Privacy at Ostler

Last updated: 18 April 2026

This page explains exactly what data Ostler processes, where it goes, and who can see it. The short version: your data stays on your machine, and nobody – including us – can see it.

What Ostler processes

When you run Ostler, it imports and processes data from your GDPR exports and connected services:

• Contact names, companies, positions, and connection dates from LinkedIn, Facebook, Instagram, Twitter, WhatsApp, and iCloud
• Calendar events (dates, titles, attendees) from Google Calendar and iCloud Calendar
• Message metadata (who, when, how many) from LinkedIn Messages – not message content
• Conversation transcripts (if you use the conversation capture features)
• Browser history URLs and page titles (if you enable the browser extension)

Where your data is stored

On your machine. Only your machine.

Ostler stores data in three local databases running as Docker containers on your Mac:

• Qdrant – vector database for semantic search
• Oxigraph – knowledge graph (RDF triples)
• Redis – cache and message bus

These databases run on localhost. They are not exposed to the internet. They have no authentication because they do not need it – they are only accessible from your machine.

What Ostler sends to the cloud

No personal data. Ever.

Your contacts, messages, relationships, calendar, knowledge graph, and conversation history never leave your machine. The AI models run locally via Ollama. There is no telemetry, no analytics, no crash reporting, no usage tracking. We do not know who is using Ostler, how many people are using it, or what they are doing with it.

What Ostler does fetch from the internet

Ostler connects to the internet to pull public information in. It never sends personal data out. Specifically:

• Wikidata / Wikipedia – public biographical and organisational data to enrich person and company pages
• Web search – when you ask your assistant to search the web (via a private SearXNG instance, not Google)
• AI model downloads – downloading model weights from Ollama's registry (one-time, during setup)
• Software updates – Homebrew packages and Docker container images

The critical distinction is the direction of data flow: public data comes in, personal data never goes out. None of these connections transmit your contacts, messages, relationships, or any personally identifiable information.

You can verify this by disconnecting from the internet. Ostler continues to work – you lose web search and Wikidata enrichment, but your knowledge graph, AI assistant, and all local features function normally.

Independently audited

We are commissioning an independent security audit from a recognised cybersecurity firm. The full report will be published. Trust should be verifiable, not assumed.

Data portability

Your data is stored in standard, open formats:

• Qdrant vectors can be exported as JSON
• Oxigraph triples can be exported as Turtle, N-Triples, or JSON-LD
• Conversation transcripts are stored as Markdown files
• Coaching observations are in SQLite databases

If you stop using Ostler, your data does not disappear into a proprietary format. It remains on your machine in standard formats that any other tool can read.

Data deletion

Delete the Docker volumes and the ~/.ostler directory. Your data is gone. There is no server-side copy to request deletion of, because there is no server.

Future features

If we ever build a feature that touches the network, we will tell you before it ships and it will be opt-in. Local-first is not a marketing position. It is how the software is built.

Learn more

• Security architecture – encryption, network hardening, threat model
• What Ostler knows about you – a transparent breakdown of every data type
• Full privacy policy – the legal version
• Terms of service

Contact

Questions about privacy, data handling, or this policy: security@ostler.ai

Suspected vulnerability or security issue? Use the same address and see the responsible-disclosure note on our security page.