Security & Data

Security at Maniac starts with data minimization. Because the app runs open models directly on your Mac, your conversations, files, model activity, and agent memory stay on your device by default. The most effective way to protect data is to never move it — so most of yours never leaves your machine.

• On your Mac. Chats, prompts, generated artifacts, and agent memory are stored locally (for example, in a SQLite database within your user data directory) and protected by your operating system's account and disk-level protections.
• In our cloud, only when you ask. Data is sent to our servers only when you use a feature that requires it — such as a cloud run, hosted inference through Maniac Gateway, or a connected integration. We process it to fulfill that request and avoid retaining it beyond what is necessary.

Traffic between the app, our services, and our providers is encrypted in transit using industry-standard TLS. Data handled by our cloud infrastructure is protected at rest using encryption provided by our hosting platforms.

When you connect a third-party tool, access is authorized through that provider using OAuth where available. Connection credentials are handled securely and used only to perform the tasks you initiate. You can revoke a connection at any time from the app or from the third-party provider.

We run our hosted Services on reputable cloud platforms and apply the principle of least privilege to internal access. Access to production systems is restricted, authenticated, and logged, and we keep our systems and dependencies updated.

We rely on a small set of vendors to operate the hosted parts of the Services. They process data on our behalf under contractual safeguards. Current subprocessors include:

• Cloud execution and serverless compute providers for running cloud agent tasks.
• Hosted inference and model providers for requests you route to the cloud.
• Integration connectivity providers for connecting third-party tools.
• Database and storage hosting for account and operational data and app distribution.
• A payment processor for billing and subscriptions.

We update this list as our infrastructure evolves. For the current named subprocessors, contact tom@maniac.ai.

Because your content lives on your device, you can delete conversations or clear app data directly. For data held in our hosted Services, you can request access or deletion as described in our Privacy Policy.

We welcome reports from the security community. If you believe you have found a security vulnerability, please email tom@maniac.ai with details and steps to reproduce. We will acknowledge your report, investigate promptly, and keep you informed. Please give us a reasonable opportunity to remediate before any public disclosure, and avoid accessing or modifying other users' data while testing.

We maintain processes to detect, investigate, and respond to security incidents. If an incident affects your personal information, we will notify affected users and regulators as required by applicable law.

For security questions or reports, email tom@maniac.ai.