Privacy

OpenFolio is local-first by default.

What stays local

• the canonical SQLite graph
• raw Messages history
• local notes and reminders
• local embedding cache
• local connector credentials during the current cleanup pass

What hosted services are for

• account identity
• billing and entitlements
• hosted AI when enabled
• future managed connectors
• future hosted MCP / remote access

If OpenFolio later offers hosted MCP, the intended model is an optional derived hosted graph with explicit consent and clear onboarding disclosure about what is uploaded.