← Back to Home

Privacy Policy

Last Updated: January 16, 2026

1. Introduction

Intentioned.tech ("we", "our", "the application") is a self-hosted, open-source social skills training platform. This privacy policy explains how data is collected, stored, and used when you use this application.

100% Local Processing: This application is designed to be self-hosted. All data processing occurs on your local machine or your own server. No data is sent to external third-party services unless explicitly configured by you. Your voice never leaves your GPU.

External LLM Configuration: If you configure an external LLM provider (OpenAI, Anthropic, Google, Ollama remote, etc.), your conversation prompts and context will be sent to those third-party services. Review their privacy policies before use. We recommend using local models for maximum privacy.

2a. Online Demo vs. Self-Hosted

The full application is designed to run locally on your own hardware. The online demo at app.intentioned.tech is hosted by us and is not fully local.

Online Demo Notice: When you use the online demo, your audio, transcripts, and prompts are transmitted to our servers to generate responses. Do not submit sensitive, regulated, or confidential information in the online demo. We may retain limited operational logs for security, abuse prevention, and service reliability.

"No Data Leaks" Clarification for Web Demo: The "no data leaks" claim does not apply to the web demo at app.intentioned.tech. As the owner of the demo infrastructure, Intentioned necessarily has access to data processed on our servers. However, as an operator, we commit to not leaking, selling, or sharing your data with third parties. For true "no data leaks" protection, use the self-hosted version where you are both owner and operator of your data.

2. Data Collection

The application may collect and process the following types of data during your training sessions:

Audio recordings: Voice input captured during conversations (processed locally, not stored after transcription)
Transcribed text: Your spoken words converted to text for conversation analysis
Conversation transcripts: The full dialogue between you and the AI assistant
Webcam data: If enabled, facial landmark data for eye contact tracking (not stored as images/video)
Performance metrics: Speaking pace, response times, filler word counts, and other communication metrics

3. Safety Violation Logging

Important: When content is flagged by our AI moderation system, a record is created to help maintain platform safety and improve moderation accuracy.

Safety violation logs are stored locally on your machine in:

Windows: %USERPROFILE%\Documents\simulation_safety_violations\
macOS: ~/Documents/simulation_safety_violations/
Linux: ~/Documents/simulation_safety_violations/

Each safety violation log contains:

Timestamp of the incident
Session identifier (anonymized)
The message that triggered the violation
The reason for flagging
Full conversation transcript up to that point

Purpose: These logs are stored locally for your own review and to help improve the moderation system.

Repeated Violation Transmission: If 3 or more unique safety violations are detected from the same session, a summary report is automatically transmitted to a separate "transmitted_to_host" folder for host/administrator review. Additionally, if 2 or more severe violations are detected, the session is immediately terminated and reported. This is designed to identify patterns of misuse and ensure platform safety. The transmitted reports are stored in: [Documents]/simulation_safety_violations/transmitted_to_host/

4. Cookies and Local Storage

This application uses cookies to remember your preferences across sessions:

Settings Cookies: Your TTS/STT engine preferences, voice selections, LLM parameters
UI Preferences: Selected scenario, microphone mode, mute state

Cookie Details:

Cookies are stored locally in your browser only
No cookies are transmitted to external servers
Cookies expire after 1 year of inactivity
You can clear cookies at any time through your browser settings

Cookies used by this application:

intentioned_tts_engine - Your preferred text-to-speech engine
intentioned_kokoro_voice - Selected Kokoro TTS voice
intentioned_vibevoice_voice - Selected VibeVoice voice
intentioned_stt_engine - Your preferred speech-to-text engine
intentioned_max_tokens - LLM response length setting
intentioned_temperature - LLM creativity setting
intentioned_scenario - Last selected training scenario
intentioned_mic_mode - Preferred microphone mode (VAD or Push-to-Talk)
intentioned_tts_muted - Whether AI voice is muted

5. Data Storage

All data is stored locally on your machine or server:

Audio is processed in real-time and immediately discarded after transcription
Session data exists only in memory during active sessions
Analysis results are displayed but not permanently stored unless you save them
Safety violation logs are the only data written to disk

6. Third-Party Services

The application may interact with external services for the following purposes:

CDN resources: Loading of face-api.js models for eye contact detection
Email delivery (Resend): When you subscribe to our mailing list, we use Resend to send transactional emails (welcome emails, announcements, unsubscribe confirmations). Resend processes your email address to deliver these messages. See Resend's Privacy Policy for details on their data handling practices.

All text-to-speech engines (Kokoro, VibeVoice, pyttsx3) run completely offline on your device.

6a. Mailing List

If you subscribe to our mailing list, the following data is collected:

Email address: Required to send you updates
Language preference: Detected from your browser to personalize communications
Signup timestamp: When you subscribed
IP address: For GDPR compliance and abuse prevention

This data is stored in our secure database (Cloudflare D1) and shared with Resend solely for email delivery. You can unsubscribe at any time using the link in any email, and we will stop sending you messages and mark your subscription as inactive. You may also request complete deletion of your data by contacting us.

