Privacy Policy
Last updated: 28 May 2026
Overview
workscribe is a command-line tool that captures your terminal activity, groups it into work sessions, and generates summaries using an AI provider of your choice. This policy explains what data workscribe collects, how it is stored, what (if anything) leaves your machine, and your rights as a user.
workscribe is designed with a local-first, privacy-first approach. The tool has no user accounts, no registration, and no cloud backend. The only outbound communication is the summary request you trigger explicitly — and that goes directly to the AI provider you configure, not to workscribe.
Data collected by the CLI
When the workscribe shell hook is active, it intercepts commands you run in your terminal. Before any data is written to disk, the following processing takes place:
- Credential redaction. The raw command is scanned for known secret patterns — API keys, bearer tokens, JWT tokens, passwords passed as flags, private key material, and authorization headers. Any matched value is replaced with
[REDACTED]before the event touches the database. You can add custom patterns viaworkscribe config set redact.extra. - Ignore list filtering. Commands on your ignore list (default:
cd,ls,pwd, and others) are discarded silently before being written. - Event categorisation. Each command is assigned a category (e.g.
code_commit,test_run,dependency_install) based on the base command. The raw arguments are not stored in the category field.
What is stored locally: the redacted command string, its category, a timestamp, the working directory path, and the exit code. Nothing else.
Where data is stored
All data is stored exclusively on your local machine in ~/.workscribe/. workscribe has no server, no cloud sync, and no telemetry. No data is ever sent to workscribe as a company.
| Location | Contents |
|---|---|
~/.workscribe/workscribe.db | SQLite database — events, sessions, cached summaries |
~/.workscribe/config.json | Configuration including AI provider API keys |
~/.workscribe/exports/ | Markdown files you generate with workscribe export |
~/.workscribe/weekly-cache/ | Cached weekly summaries |
The database and config file are created with 0600 permissions — readable and writable only by the owning user.
What is sent to AI providers
When you explicitly run workscribe summary, a structured payload is sent directly to the AI provider you have configured. workscribe does not proxy this request — it goes from your machine to the provider.
The payload contains:
- Project name and git branch
- Session duration
- Event categories and counts (e.g. "3× code_commit", "2× test_run")
- Package names from dependency installs (e.g.
bcrypt)
The payload never contains:
- Raw command strings or arguments
- File paths, file names, or file contents
- Environment variable names or values
- Credentials, tokens, or API keys
- Hostnames or IP addresses
If you use Ollama as your provider, no external network request is made at all — the summary is generated entirely on your local machine.
Third-party AI providers
workscribe supports Anthropic, OpenAI, Ollama, and OpenAI-compatible endpoints. When you use a cloud provider, the summary payload is subject to that provider's own privacy policy and terms of service. workscribe has no control over how providers handle data once it is received.
- Anthropic: anthropic.com/privacy
- OpenAI: openai.com/policies/privacy-policy
- Ollama: no external data transmission
You are responsible for reviewing the privacy terms of the provider you choose, particularly if you are using workscribe in a professional or regulated environment.
Website analytics
This website (workscribe.co) uses Vercel Analytics to collect anonymous, aggregated page view data. No cookies are set. No personal information is collected. The CLI tool itself has no analytics or telemetry of any kind.
No accounts or personal data
workscribe does not require an account, email address, or any form of registration. We do not collect names, email addresses, IP addresses, or any personally identifiable information through the CLI tool. The only personal data that could exist locally is what you choose to type in your terminal.
Deleting your data
You have complete control over your local data. To delete everything workscribe has stored:
$ rm -rf ~/.workscribe
This removes all events, sessions, summaries, exports, and configuration. The shell hook remains in your ~/.zshrc or ~/.bashrc but will write nothing. To remove it entirely, delete the block between # workscribe:hook:start and # workscribe:hook:end in your shell rc file.
No backend, no cloud
workscribe has no server infrastructure, no cloud database, and no remote API of its own. There is no backend that could receive, store, or process your data even if it wanted to. All processing happens locally on your device, and the only outbound communication is the summary request you explicitly trigger to your chosen AI provider.
Changes to this policy
If this policy changes materially, the "Last updated" date at the top of this page will be updated. We will not reduce your privacy protections without clear notice.
Contact
Questions about this privacy policy or how workscribe handles your data can be directed to privacy@workscribe.co.