Privacy Policy
Effective Date: March 15, 2026
This Privacy Policy describes how the developer of OpticLM (“we”, “us”, or “our”) handles information in connection with the Optic desktop application and the Optic Envoy web service (collectively, the “Service”).
We build our tools to ensure your data remains in your control.
1. Information We DO NOT Collect
Because of how Optic is built, we have no access to your personal data. We do not collect, store, or process:
- Your conversations or chat history
- Your AI provider API keys
- Usage analytics, user behavior tracking, or telemetry
- Crash reports or diagnostics
1.1 Exception: Customer Support Communications
The only exception to our “no data collection” rule is when you voluntarily contact us directly (e.g., via email or other ways for technical support, bug reports, or privacy inquiries). In such cases, we collect your email address and any information you choose to include in your message. We use this information to resolve your issue and communicate with you, and we routinely delete these correspondence records.
2. How Your Data is Handled
2.1 Locally Stored Data (Desktop App)
Optic is a desktop application that stores all user data—including conversations, settings, preferences, and model configurations locally on your device.
2.2 Third-Party AI Providers
Optic allows you to connect to third-party AI providers (such as OpenAI, Anthropic, Google, etc.) using your own API keys. These keys are stored locally on your device and are never transmitted to us. When you send a prompt, your device communicates directly with the respective AI provider. We are not responsible for how these third-party providers handle your prompts; we encourage you to review their specific privacy policies.
Please be aware of the following regarding your files and data:
To provide advanced AI assistance (e.g., executing code, analyzing project directories, or retrieving system context), Optic utilizes local tool calling capabilities. This means that, based on your specific prompts, the AI may dynamically generate and execute commands to read files, examine folder structures, or query standard operating system environments (such as OS version or CPU architecture).
We cannot pre-determine the exact system data the AI will read, as it is entirely driven by what is required to fulfill your prompt. Any local file content or system data accessed via these tool calls is transmitted directly from your device to your configured AI provider. We do not intercept or store this data.
We strongly advise you to be mindful of the information you process using Optic. Please avoid sending highly sensitive, confidential, or proprietary company data to third-party AI providers unless you are comfortable with their respective data usage and retention policies. We are not responsible for how these third-party providers handle your files or prompts.
2.3 Optic Envoy (Remote Access)
When you use Optic Envoy to connect to your Optic desktop instance from a web browser, your connection is secured:
- End-to-End Encryption (E2EE): All data transmitted through Optic Envoy is end-to-end encrypted using AES. We do not hold the decryption keys, meaning we cannot read, intercept, or log any of your messages or data.
- Infrastructure: We use Ably as a real-time messaging transport and Upstash to store temporary session credentials. Optic Envoy is hosted on Netlify. None of these infrastructure providers can decrypt your payload.
3. Payments
We do not process payments directly, nor do we store your payment information on our servers.
- Payment Processors: Purchases are processed securely through third-party platforms, namely the Microsoft Store or creem.io.
- Billing Information: When you purchase via creem.io, they may collect your email address for the purpose of sending your license key, receipt, or assisting with purchase recovery. Microsoft Store handles transactions under your existing Microsoft account.
We rely on these processors solely to verify the validity of your license. We do not store your email address or payment details in our own databases.
3.1 License Verification & Anti-Abuse
To verify the validity of your license and prevent multi-device abuse, the Optic application generates a one-way cryptographic hash derived from your local hardware identifiers (such as your CPU serial number and system UUID).
This hash is irreversible. We cannot reverse-engineer this hash to discover your actual hardware details. This hashed identifier is transmitted to our servers securely and used solely for license validation and fraud prevention.
We do not link this hardware hash to your identity, email address, or usage habits, nor do we use it for tracking or advertising purposes.
4. Technical Interactions & Standard Logs
While the Optic application does not collect telemetry, standard internet communications inherently involve technical metadata:
- Update Checks: The desktop app may periodically check our official website for software updates via a simple web request.
- Web Hosting Logs: When you access the Optic Envoy web interface or our official website, our hosting provider (Netlify) may log standard technical metadata (such as your IP address and browser type) for security, anti-DDoS, and operational purposes. We do not use this data to track you.
5. Third-Party Processors Summary
When using our Service, certain data is processed by trusted third parties under their respective privacy policies:
| Service | Purpose | Nature of Data Handled |
|---|---|---|
| AI Providers (OpenAI, Anthropic, etc.) | Generating AI responses | Your prompts, API keys, the content of active files, and any local system data dynamically accessed by the AI via tool calling or code execution. |
| Microsoft Store / creem.io | Processing Pro Edition purchases | Billing info, email (Only if you buy the Pro Edition) |
| Ably / Upstash | Envoy real-time routing & sessions | End-to-End Encrypted data (Cannot be read by them) |
| Netlify | Web hosting for Optic Envoy | Standard web metadata (e.g., IP addresses for security) |
6. Your Data Rights
Depending on your jurisdiction (such as under the GDPR in Europe or the CCPA in California), you have rights regarding your personal data, including the right to access, correct, or delete it.
Because Optic operates on a local-first basis, you can exercise these rights instantly by deleting your data directly within the app or by uninstalling the software. If you need to manage or delete data related to your Pro Edition purchase, please contact the respective payment processor (Microsoft Store or creem.io) directly.
7. Security Disclaimer
While we implement strong security measures like standard AES End-to-End Encryption (E2EE) for Optic Envoy, no method of transmission over the internet or electronic storage is 100% secure.
Please note that the effectiveness of End-to-End Encryption inherently relies on the security of your own local devices. We cannot protect your data if your device is compromised by malware, keyloggers, or unauthorized physical access. We cannot guarantee absolute security against highly sophisticated threats, and you use the Service at your own risk.
8. Children's Privacy
The Service is not intended for children under the age of 13 (or 16, depending on your jurisdiction). We do not knowingly collect personal information from children.
9. Source Code
The source code of the basic edition of Optic is publicly available on GitHub, allowing independent inspection of our privacy claims. The Pro Edition source code is proprietary and not publicly available.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our software or legal requirements. When we make changes, we will update the “Effective Date” at the top of this page.
For material changes (e.g., changes that significantly affect how your data is handled or introduce new data collection practices), we will provide a prominent notice directly within the Optic desktop application or alert you via our official channels before the changes take effect. We encourage you to review this policy periodically.
11. Contact Us
If you have any questions or concerns about this Privacy Policy or how your data is handled, please contact us at:
Email: privacy@opticlm.app