Privacy Policy

Last updated: July 11, 2026

1. Who we are

Pencel ("we", "us", "our") is a desktop application that helps you build and run AI-powered workflows. Pencel is developed by Pencel.ai. This policy explains how we handle your information when you use our application and website.

2. Local-first architecture

Pencel is built on a local-first architecture. Your data lives on your machine in a SQLite database. We do not operate cloud servers that store your content. The only network traffic originates from actions you initiate:

  • API calls to AI providers you configure (Anthropic, Google, OpenAI)
  • Connections to third-party services you enable (Google Workspace, GitHub, Slack, etc.)
  • Optional account creation and authentication via our API
  • Optional anonymous analytics (disabled by default)

3. What stays on your machine

The following data is stored locally and is never transmitted to Pencel servers:

  • Run history and step logs
  • Artifacts and their contents
  • Memory store (episodic and long-term)
  • Settings and preferences
  • Chat session history
  • Workspace context files

4. What gets sent to AI providers

When an agent runs a task or you use the chat panel, Pencel sends a prompt to the AI provider you have configured. That prompt may include your system prompt, active guidelines, context files, relevant memories, conversation history, and your instructions. Your API keys are sent only as authentication headers, never in the prompt body.

Each AI provider has its own data handling policies. We recommend reviewing the privacy policies of any provider you connect.

5. Credential storage

API keys and connection credentials are stored using your operating system's built-in keychain (macOS Keychain, Windows Credential Manager, or libsecret on Linux). Credentials are encrypted at rest by the OS and are never stored in plain text, in the database, or in configuration files.

6. Third-party integrations

Pencel can connect to third-party services such as Google Workspace (Gmail, Drive, Calendar), GitHub, Slack, Intuit QuickBooks Online, and others. When you enable an integration:

  • You authenticate directly with the third-party service via OAuth
  • Access tokens are stored in your OS keychain
  • Data retrieved from these services is processed locally by your agents
  • We do not access, store, or proxy your third-party data on our servers

Google API Services

Pencel's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request access to the Google services you choose to connect
  • Data from Google APIs is used solely to provide features you request within the application
  • We do not transfer Google user data to third parties except as necessary to provide the service, with your consent, or as required by law
  • We do not use Google user data for advertising
  • All Google API data is processed locally on your device

Intuit QuickBooks Online

When you connect Intuit QuickBooks Online, Pencel accesses your accounting data solely to provide the features you request:

  • You authorize access in your browser directly with Intuit, and can revoke it at any time by disconnecting the integration in Pencel or from your Intuit account settings.
  • Your QuickBooks financial data (such as invoices, bills, customers, vendors, and reports) is retrieved and processed on your device by a local server that communicates directly with Intuit. It is never stored on, or transmitted to, Pencel servers.
  • So that Intuit credentials are never embedded in the desktop application, Pencel's servers broker only the OAuth token exchange and periodic token refresh. No accounting or financial data passes through this step — only the short-lived authorization tokens.
  • Pencel reads your QuickBooks data and, as its only write action, can log an expense — which always requires your explicit approval of each individual transaction before it is sent to Intuit. Pencel does not otherwise create, modify, or delete records in your QuickBooks account.
  • We do not use your QuickBooks data for advertising, and we do not sell it.

7. Account and authentication

If you create a Pencel account, we collect your email address, name, and profile picture (when signing in with Google or GitHub). This information is used solely for authentication and account management. Account data is stored in our backend database hosted on AWS.

8. Analytics (opt-in only)

During the beta period, you can choose to share anonymous usage data to help us improve the product. Analytics are disabled by default and can be toggled at any time in Settings > Privacy.

When opted in, we collect:

  • Session duration and frequency
  • Navigation patterns (which views you visit, not their content)
  • Feature usage counts
  • Error and crash reports (stack traces only)

We never collect conversation content, API keys, prompts, memory items, or any personal data — even when analytics are enabled.

9. Data retention

Local data is retained on your machine until you delete it. Account data is retained as long as your account is active. Analytics events older than 90 days are automatically pruned from local storage. You can request deletion of your account and associated data by contacting us.

10. Children's privacy

Pencel is not directed at children under 13. We do not knowingly collect personal information from children under 13.

11. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by updating the date at the top of this page and, where appropriate, through the application.

12. Contact

If you have questions about this privacy policy or your data, contact us at support@pencel.ai.