Privacy Policy

Effective date: March 10, 2026

1. Introduction

ModelPiper is built on a local-first philosophy. We believe your data belongs to you and should stay on your machine. This Privacy Policy explains what information we collect, what we don't collect, and how we handle your data.

This policy covers all ModelPiper products: the ModelPiper web application, the ToolPiper macOS companion app, the VisionPiper screen capture app, the AudioPiper audio mixer app, and the MediaPiper browser extension (collectively, the "Service").

2. Information We Collect

We collect minimal information to operate the Service:

  • Email address — only if you voluntarily sign up for our mailing list or create an account
  • Basic analytics — anonymous usage metrics (such as page views and feature usage) to improve the Service, if analytics are enabled
  • Subscription data — if you purchase a subscription through the Mac App Store, Apple processes your payment and provides us with a transaction receipt confirming your entitlement. We do not receive or store your payment method, billing address, or Apple ID

3. Information We Do NOT Collect

Because ModelPiper runs locally on your machine, we do not have access to:

  • API keys — your credentials for third-party services are stored locally and never transmitted to us
  • Pipeline data — your prompts, workflows, configurations, and pipeline structures remain on your device
  • Model outputs — the responses from AI models are processed locally and never sent to our servers
  • Screen recordings or captures — all screen region data captured by VisionPiper is processed and stored locally on your device and is never transmitted to our servers
  • Audio recordings — all audio data captured by AudioPiper (microphone input, system audio, and per-application audio) is processed and stored locally on your device and is never transmitted to our servers

4. VisionPiper — Screen Capture & Recording

VisionPiper is a companion macOS application that provides screen capture and recording capabilities. This section describes how VisionPiper handles screen recording data.

4a. Features That Use Screen Recording

VisionPiper uses the macOS Screen Recording permission (via ScreenCaptureKit) to provide the following features:

  • Region capture — capture a still image of a user-selected screen region
  • Screen recording — record a user-selected screen region to a local .mp4 video file
  • GIF conversion — convert a recorded screen region to a local animated GIF file
  • Live streaming — stream a user-selected screen region over a local WebSocket connection (localhost only) for display in a browser tab on the same machine

4b. What Data Is Captured

VisionPiper captures screen content only from user-selected regions and only when explicitly initiated by the user. The user defines the capture region by dragging a selection rectangle on screen. VisionPiper never captures the full screen without the user's explicit selection and consent. No metadata about other applications, windows, or desktop content outside the selected region is collected.

4c. Purpose of Screen Recording Data

Screen recording data captured by VisionPiper is used for the following purposes, all initiated by the user:

  • Capturing screen regions for analysis by locally-running or user-configured AI models
  • Recording workflows and screen activity for the user's own reference
  • Creating animated GIF images from recorded screen regions
  • Streaming a screen region to a local browser tab for real-time preview

4d. Third-Party Sharing

Captured images and recordings are never shared with third parties automatically. Images may be sent to user-configured AI providers (such as OpenAI, Anthropic, or Google) only when the user explicitly initiates an analysis request. This transmission occurs directly from the user's machine to the third-party provider — it is never routed through our servers. The user has full control over whether, when, and to which provider any captured data is sent.

4e. Storage & Retention

All screen capture data is stored locally on the user's Mac under ~/Library/Application Support/VisionPiper/. Recordings, screenshots, and GIF files are saved to a location chosen by the user or to the application's local support directory. No screen capture data is uploaded to our servers or any cloud storage. Users may delete their captured data at any time by removing the files from their local filesystem.

5. AudioPiper — Audio Capture & Recording

AudioPiper is a companion macOS application that provides multi-source audio mixing and recording capabilities. This section describes how AudioPiper handles audio data.

