Your privacy matters. Here's exactly how ALIN handles your data. Last updated February 2026.
Account Data: When you create an account, we collect your email address, display name, and a bcrypt-hashed version of your password. We never store plaintext passwords.
Conversation Data: Messages you send and receive through ALIN, including text content, file uploads, code blocks, and AI responses. This data is stored in your instance's SQLite database.
Memory Data: Information stored in ALIN's 8-layer memory system, including session context, project notes, user preferences, and self-model data. You control what persists through memory settings and can delete any layer at any time.
Execution Data: TBWO execution traces including objectives, plans, pod configurations, tool call sequences, timing data, quality scores, and receipts. This data is used for the self-model and, if you opt in, for community learning.
Usage Analytics (opt-in only): If you enable analytics in Settings → Privacy, we collect anonymized usage patterns: which stations you use, session duration, feature adoption metrics, and error rates. No message content, file contents, or personal information is included.
Service Delivery: Your conversation and memory data is used solely to provide the ALIN service — streaming AI responses, persisting conversations, maintaining memory across sessions, and executing TBWOs.
AI Processing: Messages are sent to third-party AI providers (Anthropic for Claude models, OpenAI for GPT models) for processing. These providers have their own privacy policies and data retention rules. ALIN routes all API calls through the server proxy — your API keys are never exposed to the browser.
Self-Model Training: If Personal Learning is enabled (default: on), ALIN uses your correction patterns and execution outcomes to improve its behavior for you specifically. This data never leaves your instance unless you opt into Community Learning.
Community Learning (opt-in): If you enable Community Learning, anonymized execution traces (with all personal content stripped — no message text, file contents, names, or identifiable information) are uploaded to our servers to improve the collective intelligence available to all ALIN users. You can disable this at any time in Settings → Privacy → Training.
We Never: Sell your data to third parties. Use your data for advertising. Share your conversation content with other users. Train our own AI models on your data without explicit opt-in consent.
Local Storage: On the desktop app, all data is stored locally in a SQLite database on your machine. You have full control over this database and can export, backup, or delete it at any time.
Server Storage: On the web app, data is stored in the server's SQLite database. If you're using ALIN's hosted service, data is stored on our servers with AES-256 encryption at rest. If you're self-hosting, data stays entirely on your infrastructure.
Browser Storage: The web app uses localStorage for UI preferences (theme, sidebar state, scroll position) and the authentication token. No conversation content is stored in the browser.
Conversation data is retained indefinitely unless you delete it. Memory layers have different retention policies: Layer 1 (short-term) auto-expires after 24 hours, Layer 2 (working) after 7 days, Layers 3-7 are permanent unless manually deleted. The self-model data is retained as long as your account exists. Execution traces are retained for 90 days for analytics, then aggregated and anonymized.
Access: You can export all your data at any time through Settings → Privacy → Export Data. This produces a JSON file containing all conversations, memories, settings, and self-model data.
Deletion: You can delete individual conversations, specific memory layers, or your entire account through Settings → Privacy. Account deletion removes all associated data within 30 days from our servers. On the desktop app, deleting the local database is immediate.
Correction: You can edit or correct any stored data through the respective interfaces — conversation editing, memory management, and profile settings.
Portability: Your exported data is in standard JSON format and can be imported into a new ALIN instance or used with other tools.
Objection: You can disable Community Learning, usage analytics, and specific memory layers independently. Disabling a feature stops data collection for that feature immediately.
ALIN integrates with the following third-party services, each with their own privacy policies:
Anthropic (Claude API): Processes AI requests. See Anthropic's Privacy Policy.
OpenAI (GPT API): Processes AI requests. See OpenAI's Privacy Policy.
Brave Search API: Processes web search queries. See Brave's Privacy Policy.
ElevenLabs: Processes text-to-speech requests. See ElevenLabs' Privacy Policy.
Stripe: Processes payments. See Stripe's Privacy Policy.
API keys are stored server-side only and never transmitted to the browser. Passwords are hashed with bcrypt (10 rounds). Authentication uses JWT tokens with 7-day expiry. All server communication uses HTTPS in production. The SQLite database is file-system protected with standard OS-level permissions. Self-hosted instances inherit your infrastructure's security posture.
We'll notify you of material changes through the ALIN application and via email. Continued use after notification constitutes acceptance of the updated policy.
For privacy questions, data requests, or concerns, contact us at our contact page or email privacy@alin.dev.