Legal

Privacy Policy

Last updated: April 23, 2026

1. Overview

Wisp is designed to keep your conversations yours. This policy explains what data the Wisp desktop application, the local agent, and the confidential proxy handle — where that data lives, who can see it, and what choices you have.

Our tagline is “private by architecture, not by policy”. That means the protections described below are backed by how the system is built, not only by promises we make on this page.

2. Our privacy principles

  • Your chats stay on your device at rest. Messages, attachments, and audit logs are persisted in an encrypted SQLite database on your computer.
  • The Proxy cannot read your prompts in the clear.The Wisp Proxy runs inside a Trusted Execution Environment (TEE). Model traffic is terminated inside the enclave; plaintext prompts and responses are not persisted or logged by the Proxy.
  • No analytics, no telemetry, no tracking. The desktop app does not ship with product analytics, behavioral tracking, advertising SDKs, or crash-reporting services.
  • Nothing is used to train models. We do not use your prompts, files, or outputs to train, fine-tune, or evaluate AI models.

3. Who is responsible

Wisp (“we”, “us”) is the controller for data we directly process about visitors to our website and, where applicable, operators of hosted Proxy accounts. For data that stays on your device, you are the controller — the Wisp software acts on your instructions.

4. What we collect

4.1 On your device (not sent to us)

The Wisp desktop app and local agent store the following locally:

  • the content of your chat sessions, including prompts, model responses, and any attachments you add;
  • the audit log of tool calls made by the agent — which files it read or wrote, which commands it ran, and the parameters used (sensitive fields such as API keys, passwords, and tokens are redacted before logging);
  • local preferences and the identifier of the project folder you have selected.

This data is encrypted at rest in a local SQLite database on your computer. It is not transmitted to Wisp. You can delete it at any time by removing the local database files or uninstalling the application.

4.2 Sent to the Wisp Proxy (inside a TEE)

When the desktop app needs a model response, the agent forwards the request through the Wisp Proxy, which runs inside a TEE. The Proxy receives:

  • the model request payload (including conversation context needed for the chosen model);
  • metadata required to route the request — for example the target provider and model identifier;
  • authentication credentials for the selected upstream provider, which are held inside the enclave and not returned to the desktop.

The Proxy forwards the request to the selected upstream provider and streams the response back. It does not persist request or response bodies and does not log prompt content.

4.3 Hosted Proxy accounts (if applicable)

If you use a Wisp-operated Proxy that requires authentication, we store the minimum needed to authenticate you: your email address and a salted hash of your password (we never store your password in plaintext). If you sign in through a third-party identity provider for optional connectors (for example Google for Gmail, Drive, or Calendar tools), we receive the information the provider returns to us with your consent, typically your identifier and the scopes you authorized.

4.4 Website visits

When you visit the Wisp marketing website we handle only the data that is strictly needed to deliver the page — for example, the HTTP request. The site does not set analytics cookies or third-party tracking cookies. Our host may process IP addresses briefly to route the request and block abuse.

5. What we do not do

  • We do not run product analytics, A/B tests, session replay, or any behavioral tracking in the desktop app.
  • We do not send crash reports or stack traces off your device by default.
  • We do not store the content of your chats on our servers.
  • We do not sell your data. We do not share data with advertisers.
  • We do not use your prompts, files, or outputs to train, fine-tune, or evaluate AI models.

6. How data is used

Where we do process data, we use it only to:

  • provide the Service — authenticate you to a hosted Proxy (if used), route model requests, and return responses to your desktop;
  • keep the Service secure — detect and block abuse of the Proxy such as credential stuffing, unusual request volumes, or attempts to circumvent the TEE;
  • meet legal obligations — respond to valid legal process and enforce our Terms.

The legal bases we rely on (where the GDPR or similar laws apply) are the performance of a contract with you, our legitimate interests in securing the Service, your consent for optional integrations, and legal obligations where applicable.

7. Third-party processors

When you configure Wisp to use third-party services, those services receive data as described below. Each service has its own privacy policy.

  • LLM providers (such as Redpill and Tinfoil) — receive your model requests after the TEE Proxy forwards them, and return model responses. What they store and for how long is governed by their own policies.
  • Web-search providers (such as Brave Search) — receive the search queries issued by the agent when you use the private-search tool.
  • Identity providers (such as Google) — receive a sign-in request if you enable the optional Gmail, Drive, or Calendar connectors, and return the identity and tokens you have authorized.
  • TEE infrastructure providers — host the enclave that the Wisp Proxy runs in and provide attestation, but do not have visibility into traffic terminated inside the enclave.
Fetching a URL or running a web search through the agent will send the relevant URL or query to that destination. If you ask the agent to call an external API, that API will receive the request you authorized.

8. Storage and security

  • Local encryption. Chat data, attachments, and audit logs on your device are stored in an encrypted SQLite database using AES-based encryption.
  • TEE isolation. The Wisp Proxy runs inside a Trusted Execution Environment. Upstream provider credentials are held inside the enclave. Prompts and responses are not persisted by the Proxy.
  • Authentication. Hosted Proxy passwords are stored only as salted bcrypt hashes. Sessions use short-lived tokens.
  • Redaction.The agent’s audit logger automatically redacts values for keys that look like secrets (“password”, “token”, “apiKey”, “authorization”, “credential” and similar) before writing to the log.

No system can guarantee absolute security, and you are responsible for protecting the device the desktop app runs on (full-disk encryption, screen lock, OS updates).

9. Retention

  • Local data is retained on your device for as long as you keep it. Delete a session, clear the local database, or uninstall the app to remove it.
  • Hosted Proxy account data is retained while your account is active and for a short period afterwards to resolve disputes and comply with legal obligations, then deleted or anonymized.
  • Proxy request logs, where kept for abuse prevention, contain only metadata (timestamp, status code, size) and no prompt or response content, and are retained for a short operational window.

10. Your rights

Depending on where you live, you may have rights to access, correct, delete, export, or restrict processing of data we hold about you, and to object to certain processing.

Because the content of your chats stays on your device, you exercise most of these rights directly inside the app by deleting sessions or clearing local data. For data we hold about a hosted Proxy account, you can request access, export, or deletion by contacting us at privacy@wisp.app. We respond within the timeframes required by applicable law.

You also have the right to lodge a complaint with the data protection authority in your jurisdiction.

11. International transfers

When your agent routes a model request to an upstream provider, that request travels to wherever the provider operates. Providers and TEE infrastructure may be located outside your country of residence. Where required, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses for data we process on your behalf.

12. Children

Wisp is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

13. Changes to this policy

We may update this policy to reflect changes to the Service or to legal requirements. When we make a material change, we will revise the “Last updated” date above and, where appropriate, surface the change in the app.

14. Contact

Privacy questions or requests? Write to us at privacy@wisp.app.