Appearance
Data Handling
Pencel is built on a local-first architecture. Your data lives on your machine, and you control exactly what leaves it. This page explains what stays local, what gets sent to AI providers, and how your credentials are protected.
Local-first: your data stays on your machine
Pencel stores everything in a SQLite database on your computer. There is no Pencel cloud service, no account to create, and no data synced to our servers.
What stays on your machine (never sent anywhere):
- Run history and step logs
- Artifacts and their contents
- Full memory store (episodic and long-term)
- Settings and preferences
- Connection credentials
- Chat session history (stored locally)
- Workspace context files
Your database file, your artifacts, your run logs — all of it lives on your local disk and is never transmitted to Pencel or any third party.
INFO
Pencel operates minimal backend services for authentication and optional analytics, but your workspace data (runs, artifacts, memory, chat history) is never stored on our servers. All workspace data stays on your machine.
What gets sent to AI providers
When an agent runs a task or you use the chat panel, Pencel sends a prompt to the AI provider you have configured (Anthropic, Google, or OpenAI). That prompt includes:
| Sent to provider | Details |
|---|---|
| System prompt | The agent's role description and writing style |
| Active guidelines | Always-active guidelines, plus any relevant guidelines matched to the current task |
| Context files | Workspace files you have attached to the agent or workflow |
| Memory items | Relevant memories retrieved for the current task |
| Conversation history | Previous messages in the current chat session or run |
| Tool definitions | Descriptions of available tools (so the model knows what it can do) |
| Your message or workflow instructions | The actual task you are asking the agent to perform |
WARNING
Review what is in your context files, memory, and guidelines before running tasks that involve sensitive data. Anything included in the agent's context is sent to the AI provider as part of the prompt.
What is NOT sent to providers:
- Your API keys (these are sent only as authentication headers, not in the prompt body)
- Run history from other sessions
- Artifacts from previous runs (unless they are in an active context file)
- Connection credentials
- Settings and preferences
- Data from other workspaces
How API keys are stored
Pencel stores your API keys using your operating system's built-in keychain:
- macOS: Keychain Access
- Windows: Windows Credential Manager
- Linux: libsecret (GNOME Keyring or KWallet)
This is the same mechanism that your browser and other desktop apps use to store passwords. Your keys are encrypted at rest by the OS and are never stored in plain text, in the database, or in configuration files.
TIP
You can verify your keys are stored securely by checking your OS keychain directly. On macOS, open Keychain Access and search for "Pencel."
What Pencel sends to its own servers
Pencel operates minimal backend services at api.pencel.ai for authentication (OAuth proxy) and analytics. Your workspace data — runs, artifacts, memory, chat history, context files — is never stored on our servers.
By default, there is no analytics, no telemetry, and no usage tracking unless you explicitly opt in. One exception: redeeming an invite code (pilot/beta access on Pencel-managed credits) requires opting in to analytics — this is enforced at redemption time. If you use your own API keys, analytics remains fully optional. Error and crash events, when captured, are stored locally on your machine and are never uploaded.
The default (bring-your-own-key) architecture:
Your Machine (Pencel + SQLite) --> AI Provider API (Anthropic / Google / OpenAI)
--> api.pencel.ai (auth + optional analytics only)When you provide your own API key, your prompts go directly from your machine to the AI provider you selected. Pencel's servers handle only authentication flows (like OAuth callbacks) and, if you opt in, anonymous usage analytics.
Managed AI (Pro Desktop and invite credits)
If you use Pencel-managed credits instead of your own API key — that is, a Pro Desktop subscription or redeemed invite credits — your prompts are relayed through Pencel's managed proxy so usage can be metered:
Your Machine (Pencel + SQLite) --> llm.pencel.ai --> AI Provider API (Anthropic / OpenAI / Google)In this mode the prompt content (your messages and system prompt) transits Pencel's servers in order to reach the provider. We do not persist that content — it is passed through to the provider and used only for metering — but it is not the direct-to-provider path described above. To keep prompts entirely off Pencel's servers, add your own API key in Settings > LLM Providers; a configured key always takes precedence and routes directly to the provider.