6b. Clarification: "No Data Leaks" and "No Cloud"

What These Claims Mean:

"No data leaks" refers specifically to your conversation data, audio recordings, and transcripts processed by the Intentioned application on our infrastructure. This type of collection of data does not happen within the application, so we cannot possibly have a data leak from it in this regard. It does not apply to: (a) your local machine security, or (b) third-party LLMs you configure, or (c) payment processing or other interactions with our site, or (d) the online demo.
"No cloud" and "no latency" refer to the core conversation interface. External services (payment processing, mailing list, license validation) use cloud infrastructure.

6c. External LLM Providers

Intentioned supports both local and cloud-based Large Language Models (LLMs). If you configure an external provider, be aware:

Data transmitted: Conversation prompts, scenario context, and your responses may be sent to the LLM provider
Supported providers: OpenAI, Anthropic, Google (Gemini), local Ollama, LM Studio, and others
Your responsibility: Review the privacy policy of any external LLM service you use
Our recommendation: Use local models (Ollama, LM Studio) for maximum privacy

6d. Payment Processing & External Services

The following data may be collected and stored outside the local application for service functionality:

Payment information: Processed by third-party payment providers (e.g., Stripe, PayPal). We do not store full credit card numbers.
License activation: License keys, hardware fingerprints, and activation timestamps stored in our cloud database
Mailing list: Email addresses and preferences as described in section 6a

All externally stored data is:

GDPR-compliant and can be deleted upon request
Necessary for service functionality (licensing, communications, payments)
Never shared with third parties except as required for service operation

7. Browser Extension Detection

Malwarebytes Browser Guard Detection: This application includes code to detect when Malwarebytes Browser Guard is flagging our domain as a "Risky TLD" (false positive). This detection is used solely to display a helpful warning banner explaining how to whitelist the site.

The detection works by:

Attempting to load a small invisible resource from our own domain to detect if it's being blocked
Monitoring console logs for Browser Guard-specific messages
Checking for DOM elements injected by the extension

This detection is entirely local and does not contact any external Malwarebytes servers.

No data is collected or transmitted through this detection. It exists purely to improve user experience by explaining false positive blocks on .tech domains.

8. AI Models Used

This application uses the following AI models, which run 100% locally on your machine or server:

Speech-to-Text (STT):
- NVIDIA Parakeet TDT 0.6B v3 (default) - NVIDIA NeMo, CC-BY-4.0 license, 600M parameters, supports 25 languages
- Vosk - Apache 2.0 license, offline-first, lightweight, 20+ language models
Text-to-Speech (TTS):
- Kokoro-82M (default) - Apache 2.0 license, 82M parameters, StyleTTS2 architecture
- VibeVoice Realtime 0.5B - 500M parameters, higher quality voice cloning
- pyttsx3 - Local system voices, fully offline fallback
Language Model (LLM):
- Google Gemma 3 1B (default) - 4-bit quantized, ~2GB VRAM
- Language-specific models available for 28 EU languages
Eye Contact Detection: Face-API.js - browser-based, no images stored

All AI processing occurs locally. Model weights are downloaded once and cached on your machine.

9. License Key System

License Validation: If you are using a licensed version of Intentioned.tech, the application may communicate with our license server to validate your license key.

The license validation system collects the following data:

License key: Your unique license key (transmitted securely)
Hardware fingerprint: A hash of your server's hardware identifiers (hostname, MAC address, CPU) - used only to enforce the 3-server limit per license
Activation timestamps: When your license was activated on each server
IP address: Logged for security and abuse prevention

What is NOT collected:

No conversation data, audio, or transcripts
No user activity or usage patterns
No personal identifying information beyond the hardware fingerprint

You can run your own license server for complete data sovereignty, or use offline validation mode.

10. Data Retention

Session data: Cleared when you end a session or close the application
Safety violation logs: Retained until you manually delete them
License activation data: Retained on license server until deactivation

11. Your Rights

Since this is a self-hosted application, you have complete control over your data:

Access: All data is stored locally and accessible to you
Deletion: You can delete any stored data at any time
Portability: All logs are stored in JSON format for easy export
Modification: You can modify the application's behavior through the source code

12. Security

Data security depends on your deployment configuration. We recommend:

Using HTTPS for all connections
Keeping your system and dependencies updated
Restricting network access to trusted users only
Regularly reviewing and clearing safety violation logs

13. Multilingual Support

Intentioned.tech supports 28 EU languages. Language detection and preferences are:

Stored locally in your browser's localStorage
Used only to select appropriate AI models and UI translations
Never transmitted to external services

14. Changes to This Policy

This privacy policy may be updated as the application evolves. Check the "Last Updated" date at the top of this document for the most recent version.

15. Contact

For questions about this privacy policy or the application, please contact us at akotler@pace.edu or visit intentioned.tech.