// legal
Privacy Policy
Last updated: March 2026
Overview
AgentsInFlow is a desktop application that runs entirely on your local machine. We are committed to protecting your privacy and being transparent about our data practices.
Data Collection
AgentsInFlow does not collect, transmit, or store any of your personal data on our servers.
All your project data, tasks, agent sessions, and configurations are stored locally on your computer. Your API keys are stored in your system's secure keychain and are never transmitted to us.
Browser Extension Data
AgentsInFlow Browser is a Chrome extension that automates pages you explicitly direct it to open or inspect. In order to provide screenshots, DOM snapshots, form filling, keyboard input, and debugger-based inspection, it can access page URLs, page content, form data, screenshots, console output, and network request metadata from the tabs it manages.
This browser automation data stays on your machine by default and is exchanged only with the local AgentsInFlow bridge and native host running on the same computer. We do not receive this data on AgentsInFlow-operated servers.
Categories of Browser Data the Extension May Handle
Depending on the pages you explicitly direct AgentsInFlow to automate, the extension may handle personally identifiable information, personal communications shown in page content, location signals exposed by websites, web history within managed tabs, user activity in those managed tabs, and general website content such as text, images, links, and form fields.
We describe these categories publicly because the extension can access them while carrying out user-directed browser automation, even when that data remains local to your device and is not sent to AgentsInFlow servers.
Third-Party Services
When you use AgentsInFlow to run AI agents, your prompts and code are sent directly to the AI provider you've configured (e.g., Anthropic, OpenAI). These communications are governed by the respective provider's privacy policy:
If you use browser automation features, relevant browser data may be included in the local prompt and tool flow handled by the AI provider you configured. That processing is controlled by the provider you selected, not by AgentsInFlow.
Update Checks
AgentsInFlow checks for updates in the background. Checks start about 15 seconds after launch, then run every 4 hours. You can also run a manual check from the app menu.
Update checks only retrieve version metadata and release files. No personal data or usage analytics are sent to us.
Analytics
The desktop app offers optional, consent-gated anonymous usage analytics via Umami Cloud to help us understand product adoption. It does not send project content. The website also uses privacy-focused Umami analytics for aggregate traffic insights such as page views and referrers.
Chrome Web Store Disclosures
The browser extension requests `debugger`, `scripting`, `tabs`, `tabGroups`, `windows`, `nativeMessaging`, `storage`, and host access so it can automate the browser tabs you assign to an AI agent. We use this access only for user-directed browser automation and extension setup.
We do not sell browsing activity, do not use browser data for advertising, and do not share browser data with third parties except the AI provider you explicitly configured to process your prompts and tool outputs.
Security and Isolation Boundaries
AgentsInFlow uses managed tab sessions and a shared AIF tab group to keep browser work isolated between agents. Tabs inside the managed AIF group are the tabs that can be resumed or adopted for an agent workflow; tabs outside that managed context are not part of that agent session.
Browser-using AI systems carry inherent risk. Malicious page content, prompt injection, or user error can still cause unintended actions. For that reason, you should avoid using AgentsInFlow Browser on highly sensitive sites or with confidential information unless you are comfortable with the risks of browser automation.
Data Storage
All application data is stored locally in your system's application data directory:
- macOS: ~/Library/Application Support/agentsinflow/
- Windows (planned public channel): %APPDATA%\agentsinflow\
- Linux (planned public channel): ~/.config/agentsinflow/
You can delete this directory at any time to remove all application data.
Transparency
While AgentsInFlow is not open source, we are committed to transparency. The app remains local-first and does not send your project content to us, while the website may collect anonymous aggregate analytics to help us improve docs and onboarding.
Changes to This Policy
If we make changes to this privacy policy, we will update the "Last updated" date at the top of this page and include information about the changes in our release notes.
Contact
If you have questions about this privacy policy, please open an issue on our GitHub repository.