← Back to Home

Privacy Policy

Last Updated: June 1, 2026

1. Introduction

Intentioned.tech ("we", "our", "the application") is a self-hosted, open-source social skills training platform. This privacy policy explains how data is collected, stored, and used when you use this application.

100% Local Processing: This application is designed to be self-hosted. All data processing occurs on your local machine or your own server. No data is sent to external third-party services unless explicitly configured by you. Your voice never leaves your GPU.

External LLM Configuration: If you configure an external LLM provider (OpenAI, Anthropic, Google, Ollama remote, etc.), your conversation prompts and context will be sent to those third-party services. Review their privacy policies before use. We recommend using local models for maximum privacy.

2a. Online Demo vs. Self-Hosted

The full application is designed to run locally on your own hardware. The online demo at app.intentioned.tech is hosted by us and is not fully local.

Online Demo Notice: When you use the online demo, your audio, transcripts, and prompts are transmitted to our servers to generate responses. Do not submit sensitive, regulated, or confidential information in the online demo. We may retain limited operational logs for security, abuse prevention, and service reliability. Your data is never used for training. Data may be deleted upon request.

"No Data Leaks" Clarification for Web Demo: The "no data leaks" claim does not apply to the web demo at app.intentioned.tech. As the owner of the demo infrastructure, Intentioned necessarily has access to data processed on our servers. However, as an operator, we commit to not leaking, selling, or sharing your data with third parties. For true "no data leaks" protection, use the self-hosted version where you are both owner and operator of your data.

2. Data Collection

The application may collect and process the following types of data during your training sessions:

• Audio recordings: Voice input captured during conversations (processed locally, not stored after transcription)
• Transcribed text: Your spoken words converted to text for conversation analysis
• Conversation transcripts: The full dialogue between you and the AI assistant
• Webcam data: If enabled, facial landmark data for eye contact tracking (not stored as images/video)
• Performance metrics: Speaking pace, response times, filler word counts, and other communication metrics

3. Safety Violation Logging

Important: When content is flagged by our AI moderation system, a record is created to help maintain platform safety and improve moderation accuracy.

Safety violation logs are stored locally on your machine in:

• Windows: %USERPROFILE%\Documents\simulation_safety_violations\
• macOS: ~/Documents/simulation_safety_violations/
• Linux: ~/Documents/simulation_safety_violations/

Each safety violation log contains:

• Timestamp of the incident
• Session identifier (anonymized)
• The message that triggered the violation
• The reason for flagging
• Full conversation transcript up to that point

Purpose: These logs are stored locally for your own review and to help improve the moderation system.

Repeated Violation Transmission: If 3 or more unique safety violations are detected from the same session, a summary report is automatically transmitted to a separate "transmitted_to_host" folder for host/administrator review. Additionally, if 2 or more severe violations are detected, the session is immediately terminated and reported. This is designed to identify patterns of misuse and ensure platform safety. The transmitted reports are stored in: [Documents]/simulation_safety_violations/transmitted_to_host/

4. Cookies and Local Storage

This application uses cookies to remember your preferences across sessions:

• Settings Cookies: Your TTS/STT engine preferences, voice selections, LLM parameters
• UI Preferences: Selected scenario, microphone mode, mute state

Cookie Details:

• Cookies are stored locally in your browser only
• No cookies are transmitted to external servers
• Cookies expire after 1 year of inactivity
• You can clear cookies at any time through your browser settings

Cookies used by this application:

• intentioned_tts_engine - Your preferred text-to-speech engine
• intentioned_kokoro_voice - Selected Kokoro TTS voice
• intentioned_vibevoice_voice - Selected VibeVoice voice
• intentioned_stt_engine - Your preferred speech-to-text engine
• intentioned_max_tokens - LLM response length setting
• intentioned_temperature - LLM creativity setting
• intentioned_scenario - Last selected training scenario
• intentioned_mic_mode - Preferred microphone mode (VAD or Push-to-Talk)
• intentioned_tts_muted - Whether AI voice is muted

5. Data Storage

All data is stored locally on your machine or server:

• Audio is processed in real-time and immediately discarded after transcription
• Session data exists only in memory during active sessions
• Analysis results are displayed but not permanently stored unless you save them
• Safety violation logs are the only data written to disk

6. Third-Party Services

The application may interact with external services for the following purposes:

• CDN resources: Loading of face-api.js models for eye contact detection
• Email delivery (Resend): When you subscribe to our mailing list, we use Resend to send transactional emails (welcome emails, announcements, unsubscribe confirmations). Resend processes your email address to deliver these messages. See Resend's Privacy Policy for details on their data handling practices.

All text-to-speech engines (Kokoro, VibeVoice, pyttsx3) run completely offline on your device.

6a. Mailing List

If you subscribe to our mailing list, the following data is collected:

• Email address: Required to send you updates
• Language preference: Detected from your browser to personalize communications
• Signup timestamp: When you subscribed
• IP address: For GDPR compliance and abuse prevention

This data is stored in our secure database (Cloudflare D1) and shared with Resend solely for email delivery. You can unsubscribe at any time using the link in any email, and we will stop sending you messages and mark your subscription as inactive. You may also request complete deletion of your data by contacting us.