Sub-processors on the managed path. When you use managed credits, the model provider that ultimately receives your prompt acts as a sub-processor. Managed Claude models route to Anthropic, managed GPT models to OpenAI, and managed Gemini models to Google (via Google's API). Each provider's own data policy (below) governs what it does with the prompt. Pencel Private is the exception — it never routes to these providers (see below).
Pencel modes: Auto and Private
The chat model picker offers two Pencel-provided modes at the top, above the concrete models. Both require an active subscription and run on a Pencel-managed model (GLM-5.2, an open-weight model) served through the managed proxy:
- Pencel Auto — Pencel routes each turn to the most cost-effective capable Pencel model. The chat message always shows which concrete model actually ran.
- Pencel Private — a zero-data-retention mode. Your prompts are sent only to a model provider that does not retain them, and Pencel does not log the prompt or response content on its servers. Local behavior is unchanged (your transcript and any derived memory persist normally on your machine — to keep nothing locally either, combine it with Incognito).
Model provenance (Pencel Private): the underlying model, GLM-5.2, is an open-weight model (developed by Zhipu AI) hosted in the United States by Fireworks AI. The zero-retention guarantee is provided by the host (Fireworks) under its Chat Completions API, which does not store request data by default for open models. Prompt-cache key/value data may be held in volatile memory for a few minutes to speed repeated context; nothing is persisted to disk. If your organization screens on model lineage or host jurisdiction, review this before using Private for regulated data.
Opt-in beta analytics
During the beta, you can choose to share anonymous usage data to help us improve the product. This is entirely opt-in — disabled by default, and you can toggle it at any time in Settings > Privacy.
What we collect when you opt in:
- Session duration and frequency (how often you use the app)
- Navigation patterns (which views you visit, not their content)
- Feature usage counts (runs started, chats sent, connections made)
- Error and crash reports (stack traces only, no user data)
- LLM cost aggregates (total spend, not individual prompts)
What we never collect, even when opted in:
- Conversation content, artifact content, or workspace data
- API keys or credentials
- Personal information (email, username, IP address)
- Prompts, agent instructions, or guideline text
- Memory items or context file contents
Analytics events are stored locally in your SQLite database. When you opt in, a summary is synced to our server every 30 minutes. Events older than 90 days are automatically pruned from local storage.
TIP
You can review and change your analytics preference at any time in Settings > Privacy.
AI provider data policies
Each AI provider has its own data handling policies. Here is a summary of what matters most:
- Anthropic (Claude): API inputs and outputs are not used to train models. Data is retained for up to 30 days for safety monitoring, then deleted.
- Google (Gemini): API data is not used for model training when accessed through the API. Retention policies vary by service tier.
- OpenAI (GPT-4o): API data is not used for training by default. You can opt into data sharing if you choose.
- Fireworks AI (GLM-5.2 — Pencel Auto / Private): the Chat Completions API does not store request or response data by default for open-weight models (zero data retention). Fireworks is ISO 27001 / 27701 / 42001 certified. Cached prompt context lives only in volatile memory and is never persisted.
INFO
These policies may change. Check each provider's current data usage policy and terms of service for the latest information.
Practical tips for protecting sensitive data
Use guidelines to prevent leaks. Add an always-active guideline like: "Never include Social Security numbers, credit card numbers, or passwords in any output."
Be selective with context files. Only attach files the agent needs. A file with 10,000 customer records adds all of that data to every API call.
Review memory periodically. The memory store accumulates over time. Check that it does not contain sensitive information you would not want sent to an AI provider.
Use separate workspaces for sensitive projects. Keep financial data, HR records, or customer PII in a dedicated workspace with strict guidelines and limited context files.
Choose your provider deliberately. If your organization has a data processing agreement with one provider, use that provider for sensitive work.
Review analytics consent. Opt-in analytics help us improve the product during the beta. You can enable or disable this at any time in Settings > Privacy.
