Privacy and Data Handling
AITerm is built to keep your data on your machine by default. There is no AITerm-hosted proxy for model requests: local providers stay entirely on your Mac, and cloud providers receive requests directly from your Mac using the account or key you configured. AITerm is never in the middle.
Local vs. cloud
- Local providers (Ollama, managed MLX, or a custom server pointed at
localhost) send nothing off the machine. They always receive the full session context, because it never leaves your Mac. - Cloud providers (OpenAI, Anthropic, Bedrock, Azure, and the rest) receive only what your Cloud Context Level allows, and only after redaction.
Cloud Context Level
Cloud Context Level (Settings ▸ Privacy, "How much the AI sees") controls the ambient session context sent to cloud providers:
- Nothing — no ambient session context at all.
- Recent commands only — recent command lines and exit codes, with no output bodies. This is the default.
- Recent commands + output — recent commands, exit codes, and tail-truncated output bodies.
The setting only ever caps what cloud models see. Local models always get the full context because it stays on the machine.
Redaction before cloud requests
Before anything goes to a cloud provider, AITerm redacts obvious secrets. It redacts these categories:
- API keys & tokens (OpenAI, Anthropic, Slack, GitHub, Google, JWTs)
- Authorization / Bearer headers
- Passwords & secrets in KEY=VALUE form
- Connection-string credentials (user:pass@host)
- Private-key blocks (PEM / SSH)
- Long hex / base64 blobs (hashes, keys)
Redaction happens at a single egress point — the same code path that actually sends the request — so a local model can still see real values while a cloud model only ever sees the redacted version. Redaction is a safeguard, not a guarantee that every secret-shaped string is recognized. For sensitive work, keep Cloud Context Level at Nothing or Recent commands only, or use a local provider.
The eye chip
After each AI request that carried context, the eye chip on the input bar shows exactly what the provider received. For a cloud provider it shows the redacted payload — the same redaction applied to the real send — so you can confirm what left your Mac. For a local provider it shows the raw local context, because nothing left the machine.
API keys
Provider keys live in the macOS Keychain, not in a plain config file. Each named custom server, Azure connection, and Bedrock static-key connection uses its own Keychain slot, so keys never leak across saved connections.
History stays local
Your command history and the search indexes built from it (including the Pro semantic index) never leave the process. They feed the ⌘K palette only; they are never sent to any provider. See History and Search.
Related pages: AI Providers and Models, Safety and Security, Settings Reference.