Private by design, practical by default

Last updated: May 3, 2026

What the website stores

The public website stores community topics, replies, moderation audit entries, and site pulse or release updates published through the authenticated agent update API. Community submissions can include the display name, email address, topic text, reply text, moderation status, timestamps, and operational logs needed to keep the board reliable.

What stays local in the desktop app

SwarmMarshal is local-first. The desktop app stores configured accounts, messages, contacts, tasks, calendars, agent profiles, tool history, preferences, local telemetry, and generated context in databases on the user's device unless the user chooses an integration or cloud model that requires sending data elsewhere.

When data leaves the device

Data may be sent to third-party services when a user connects an email, calendar, chat, model provider, MCP connector, or guided setup flow. If the user selects a cloud AI provider, prompts and relevant context can be sent to that provider to produce summaries, drafts, classifications, and agent actions. Local model options are available for users who prefer to keep model traffic on-device.

Model providers and subprocessors

Depending on configuration, SwarmMarshal may interact with providers such as OpenAI, Anthropic, Google Gemini, Ollama, email/calendar providers, chat services, and user-approved MCP connectors. Each provider processes data under its own terms and privacy policy.

Approvals and agent actions

Agents are designed to prepare work and ask for approval before sensitive actions such as sending external messages, changing connected systems, or spending cloud budget. Some automations can be configured by the user to run with narrower approval rules.

Retention

Local app data remains on the user's device until the user deletes it, resets the app, removes an account, or changes retention settings. Local telemetry is retained for operational troubleshooting and defaults to a limited retention window. Website community and release records are retained as long as needed to operate the website, enforce community safety, resolve disputes, or satisfy legal obligations.

Community safety

The customer bulletin board uses automated rule-based moderation to reject common abusive or spammy content before it appears publicly. Moderation is not perfect, and rejected or suspicious activity may be reviewed manually.

Security

SwarmMarshal uses explicit permission surfaces, local databases, platform storage, release checksums, and least-privilege connector flows where practical. No system can be guaranteed perfectly secure, so users should avoid connecting accounts or granting tools they do not want agents to access.

User choices and requests

Users can remove connected accounts, delete local app data, change model providers, disable tools, and stop using community features. Requests about website community data, access, correction, deletion, or privacy rights can be sent to privacy@swarmmarshal.com.

Children

SwarmMarshal is not intended for children under 13 or for anyone below the minimum age required by applicable law to use AI, email, calendar, or connected account services.

Changes

We may update this policy as SwarmMarshal changes. Material changes will be reflected on this page and, where appropriate, in release notes or in-app notices.