Pico AI Server – Privacy Policy

Version 1.1 | Last updated: 30 Jun 2025

1. Who we are

Pico AI Server ("Pico", "we", "our") is a macOS application that lets you run large–language models locally and expose them through an OpenAI- and Ollama-compatible HTTP API.

2. Quick summary

  • Everything runs on your computer.
  • By default, model files, chats and logs never leave the device.
  • If you turn on crash reporting or use certain online tools, limited data may be sent off-device (details in §6).
  • The person who installs Pico can create user accounts for the local server; Pico itself never sees those accounts.

3. The data we store locally

The following items are written to the app's sandboxed Documents folder (they are not encrypted by us, so anyone with access to the computer's user account can read them):

  1. Model files you download.
  2. Chat history, prompts and completions.
  3. Application log files (used for troubleshooting).
  4. User-account data created by the administrator (usernames, salted password hashes, OAuth identifiers).

These files remain on the device until the admin or a macOS user deletes them.

4. The data we process but do not store

  • When users authenticate with Google, Dropbox or another OAuth provider, we validate the OAuth token and immediately discard it after the session ends.
  • API requests made by client apps pass through memory only; we do not log the request or the model's answer.

5. Reverse-proxy traffic

If the admin enables optional web features (Tavily / Exa search, "Research", "Writer"):

  • Your query text is forwarded to Tavily or Exa.
  • Your IP address is not disclosed to them because all traffic is tunneled through our reverse proxy.
  • Our reverse proxy stores:
    • Your IP address
    • Timestamp
    • A hashed, anonymized App Store receipt identifier (used for abuse prevention)

Retention: 30 days, after which the log is automatically deleted.

6. When data can leave the device

6.1 Crash reports (opt-in)

On first launch macOS will ask whether you want to send crash logs to Apple. If you agree, Apple receives stack traces, device model, OS version and a timestamp. Chat content and account data are not included. You can disable crash reporting at any time in  > System Settings > Privacy & Security > Analytics & Improvements.

6.2 Online search / research tools (opt-in per request)

Described in §5.

7. What we never do

  • Create cloud accounts or profiles about you.
  • Sell or share data for advertising or "valuable consideration".
  • Track you across apps or websites.
  • We do not "sell" or "share" personal information as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA).

8. Your privacy rights

Depending on where you live you may have rights to:

  • Access: receive a copy of any personal data we hold off-device (this is typically limited to proxy logs).
  • Deletion: ask us to erase crash logs or proxy logs earlier than scheduled.
  • Correction: if an account on the local server has wrong profile information, the admin can edit or delete it via the Admin panel; we can guide you through the steps.
  • Withdraw consent: turn off crash reports or stop using online search features at any time.

To exercise a right, email us at privacy@picoai.app. We will respond within 30 days.

9. Legal bases for processing (GDPR)

  • Crash reports – consent (Art. 6 (1)(a))
  • Proxy logs for abuse prevention – legitimate interest (Art. 6 (1)(f))
  • Forwarding your query to Tavily / Exa – performance of a contract (Art. 6 (1)(b)), i.e., the action you asked us to perform.

10. International transfers

Apple, Tavily and Exa may process data on servers outside your country (including the United States) under the EU-standard contractual clauses or other recognised safeguards.

11. Security

  • Local data inherits macOS sandbox file-system protections.
  • Password hashes use bcrypt.
  • OAuth tokens are stored in RAM only and cleared after use.

12. Children

Pico is not directed to children under 13. If we learn that a child has sent us personal data (e.g., in a crash log) we will delete it immediately.

13. Changes to this policy

Material changes will be shown in-app and the "Last updated" date will change. Continued use of Pico after notice means you accept the revised policy.

14. Contact

privacy@picoai.app
You may also complain to your local data-protection authority if you believe we have processed your data unlawfully.