Security & Data
Where your data lives, how we protect it, and who processes it on our behalf.
Effective June 16, 2026
Local-first by design
Security at Maniac starts with data minimization. When you select an on-device model, model inference and chat content stay on your Mac. Chats, files, and agent memory are stored locally by default, while account services and network-backed capabilities you enable or invoke may connect to their respective services.
Where your data lives
- On your Mac. Chats, prompts, generated artifacts, and agent memory are stored locally (for example, in a SQLite database within your user data directory) and protected by your operating system's account and disk-level protections.
- In cloud services, when a feature requires a connection. Hosted inference, connected integrations, web-backed tools, Channels, account services, updates, and opt-in analytics may contact Maniac or third-party services. Content needed to perform an explicit remote action is sent to that service; account and operational metadata may also be exchanged while the relevant service is enabled.
Encryption
Traffic between the app, our services, and our providers is encrypted in transit using industry-standard TLS. Data handled by our cloud infrastructure is protected at rest using encryption provided by our hosting platforms.
Integration credentials
When you connect a third-party tool, access is authorized through that provider using OAuth where available. Connection credentials are handled securely and used only to perform the tasks you initiate. You can revoke a connection at any time from the app or from the third-party provider.
Infrastructure and access controls
We run our hosted Services on reputable cloud platforms and apply the principle of least privilege to internal access. Access to production systems is restricted, authenticated, and logged, and we keep our systems and dependencies updated.
Subprocessors
We rely on a small set of vendors to operate the hosted parts of the Services. They process data on our behalf under contractual safeguards. Current subprocessors include:
- Hosted inference and model providers for requests you route to the cloud.
- Integration connectivity providers for connecting third-party tools.
- Database and storage hosting for account and operational data and app distribution.
- A payment processor for billing and subscriptions.
We update this list as our infrastructure evolves. For the current named subprocessors, contact tom@maniac.ai.
Data you control
Because your content lives on your device, you can delete conversations or clear app data directly. For data held in our hosted Services, you can request access or deletion as described in our Privacy Policy.
Reporting a vulnerability
We welcome reports from the security community. If you believe you have found a security vulnerability, please email tom@maniac.ai with details and steps to reproduce. We will acknowledge your report, investigate promptly, and keep you informed. Please give us a reasonable opportunity to remediate before any public disclosure, and avoid accessing or modifying other users' data while testing.
Incident response
We maintain processes to detect, investigate, and respond to security incidents. If an incident affects your personal information, we will notify affected users and regulators as required by applicable law.
Contact us
For security questions or reports, email tom@maniac.ai.