Security Policy

Sammy AI Desktop is architected as a fully local, offline-capable application. By default, no user data, API keys, conversation history, agent logs, or knowledge base content is transmitted to Pixelmind Ventures, LLC servers or any third-party infrastructure controlled by us. All sensitive data remains on your local machine.

• API Keys: Your AI provider API keys (OpenAI, Anthropic, xAI, Google, etc.) are stored locally in your operating system's application data directory and are never transmitted to our servers.
• Conversation History: All chat sessions, agent logs, and workflow outputs are stored locally in an SQLite database on your machine.
• Knowledge Base: Documents added to your local knowledge base are indexed and stored on-device. No content is uploaded to our infrastructure.
• No Telemetry: Sammy AI Desktop does not collect usage analytics, crash reports, or behavioral telemetry unless you explicitly opt in to a future opt-in diagnostic program.

The only outbound network traffic initiated by Sammy AI Desktop is:

• Direct API calls from your machine to your chosen AI provider (OpenAI, Anthropic, xAI, Google Gemini, or your local Ollama server). These calls are made using your own API keys and are governed by the respective provider's privacy and security policies.
• Version check requests to our update server to determine whether a newer version of Sammy AI Desktop is available. These requests include only the current application version number and your operating system platform — no personally identifiable information.
• License validation requests for paid tiers, which transmit only a license token and application version. No personal data is included.

All API communications use TLS 1.2 or higher. We do not perform man-in-the-middle inspection of your AI provider API calls.

If you create a Sammy AI account on sammyai.net (for paid tier management, license activation, or account preferences), the following security controls apply:

• Passwords are never stored in plaintext. All credentials are hashed using industry-standard algorithms.
• Session tokens are signed using cryptographic secrets and are invalidated on logout.
• OAuth 2.0 is used for third-party sign-in (Google). We do not receive or store your Google password.
• Payment processing is handled exclusively by Stripe. Pixelmind Ventures, LLC does not store, process, or transmit credit card numbers or banking information.

Sammy AI Desktop is built on Electron, a cross-platform desktop framework. We apply the following hardening measures:

• Context isolation is enabled for all renderer processes.
• Node.js integration is disabled in renderer processes by default.
• Remote content is loaded only from explicitly allowlisted origins.
• All application binaries distributed through our official channels are code-signed with a valid certificate. We strongly recommend downloading Sammy AI Desktop only from sammyai.net or our official GitHub releases page.

We welcome security researchers and users who discover potential vulnerabilities in Sammy AI Desktop or sammyai.net. If you believe you have found a security issue, please report it to us privately before public disclosure so we can investigate and remediate it responsibly.

Please include the following in your report:

• A clear description of the vulnerability and its potential impact.
• The affected component (desktop application, website, API, etc.) and version number.
• Step-by-step reproduction instructions or a proof-of-concept.
• Your contact information (optional, but helpful for follow-up).

When you submit a vulnerability report in good faith, Pixelmind Ventures, LLC commits to:

• Acknowledging receipt of your report within 5 business days.
• Providing an initial assessment of the reported issue within 10 business days.
• Keeping you informed of remediation progress throughout the process.
• Not pursuing legal action against researchers who comply with this policy and act in good faith.
• Crediting researchers in release notes (with your permission) when a reported vulnerability is confirmed and patched.

We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to investigate and release a fix — typically within 90 days of your initial report.

The following are in scope for responsible disclosure:

• Sammy AI Desktop application (Windows, macOS, Linux)
• sammyai.net and its subdomains
• The Sammy AI update server and license validation API

The following are out of scope:

• Vulnerabilities in third-party AI providers (OpenAI, Anthropic, xAI, Google, Ollama). Please report those directly to the respective provider.
• Social engineering attacks targeting Pixelmind Ventures, LLC employees.
• Physical security attacks.
• Denial-of-service attacks against our infrastructure.

Security patches are distributed through the Sammy AI Desktop built-in auto-update system. We strongly recommend keeping the application up to date. Critical security fixes will be noted in the release changelog with a "Security" label.

To check for updates manually, open Sammy AI Desktop and navigate to Settings → About → Check for Updates.

For general security inquiries, responsible disclosure reports, or questions about this policy, contact us at: