sulala-docs
Guides

Privacy and Data

What runs locally, what is sent to external services, and how credentials are stored in Agent OS.

Overview

Sulala Agent OS is designed so that data and credentials stay under your control. This page summarizes what runs locally, what is sent where, and how to reason about privacy.

What runs locally

  • Server, agent runtime, task queue, scheduler, skill loader, tool registry — All run on your machine (default 127.0.0.1:3010). No Sulala server receives your tasks, chat content, or file paths unless you configure webhooks or remote services.
  • SQLite database — Agents, tasks, conversations, memory, and related state are stored in a local DB (default ~/.agent-os/database.db or AGENT_MEMORY_DB_PATH). Not sent off-device by Agent OS itself.
  • Config~/.agent-os/config.json and ~/.agent-os/configs/*.json (skill config) stay on disk. Never sent to a third party by the app.
  • Skills — Loaded from ~/.agent-os/skills/ or from the seed dir. If you set a registry URL, the app fetches the registry and skill content from that host (your store or a third-party); that host may see the requests (URL, IP).

What is sent to external services

  • AI providers (OpenAI, OpenRouter, Anthropic, Google) — When you use a non-local provider, the runtime sends prompts (system prompt, messages, tool calls) and receives replies over the provider’s API. Their privacy and data policies apply.
  • Channels (Telegram, Slack, Discord, Signal, Viber) — Incoming messages are received by your server; replies are sent to the platform’s API (using the tokens you configured). Message content is processed by your agent and, when using a cloud LLM, by that provider.
  • Skill store / registry — If configured, GET requests for the registry and skill content go to the registry URL you set. Only you control that URL (your own store or a service you choose).
  • Webhooks — If you configure outbound webhooks (e.g. for events), the server POSTs to those URLs; only you control those endpoints.

Credentials

  • Agent OS — API keys and channel tokens are read from ~/.agent-os/config.json or from the environment. They are sent only to the services you configure (e.g. OpenAI, Telegram). Not sent to Sulala.
  • Skill config — Per-skill keys (e.g. API keys for a skill) are stored in ~/.agent-os/configs/<skill_id>.json. Used by the runtime when executing that skill’s tools. Keep that directory private.

Summary

DataWhere it lives / goes
Agents, tasks, conversations, memoryLocal (SQLite under ~/.agent-os).
Config and skill configLocal (~/.agent-os).
AI (cloud provider)Prompts and replies go to that provider’s API.
ChannelsIncoming: to your server. Outgoing: to the platform (Telegram, Slack, etc.) using your tokens.
Registry / storeOnly if you set a URL; GET requests go to that host.

You control where the server runs, which AI provider and store URL you use, and whether the server is exposed to the internet.

Using the Dashboard

Main areas of the Agent OS dashboard — Agents, Tasks, Skills, Graphs, Settings, and Channels.

Changelog

Where to find release history and notable changes for Sulala Agent OS.