Data & Privacy

TatsuCode is designed for local-first use with user-controlled provider access.

Privacy Principles

• No telemetry to Studio Tatsu
• No hidden analytics pipelines
• Data is sent only to providers you explicitly configure
• Local project/session state stays on your device

What Is Stored Locally

TatsuCode stores only what is needed for operation and continuity:

• App settings
• Provider connection state
• Credential material in credentials.enc
• Session and project history (if you keep it)
• Temporary runtime/cache data

This page intentionally avoids low-level storage internals to reduce unnecessary exposure.

What May Be Sent to AI Providers

When you use cloud/OAuth models, your selected provider receives request content required to answer.

This can include:

• Your prompts
• Referenced file content
• Uploaded images/files for model processing

TatsuCode does not send unrelated project data that you did not include.

Credentials Security

• Credentials are stored locally in credentials.enc
• Keep your machine account secured
• Never share credential files
• Rotate API keys periodically
• Disconnect providers you no longer use

Session and History Management

Use built-in commands to control retained data:

/session
/session-rename
/new
/clear
/remove-tatsu

Recommended:

• Delete old sessions you no longer need
• Use named sessions only when needed
• Start fresh sessions for unrelated tasks

DevBrowser Privacy Model

The built-in DevBrowser is isolated from your regular browser profile.

• Separate browsing context
• No access to your main browser extensions/profile
• Designed for development workflows, not personal browsing

Before Sharing Screens or Recordings

• Verify no sensitive code or secrets are visible
• Check provider/settings screens before demoing
• Sanitize logs or screenshots used in public channels

If You Need Full Data Cleanup

Use:

/remove-tatsu

Then verify local app data is removed according to your organization’s policy.

Standards and Governance

For instruction governance in projects:

• AGENTS.md reference: agents.md
• Skills reference: agentskills.io

These help teams define consistent behavior without exposing internal implementation details.

Next Steps

• Settings — user-facing configuration
• Providers — provider and access setup
• Troubleshooting — common issue recovery