so within the limits you set — ask-first approvals, a spend ceiling, and a kill-switch. We won’t market unattended autonomy as if those guardrails weren’t there.
We don’t make absolute security guarantees. Local-first means most of your data stays on your Mac and out of our hands — that’s a real reduction in exposure, not a promise that nothing can ever go wrong. Securing your own machine, your provider account, and your backups is part of the picture too.
If a claim isn’t on this site, we’re not making it. The things we do say — local-first, ask-first, a receipt for every action — are the things we’re prepared to stand behind.
WHERE TO GO NEXT
Read the rest of the model.
Security and privacy are the floor. The core concepts explain how the whole operating model fits on top of them.
Local-first · Bring your own key · A receipt for every action.