What stays local#
Ostler is a local-first personal AI assistant. The short version of this page: everything that matters stays on your Mac. The long version is below, broken down by category, so you can see exactly where your data lives and what protects it.
The architectural promise
Your contacts, messages, relationships, calendar, knowledge graph, conversation history, and AI inferences never leave your Mac. They are stored in encrypted local databases, under a passphrase only you know. Creative Machines operates no server that receives or holds them. We cannot read them.
This is not a policy decision. It is an architectural one. There is no "trust us" step. Disconnect your Mac from the internet and Ostler keeps working – you lose web search and public data enrichment, nothing else.
What "local" means here#
When we say something stays local, we mean it satisfies all of the following:
- It is stored only on your Mac, in directories under your home folder or in Docker volumes managed by the Hub.
- It is encrypted at rest with a key derived from a passphrase only you hold (set at install, never stored in plain text, never sent off-device).
- It is not transmitted to Creative Machines or to any third party as part of normal operation.
- It can be inspected, exported, or deleted by you at any time, in standard formats.
If a category does not meet all four, it is documented separately on What leaves the device.
Imported data#
These are the categories of personal data Ostler reads in from your Mac, your accounts, and your GDPR exports. All imports are opt-in, per source, with a separate consent prompt at install. A fresh Ostler install imports nothing.
Third-party data acknowledgement
Many of the imports below contain information about other people – senders, recipients, contacts, message authors, calendar attendees, faces in photos. The install adds a region-agnostic acknowledgement screen so this is captured up front rather than buried in a privacy policy. The full version is on the Third-party data page; the short version is that Ostler treats these records the same way a private address book or personal diary does, with everything kept local on your Mac, and a one-click delete-a-person flow for the right of erasure.
Contacts and relationships#
| Source | What is imported |
|---|---|
| iCloud Contacts | Names, companies, positions, phone numbers, emails, notes |
| LinkedIn GDPR export | Connections, companies, positions, connection dates, message metadata (not bodies) |
| Facebook / Instagram / Twitter GDPR exports | Names, friend lists, follow graphs |
| WhatsApp GDPR export | Contact list, group membership, message metadata |
| Manual entry | Anything you type or paste in |
Stored in the local knowledge graph and the local vector store. Used to build people pages in your wiki, to ground assistant answers, and to drive timeline and relationship views.
Calendar and reminders#
- Calendar events, attendees, and locations from iCloud Calendar
- Calendar events, attendees, and locations from Google Calendar (via the local Calendar.app store, not Google's API directly)
- Reminders lists, items, and due dates from Apple Reminders
Default import window is the past 365 days plus the next 30 days. Adjustable in Settings.
Mail#
Read from your local Apple Mail store via macOS Full Disk Access. This includes any external accounts you have already added to Mail (Gmail, iCloud Mail, Exchange, IMAP) – Ostler reads from Mail's local copy, not from those services directly. See Apple Mail FDA vs Google OAuth for why this routing matters.
Default import window is the past 365 days.
iMessage#
Read from your local iMessage database via macOS Full Disk Access. Default window is 365 days.
Notes#
Apple Notes content and folder structure, read locally. Locked notes are excluded by default.
Browser activity#
If you install the Safari or Chrome extension: page URLs, page titles, and visit timestamps. Page bodies are sanitised on the device before processing. The extension is opt-in, configurable, and can be disabled at any time.
Photos metadata#
Event dates, place names, image metadata. Ostler does not upload, copy, or transform image files themselves. Face-recognition tags are an additional opt-in (off by default) and treated as special-category data.
Conversation transcripts#
If you use the conversation capture features, transcripts are written to local Markdown files under your Ostler data directory.
Voice profiles#
If you have enabled the optional speaker-identification feature, the Hub stores a small numerical voice profile per person you have tagged. The profile is a vector representation, not playable audio, and it lives in the Hub's encrypted local store alongside the rest of your knowledge graph. Voice profiles do not leave the Hub, ever. Region-aware consent rules apply before any voice processing runs – see voice and speaker identification for the full picture.
