Privacy and Data
Lattice is built on a local-first privacy model. Understanding how data flows through the system is essential for building secure applications.
Core Principle: Local-First
Local-first means: By default, all data stays on your machine. Cloud features are optional add-ons.
This creates clear data boundaries:
┌─────────────────────────────────────────────┐
│ Your Computer (Local) │
│ ✓ Agent data │
│ ✓ Session history │
│ ✓ Configuration files │
│ ✓ Cached models │
└─────────────────────────────────────────────┘
↓ (Optional)
┌─────────────────────────────────────────────┐
│ Lovelace Cloud (Hybrid Mode) │
│ Only if explicitly enabled │
│ ✓ Backed-up sessions │
│ ✓ Team collaboration data │
└─────────────────────────────────────────────┘
↓ (Optional)
┌─────────────────────────────────────────────┐
│ Third-Party Services (Optional) │
│ Only if configured by user │
│ ✓ Cloud LLM providers (Anthropic, OpenAI) │
│ ✓ External APIs │
└─────────────────────────────────────────────┘
You control what goes where.
What Stays Local
By default, these things NEVER leave your machine:
Agent Data
- Agent registry (all agents you've created)
- Agent state and context
- Task history and results
- Internal agent metadata
Session History
- All conversation history with chat agents
- Previous inputs and outputs
- Context carried between messages
- Analysis results and reports
Configuration Files
~/.lovelace/lattice/config.toml- Your settings- Model provider credentials (if local)
- API keys for local services
- Custom agent definitions
Cached Models
- Local Ollama models you've downloaded
- Model weights and embeddings
- Fine-tuned model parameters
Execution Logs
- What agents did
- When they ran
- Performance metrics
- Errors and warnings
What Requires Network Access
Some features inherently require sending data somewhere:
Cloud LLM Providers
If you configure a cloud model provider (Anthropic Claude, OpenAI GPT-4, etc.):
# Configure cloud provider
ada config provider set anthropic --api-key sk-...
When you use that provider:
ada chat # Your message sent to Anthropic
# Claude returns response
# Full conversation stored locally
What Anthropic sees:
- ✅ Your input message to their API
- ✅ Their response
What Anthropic does NOT see:
- ❌ Your entire conversation history
- ❌ Your agents or tasks
- ❌ Your local files
- ❌ Other conversations
Custom Tools and Integrations
Some agents may be configured to call external APIs (GitHub, databases, etc.). In those cases:
- Only the data needed for that specific tool is sent
- Results come back and are stored locally
- You control which tools are available to agents
Credential Management
Storing API Keys
Lattice stores credentials securely in your local configuration:
# ✅ SAFE: Configure provider with API key
ada config provider set anthropic --api-key sk-...
# ❌ AVOID: Store in shell environment
export ANTHROPIC_API_KEY="sk-..." # Visible in shell history
Credentials are stored locally on your machine:
- Stored in
~/.lovelace/lattice/config.toml - Protected with filesystem permissions
- Never synced to cloud by default
- Never included in any backups unless explicitly configured
Credential Isolation
Each provider's credentials are isolated:
- Agents can only access the configured provider's credentials
- Custom integrations can be configured with their own credentials
- You control which agent can use which provider
Hybrid Mode: Optional Cloud Sync
You can optionally sync selected data to Lovelace Cloud while keeping other data private. This is entirely optional and disabled by default.
Data Sync Philosophy
When enabled, hybrid mode allows you to:
- ✅ Back up conversations to cloud
- ✅ Share sessions with team members
- ✅ Access your data from multiple devices
- ✅ BUT keep credentials completely local (never synced)
What Credentials Do
Credentials (API keys, tokens) NEVER sync to cloud, even in hybrid mode:
Local Machine (Always)
├── API keys for providers
├── Tokens for services
└── Sensitive credentials
Cloud (Optional)
├── Conversations (if enabled)
├── Agent definitions (if enabled)
└── Results (if enabled)
This means:
- Your secrets stay on your machine
- Cloud backups are credential-free
- You can safely delete cloud data without affecting local setup
- Providers never see your other agents or conversations
Data Retention
Local Data
By default, Lattice keeps all local data indefinitely:
- Conversations are stored until you delete them
- Agent definitions persist unless removed
- Task results are kept for reference
- You can delete any local data at any time
Cloud Data (if enabled)
If you enable cloud sync:
- Cloud data is separate from local data
- You can delete cloud backups independently
- Local data remains unaffected by cloud deletion
- You control the retention period
Privacy by Design: Key Features
Data Minimization
Only necessary data is stored:
- ✅ Conversation history (needed to maintain context)
- ✅ Agent definitions (needed to recreate agents)
- ✅ Task results (needed for audit trail)
- ❌ Unnecessary logging
- ❌ Tracking data
- ❌ Analytics by default
Access Control
Only processes that need data can access it:
Agent Process (Isolated)
↓
Can access: My credentials, my context
Cannot access: Other agents' credentials, system files (unless configured)
Each agent runs in its own context. Agents can't see other agents' private data.
Encryption at Rest
Local data is stored with filesystem-level protection:
- Database is stored locally on your machine
- Protected by your operating system's file permissions
- Consider full-disk encryption (BitLocker, FileVault) for additional protection
Encryption in Transit
When communicating with cloud providers or external services:
- Uses industry-standard TLS 1.3 encryption
- Data is encrypted while traveling over the network
- Connection security verified at both endpoints
Comparing to Cloud-Only Platforms
Traditional Cloud Platform
You → Upload Data → Cloud
↓
Cloud Provider has:
- All your data
- Sees all conversations
- Can analyze patterns
- Data governed by their privacy policy
- You have limited export options
Lattice (Local-First)
You → Keep Data Locally
↓
Lattice keeps:
- All your data (on YOUR device)
- You can see everything
- You control retention
- Data governed by YOUR rules
- You can export anytime
Optional:
You → Sync selected data → Cloud
↓
YOU choose what to sync
YOU choose how long to keep it
YOU can delete anytime
Privacy Design Principles
When building applications with lattice, follow these principles:
Data Minimization
- Collect only what you actually need
- Delete data when no longer needed
- Store locally by default
User Control
- Let users see their data
- Let users delete their data
- Ask permission before sharing data
Security First
- Store credentials securely (use
ada config provider set) - Never log sensitive information
- Use HTTPS/TLS for external connections
Transparency
- Document what data you collect
- Be clear about what stays local vs what syncs
- Provide easy data export
Key Takeaways
✅ Local-first by design - All data stays on your machine unless you explicitly enable cloud sync
✅ Credentials never leave your device - API keys and tokens are stored locally only
✅ Full ownership of data - You can export, delete, or migrate your data anytime
✅ Optional cloud features - Sync, backup, and collaboration are entirely optional
✅ Provider isolation - Cloud providers only see what you send them, not your entire system