6b. Clarification: "No Data Leaks" and "No Cloud"

What These Claims Mean:

• "No data leaks" refers specifically to your conversation data, audio recordings, and transcripts processed by the Intentioned application on our infrastructure. This type of collection of data does not happen within the application, so we cannot possibly have a data leak from it in this regard. It does not apply to: (a) your local machine security, or (b) third-party LLMs you configure, or (c) payment processing or other interactions with our site, or (d) the online demo.
• "No cloud" and "no latency" refer to the core conversation interface. External services (payment processing, mailing list, license validation) use cloud infrastructure. Downloading models directly from the application may use the internet. "No Latency" refers to zero network latency via WAN.
• Versions that are unofficial, are known to be compromised, have known vulnerabilities, are paired to the cloud, or have been shipped via a malicious installer via an outside threat actor are not covered by the "No Data Leaks" claim. We will make best effort mitigations in these scenarios according to our judgement.
• While conversation processing is entirely offline, downloading the initial AI models requires a connection to third-party repositories (e.g., Hugging Face). Your IP address and download request will be subject to their privacy policies during the download phase.
• All conversation data remains on your local machine. We do not apply proprietary encryption to these local files; securing this data at rest is dependent on your operating system's security (e.g., using BitLocker, LUKS, or FileVault).

6c. External LLM Providers

Intentioned supports both local and cloud-based Large Language Models (LLMs). If you configure an external provider, be aware:

• Data transmitted: Conversation prompts, scenario context, and your responses may be sent to the LLM provider
• Supported providers: OpenAI, Anthropic, Google (Gemini), local Ollama, LM Studio, and others
• Your responsibility: Review the privacy policy of any external LLM service you use
• Our recommendation: Use local models (Ollama, LM Studio) for maximum privacy
• You are responsible for adhering to the specific licenses of the third-party models you choose to download and run. Intentioned provides the infrastructure, but does not grant you the license to the underlying model weights.

6d. Payment Processing & External Services

The following data may be collected and stored outside the local application for service functionality:

• Payment information: Processed by third-party payment providers (e.g., Stripe, PayPal). We do not store full credit card numbers.
• License activation: License keys, hardware fingerprints, and activation timestamps stored in our cloud database
• Mailing list: Email addresses and preferences as described in section 6a

All externally stored data is:

• GDPR-compliant and can be deleted upon request
• Necessary for service functionality (licensing, communications, payments)
• Never shared with third parties except as required for service operation

7. Browser Extension Detection

Malwarebytes Browser Guard Detection: This application includes code to detect when Malwarebytes Browser Guard is flagging our domain as a "Risky TLD" (false positive). This detection is used solely to display a helpful warning banner explaining how to whitelist the site.

The detection works by:

• Attempting to load a small invisible resource from our own domain to detect if it's being blocked
• Monitoring console logs for Browser Guard-specific messages
• Checking for DOM elements injected by the extension

This detection is entirely local and does not contact any external Malwarebytes servers.

No data is collected or transmitted through this detection. It exists purely to improve user experience by explaining false positive blocks on .tech domains.

8. AI Models Used

This application uses the following AI models, which run 100% locally on your machine or server:

• Speech-to-Text (STT):
  • NVIDIA Parakeet TDT 0.6B v3 (default) - NVIDIA NeMo, CC-BY-4.0 license, 600M parameters, supports 25 languages
  • Vosk - Apache 2.0 license, offline-first, lightweight, 20+ language models
• Text-to-Speech (TTS):
  • Kokoro-82M (default) - Apache 2.0 license, 82M parameters, StyleTTS2 architecture
  • VibeVoice Realtime 0.5B - 500M parameters, higher quality voice cloning
  • pyttsx3 - Local system voices, fully offline fallback
• Language Model (LLM):
  • Google Gemma 3 1B (default) - 4-bit quantized, ~2GB VRAM
  • Language-specific models available for 28 EU languages
• Eye Contact Detection: Face-API.js - browser-based, no images stored

All AI processing occurs locally. Model weights are downloaded once and cached on your machine.

9. License Key System

License Validation: If you are using a licensed version of Intentioned.tech, the application may communicate with our license server to validate your license key.

The license validation system collects the following data:

• License key: Your unique license key (transmitted securely)
• Hardware fingerprint: A hash of your server's hardware identifiers (hostname, MAC address, CPU) - used only to enforce the 3-server limit per license
• Activation timestamps: When your license was activated on each server
• IP address: Logged for security and abuse prevention

What is NOT collected:

• No conversation data, audio, or transcripts
• No user activity or usage patterns
• No personal identifying information beyond the hardware fingerprint

You can run your own license server for complete data sovereignty, or use offline validation mode.

10. Data Retention

• Session data: Cleared when you end a session or close the application
• Safety violation logs: Retained until you manually delete them
• License activation data: Retained on license server until deactivation

11. Your Rights

Since this is a self-hosted application, you have complete control over your data:

• Access: All data is stored locally and accessible to you
• Deletion: You can delete any stored data at any time
• Portability: All logs are stored in JSON format for easy export
• Modification: You can modify the application's behavior through the source code

12. Security

Data security depends on your deployment configuration. We recommend:

• Using HTTPS for all connections
• Keeping your system and dependencies updated
• Restricting network access to trusted users only
• Regularly reviewing and clearing safety violation logs

13. Multilingual Support

Intentioned.tech supports 28 EU languages. Language detection and preferences are:

• Stored locally in your browser's localStorage
• Used only to select appropriate AI models and UI translations
• Never transmitted to external services

14. Changes to This Policy

This privacy policy may be updated as the application evolves. Check the "Last Updated" date at the top of this document for the most recent version.

15. Contact

For questions about this privacy policy or the application, please contact us at contact@intentioned.tech or visit intentioned.tech.