Skip to content

Privacy & data

Agent Karma is local-first by design. Seven promises, hardcoded into how it works:

Local-first. No source code captured. No terminal output captured.
No cloud upload. No telemetry. No login. No surveillance.
  • File-change events — file names only (including edits made by AI agents or the CLI, gated by agentKarma.captureExternalFileChanges). Never file contents.
  • Validation command types — that you ran a Test / Build / Lint / Type Check. The raw command string is classified, then discarded.
  • A git diff summary — file and line counts, never the diff content.
  • The short SHA of commits — never the message, diff, author, or files.
  • Your typed intent text — recorded locally by default (so your cards and dashboard read back meaningfully). Turn it off with agentKarma.capturePromptText; either way it never leaves your machine, and the prompt-clarity score never reveals it.
  • Your source code.
  • Your terminal output.
  • Your keystrokes.

Local JSON under VS Code’s per-extension storage, on your machine. No backend, no account, nothing leaves your computer. The extension makes no network calls — a Prime Directive enforced in CI.

  • Export the current session as JSON or Markdown (metadata only).
  • Reset Karma History — clears sessions and the trend, keeps your settings.
  • Delete All Local Data — wipes everything, one command.
  • Per-setting granularity over what’s captured at all.

Uninstalling removes the tool; for a privacy-first coach, your local data going with it is the point.