5a. Features That Use Audio Recording

AudioPiper uses macOS audio permissions to provide the following features:

  • Microphone recording — capture audio from the user's selected microphone input
  • System audio capture — capture system-wide audio output
  • Per-application audio capture — capture audio from a specific application using Core Audio Taps
  • Multi-source mixing — combine multiple audio sources into a single recording
  • Audio trimming & export — trim recorded audio and export to standard audio formats

5b. What Data Is Captured

AudioPiper captures audio data only from sources explicitly selected by the user. The user chooses which audio sources to enable (microphone, system audio, or specific applications) through the application interface. AudioPiper never records audio from sources the user has not explicitly selected and enabled. No background or ambient audio is captured without the user's knowledge and consent.

5c. Purpose of Audio Recording Data

Audio data captured by AudioPiper is used for the following purposes, all initiated by the user:

  • Recording audio from selected sources for the user's own reference
  • Mixing multiple audio sources for podcast production, meeting notes, or workflow documentation
  • Providing audio input for analysis by locally-running or user-configured AI models (such as speech-to-text transcription)
  • Trimming and exporting audio files in standard formats

5d. Third-Party Sharing

Audio recordings are never shared with third parties automatically. Audio data may be sent to user-configured AI providers (such as speech-to-text or transcription services) only when the user explicitly initiates an analysis request. This transmission occurs directly from the user's machine to the third-party provider — it is never routed through our servers. The user has full control over whether, when, and to which provider any audio data is sent.

5e. Storage & Retention

All audio data is stored locally on the user's Mac under ~/Library/Application Support/AudioPiper/. Recordings and exported audio files are saved to the application's local support directory or to a location chosen by the user. No audio data is uploaded to our servers or any cloud storage. Users may delete their audio data at any time by removing the files from their local filesystem.

6. How We Use Information

Any information we collect is used to:

  • Send product updates and announcements (email, only with your consent)
  • Improve the Service based on anonymous usage patterns
  • Respond to support requests or inquiries

We do not sell, rent, or share your personal information with third parties for marketing purposes.

7. Third-Party Services

When you use ModelPiper to connect to third-party AI providers (such as OpenAI, Anthropic, Google, Ollama, or others), your data is transmitted directly from your machine to those services. ToolPiper may proxy these requests locally to inject API keys stored in your macOS Keychain, but the traffic is never routed through our servers.

When you browse or download AI models, ToolPiper communicates directly with HuggingFace (huggingface.co) to search repositories and download model files. HuggingFace may log your IP address and search queries in accordance with their own privacy policy.

Subscription purchases are processed entirely by Apple through the Mac App Store. Apple's handling of your payment information is governed by Apple's Privacy Policy.

Each third-party provider has its own privacy policy and data handling practices. You are responsible for reviewing and understanding those policies before using their services.

8. Local Storage & Cookies

The Service does not use cookies. The ModelPiper web application uses browser localStorage to persist your pipeline data, configurations, and preferences. ToolPiper stores data on disk under ~/Library/Application Support/, including downloaded model files and exported logs. API keys are stored in the macOS Keychain, not in plain-text files.

The MediaPiper browser extension uses browser.storage.local to save your settings, discovery cache, and saved items. This data is not synced to any cloud service.

None of this locally stored data is transmitted to our servers.

9. Data Security

For any data we do collect (such as email addresses), we use industry-standard security measures to protect against unauthorized access, alteration, or destruction.

All communication between companion apps (ToolPiper, VisionPiper, AudioPiper) and the web application occurs over localhost using per-session cryptographic keys. No application data leaves your machine through these channels.

10. Data Retention

Because the Service is local-first, most data is stored on your device and retained until you delete it. For any data we collect server-side (such as email addresses for the mailing list), we retain it only as long as necessary to provide the service you requested. You may request deletion at any time by contacting us.

11. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Delete your personal data
  • Object to or restrict the processing of your data
  • Data portability — receive your data in a structured, machine-readable format

Because the Service is local-first, most of your data is already under your direct control on your own device. For any data we hold server-side, you can exercise these rights by contacting us at privacy@modelpiper.com. We will respond within 30 days.

If you are a California resident, you have additional rights under the CCPA, including the right to know what personal information is collected and the right to opt out of its sale. We do not sell personal information.

12. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can take appropriate action.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

14. Contact

If you have questions about this Privacy Policy or your data, please contact us at privacy@modelpiper.com.