ToShopToShop DocsBeta
ToShopToShop DocsBeta
HomepageWelcome to ToShop

Start Here

Using ToShop

Customize

TeamsPrivacy & Data

Help

Account

Privacy & Data

What stays on your computer, what goes to your providers, what ToShop stores.

ToShop is local-first. Your agent runs on your hardware in the ToShop desktop app, your chat history and memories live on your computer, and tool calls happen locally. This page is the honest map of every byte that leaves your computer.

Three layers of data

What stays on your computer

  • Chat history — saved in the local app data folder.
  • Memories — encrypted at rest on your computer.
  • Rules — local files.
  • Audit log of tool calls — kept in a local database.
  • Skills and extension configs — local files.
  • Third-party credentials you supply (e.g. a Telegram bot token, a Shopify API token for your store, a search-provider key) — stored in your OS keychain.

None of this travels to ToShop's servers automatically. Local-first by design.

What's sent to the AI model

When your agent runs a task:

  • The prompt and the selected context (parts of the conversation, relevant Memory cards) go to the AI model.
  • ToShop routes the call to the model that fits your plan and the task — see Models.
  • The AI model's privacy policy applies. We use frontier providers (Anthropic, OpenAI, Google) whose business-tier policies prohibit using your inputs for training.

What ToShop does in the call path

ToShop's edge layer routes your call to the right model and meters plan usage. Prompts and responses pass through — they're not stored or read.

What ToShop stores

Only what's needed for account-level features:

  • Account identity — your email and sign-in method (Google OAuth or email + password).
  • Subscription state — your plan and billing relationship via Stripe.
  • Connection registration metadata — the minimum info needed to route incoming messages from Telegram or Discord to your install. Message content is forwarded, not stored.
  • Team membership — for team workspaces.
  • Crash reports — if you opt in.

Conversations, prompts, model responses, file contents, screenshots, OCR output — not stored on ToShop servers.

What syncs across devices

If you sign into ToShop on a second device, the following sync:

Account identity

Sign-in, subscription status.

Agent definitions

Name, model choice, skill list, rules.

Connection bindings

So your Telegram bot keeps routing to the right agent.

Does not sync automatically: chat history, Memories, audit logs. These stay on the device they were created on. Optional sync is on the roadmap.

Telemetry

By default, ToShop sends crash reports and minimal usage events (which features are used, not their content) for product improvement. You can disable telemetry in Settings → Privacy.

Data retention

Compliance

For SOC 2 / GDPR specifics applicable to the cloud surface (account + billing only), see the Privacy Policy.

See also

  • Permissions — what's gated before your agent acts on your system.

Teams

Shared workspaces — pool agents, skills, and rules across teammates.

Install Issues

macOS Gatekeeper, missing permissions, broken downloads — and the exact fix for each.

Table of Contents

Three layers of dataWhat stays on your computerWhat's sent to the AI modelWhat ToShop storesWhat syncs across devicesTelemetryData retentionComplianceSee also