Skip to main content

Privacy and local data

Termyte is local-first. It does not require signup or a cloud service, and it does not call an LLM in its decision path.

Repository-local state

Stable check workflows use: 
.termyte/logs.jsonl
.termyte/memory.jsonl
termyte.policy.yaml
Experimental runtime workflows also use: 
.termyte/termyte.db
.termyte/sessions/
Global YAML policy is stored at ~/.termyte/policy.yaml, or under TERMYTE_HOME when configured.

Redaction

Termyte masks recognized secret-bearing command flags, secret-looking environment assignments, and common authorization values before persistence. Runtime records store environment variable keys rather than values. Redaction is pattern based. It reduces accidental secret persistence but cannot guarantee that every possible secret representation is removed.

What may be recorded

Depending on the workflow, local state can include:
  • redacted command text;
  • decisions and reasons;
  • matched policy and memory;
  • target summaries;
  • runtime status and exit codes;
  • stdout and stderr from experimental execution;
  • environment variable names;
  • agent and session metadata.
Treat this state as sensitive operational data. Review it before sharing or committing it.

No automatic cloud sync

Termyte does not upload policy, logs, memory, ledger records, or source code. Any sharing or synchronization is controlled by your existing tools and repository practices.