Skip to main content

Privacy & Data Handling

UnfoldAI is built around local evidence and explicit privacy gates.

Local Evidence

The v5 safety loop uses local metadata such as:

  • Activity receipts and session summaries
  • validation findings
  • Safety/risk cards
  • checkpoint metadata
  • command categories, hashes, and statuses
  • diagnostics summaries and counts
  • safe path buckets and file roles
  • safe memory facts

Raw code, raw diffs, raw terminal output, raw command text, full local paths, diagnostic full messages, secrets, .env contents, and raw protected path patterns are not sent by default.

Local Features

These work locally:

  • Command Center local action cards
  • Activity and receipts
  • deterministic Validate Session
  • basic Safety cards
  • manual checkpoints and checkpoint guidance
  • verification and recovery prompt generation
  • MCP-lite metadata tools
  • clear local captured data

Cloud Features

Cloud features require sign-in and account/quota checks:

  • backend AI chat
  • AI Investigation
  • account-linked history
  • paid plan features

When AI Investigation is used, UnfoldAI builds a privacy-filtered context pack first and checks the privacy report before any model/provider route is called.

MCP-lite Privacy

MCP-lite tools return metadata-only summaries by default. They do not return raw code, raw diffs, terminal output, full paths, diagnostic messages, secrets, .env contents, raw protected path patterns, or raw v4 events/tasks.

unfold_request_restore never restores directly. It can only create a user-visible approval request.

Clearing Local Captured Data

Run:

UnfoldAI: Clear Local Captured Data

This clears UnfoldAI captured-data stores without clearing auth tokens, user settings, or extension installation state.