Widget snapshots#
The iOS app writes a tiny snapshot file (a name, a count, a timestamp) into a sandboxed App-Group container so the home-screen and Watch widgets have something to render. The snapshot lives only on your phone or watch, in the same iCloud-Keychain-protected app sandbox as the rest of the iOS app's local state. See widgets and Watch complications for the privacy toggle that controls what the snapshot can include.
Inferred and generated data#
These are things Ostler creates from your imports, on your machine, using a local language model.
- Person, organisation, and topic summaries
- Timeline entries
- Relationship-warmth signals and suggested actions
- Wiki pages compiled from the underlying graph
- Embeddings (vector representations) of any text the system has seen
All of this is stored alongside the imported data, in the same encrypted local stores, under the same key. Nothing is uploaded for processing. The model that produces these inferences runs on your Mac.
Where it physically lives#
Ostler keeps everything in a small set of internal stores running as Docker containers on your Mac, all bound to 127.0.0.1 (localhost):
| Store | Role |
|---|---|
| Vector database | Semantic search over text and inferences |
| Graph database | Knowledge graph (people, organisations, events, relationships) |
| Cache and message bus | Short-lived state and inter-service messaging |
| SQLite databases | Settings, audit log, conversation memory |
| Markdown and plain files | Conversation transcripts, exported wiki pages |
These services are reachable only from your Mac. They are not exposed to your home network, not exposed to the internet, and not exposed through your router. There is no port forwarding, no UPnP, no remote management.
On-disk location
All Ostler data sits under ~/.ostler/ and in Docker volumes managed by the Hub. Ostler does not write personal data anywhere else on disk.
What encrypts it#
Several layers, in order of how the data is wrapped:
| Layer | Mechanism |
|---|---|
| Full disk | macOS FileVault. The installer checks this is on. |
| Database files | SQLCipher for SQLite stores; encrypted volumes for the vector and graph stores. |
| iOS app store (if paired) | Realm with a device-bound key released by Touch ID / Face ID. |
| Time Machine backups | Inherits FileVault. |
The key that decrypts all of this is wrapped under a key derived from your install-time passphrase, with the Secure Enclave releasing the wrapping key on a successful biometric tap. Without your passphrase (or your recovery key), the data is unreadable – to you, to us, to anyone.
For implementation detail, see Architecture / Encryption.
Who can read it on the same machine#
When Ostler is unlocked and running, the local services can read the local data – that is what they are for. macOS process boundaries, your user account permissions, and the encrypted-at-rest layer are the relevant controls here.
Same-Mac threat model
Encryption at rest protects against physical theft and against your data leaving the device. It does not isolate Ostler from other software running on your Mac as your user. Treat your Hub Mac the way you would treat a password manager: do not install random utilities, do not approve installer prompts you did not initiate, and do not grant Full Disk Access to apps you do not trust.
When Ostler is locked (auto-locked after a configurable period of inactivity, or locked manually), the in-memory encryption key is wiped. A stolen or lost Mac on an attacker's desk cannot yield plaintext without a live unlock from you.
What happens when you uninstall#
Delete the ~/.ostler/ directory and the Docker volumes. Your data is gone. There is no server-side copy to request deletion of, because there is no server.
Ostler also ships an ostler-uninstall command that does this for you, with a confirmation prompt.
If you want to take your data with you instead, exports are in standard, open formats:
- Vectors as JSON
- Graph triples as Turtle, N-Triples, or JSON-LD
- Conversation transcripts as Markdown
- SQLite databases as standard
.sqlitefiles
Your data does not disappear into a proprietary format if you stop using Ostler.
What stays local even if you use the iOS app#
The iOS app is an optional iPhone app that talks to your Hub Mac over your home Wi-Fi. It does not introduce a cloud round-trip. Specifically:
- The iOS app connects to the Hub directly, on your local network, over a TLS channel pinned at pairing time.
- The Hub is the source of truth. The iOS app holds an encrypted local mirror of what you have asked to see on your phone.
- The iOS app does not send your data anywhere except your Hub.
See Architecture / Hub and iPhone for the full picture.
Cross-references#
- What leaves the device – the honest list of network calls Ostler does make
- What we never collect – categories Ostler is built not to handle
- Apple Mail FDA vs Google OAuth – why we read Gmail content via Mail, not Google's API
- Architecture / Privacy model
- Architecture / Encryption
- Architecture / Data flows