|
| 1 | +# Privacy |
| 2 | + |
| 3 | +ECA is a local command-line tool that runs entirely on your machine. It does not operate a hosted service, collect analytics, or transmit data to ECA maintainers. This document explains what data ECA handles, where it goes, and what you control. |
| 4 | + |
| 5 | +## Architecture |
| 6 | + |
| 7 | +ECA runs as a local process on your computer. There are no ECA servers, no user accounts, no cookies, and no tracking. All LLM communication goes directly from your machine to the provider you configure — ECA never acts as an intermediary that stores or inspects your data in transit. |
| 8 | + |
| 9 | +## What data is sent to LLM providers |
| 10 | + |
| 11 | +When you use ECA, the following data is sent directly to your configured LLM provider (e.g., Anthropic, OpenAI, GitHub Copilot): |
| 12 | + |
| 13 | +- **System prompt** — ECA's agent instructions, your custom rules, skill metadata, and any context you've attached (file contents, cursor position, repository structure). |
| 14 | +- **Conversation messages** — Your prompts, assistant responses, and tool call inputs/outputs (which may include file contents, shell command output, and search results). |
| 15 | +- **Tool definitions** — Names and descriptions of available tools (including MCP server tools). |
| 16 | + |
| 17 | +**You control what gets sent.** ECA only includes file contents you explicitly reference or that the assistant reads via tools during the session. No files are sent without being part of the active conversation flow. |
| 18 | + |
| 19 | +## What data is stored locally |
| 20 | + |
| 21 | +ECA stores the following on your machine: |
| 22 | + |
| 23 | +| Location | Contents | Retention | |
| 24 | +|---|---|---| |
| 25 | +| `~/.config/eca/config.json` | Your configuration (providers, models, settings) | Until you delete it | |
| 26 | +| `~/.cache/eca/db.transit.json` | Auth tokens (OAuth, API keys) for providers and MCP servers | Until you delete it or log out | |
| 27 | +| `~/.cache/eca/<workspace>/db.transit.json` | Conversation history for each project | Auto-deleted after 7 days | |
| 28 | +| `~/.cache/eca/toolCallOutputs/` | Truncated tool call outputs | Auto-deleted after 7 days | |
| 29 | +| `~/.cache/eca/plugins/` | Cloned plugin repositories | Until you delete them | |
| 30 | + |
| 31 | +Paths respect `$XDG_CONFIG_HOME` and `$XDG_CACHE_HOME` if set. No data is stored remotely by ECA. |
| 32 | + |
| 33 | +## MCP servers |
| 34 | + |
| 35 | +If you configure [MCP (Model Context Protocol)](https://modelcontextprotocol.io) servers, data flows to them as well: |
| 36 | + |
| 37 | +- **Local MCP servers** (stdio transport) run as local processes — data stays on your machine. |
| 38 | +- **Remote MCP servers** (HTTP transport) receive tool call arguments, which may include code snippets, file contents, or queries depending on the tool invoked. |
| 39 | +- **All MCP tool results are forwarded to your LLM provider** as part of the conversation context. |
| 40 | + |
| 41 | +You choose which MCP servers to configure. ECA ships with no MCP servers enabled by default. |
| 42 | + |
| 43 | +## Telemetry |
| 44 | + |
| 45 | +ECA includes optional [OpenTelemetry](https://opentelemetry.io) (OTLP) support for exporting metrics. |
| 46 | + |
| 47 | +- **Disabled by default.** Unless you explicitly add an `otlp` section to your config, no telemetry is collected or sent. |
| 48 | +- When enabled, only operational metrics are exported (e.g., task counters, OS info, ECA version). **No prompts, file contents, or conversation data are ever included in telemetry.** |
| 49 | +- You control the OTLP endpoint — metrics go wherever you configure them. |
| 50 | + |
| 51 | +## Provider privacy policies |
| 52 | + |
| 53 | +ECA supports multiple LLM providers. Your data is governed by the privacy policy of whichever provider you use, these are some of providers that were tested with ECA and their policies: |
| 54 | + |
| 55 | +| Provider | Privacy Policy | |
| 56 | +|---|---| |
| 57 | +| Anthropic | https://www.anthropic.com/legal/privacy | |
| 58 | +| OpenAI | https://openai.com/policies/privacy-policy | |
| 59 | +| GitHub Copilot | https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement | |
| 60 | +| Google (Gemini) | https://policies.google.com/privacy | |
| 61 | +| Azure OpenAI | https://privacy.microsoft.com/en-us/privacystatement | |
| 62 | +| DeepSeek | https://www.deepseek.com/privacy | |
| 63 | +| OpenRouter | https://openrouter.ai/privacy | |
| 64 | +| xAI | https://x.ai/legal/privacy-policy | |
| 65 | +| Ollama | Runs locally — no external data transmission | |
| 66 | + |
| 67 | +You can also configure custom providers. In that case, refer to that provider's own privacy documentation. |
| 68 | + |
| 69 | +## What ECA does NOT do |
| 70 | + |
| 71 | +- ❌ Collect personal information (no accounts, emails, or payment data) |
| 72 | +- ❌ Send data to ECA maintainers or any third party beyond your configured providers |
| 73 | +- ❌ Use cookies, browser tracking, or analytics |
| 74 | +- ❌ Sell or share your data |
| 75 | +- ❌ Train models on your data (model training policies are determined by each provider) |
| 76 | +- ❌ Store your conversations remotely |
| 77 | + |
| 78 | +## Your control |
| 79 | + |
| 80 | +- **Choose your provider** — use a local model via Ollama for fully offline, private operation. |
| 81 | +- **Review before sending** — ECA shows you the conversation as it happens; you see what's being sent. |
| 82 | +- **Delete local data** — remove `~/.cache/eca/` and `~/.config/eca/` to erase all ECA data from your machine. |
| 83 | +- **API key management** — store keys in environment variables or `.netrc` instead of config files if preferred. |
| 84 | + |
| 85 | +## Questions |
| 86 | + |
| 87 | +If you have privacy-related questions or concerns, please open an issue on the [ECA GitHub repository](https://github.com/editor-code-assistant/eca). |
0 commit comments