Privacy Policy

Rosply is a locally-installed desktop application. The developer does not operate any server infrastructure that receives data from your use of the Software. There is no telemetry, no usage analytics, and no account system.

This policy describes what data the Software handles during operation, where that data goes, and what controls you have over it. It is written to be straightforward, not padded with legal boilerplate.

The developer of Rosply collects no data from you whatsoever. There are no servers, no databases, no analytics pipelines, and no telemetry built into the Software or this website.

When you contact us by email at support@rosply.com, we receive your email address and the contents of your message. We use this only to respond to your inquiry. We do not share it with any third party.

When you purchase the Software on Gumroad, Gumroad processes your payment and provides us with the basic transaction details necessary for order fulfillment. Gumroad's privacy policy governs that process.

When you run a task, the Software sends data to the AI API endpoint you have configured in your .env file. By default this is OpenRouter, but you can configure any compatible vision API.

The following data is sent on each step of a running task:

• A screenshot of your primary monitor (JPEG, compressed to the resolution configured in SCREENSHOT_MAX_WIDTH)
• The task description you typed or spoke
• A rolling window of recent action history for context (typically the last 10 steps)
• Your system's configured model name and any parameters set in .env

This data is governed exclusively by the privacy policy of the AI provider you choose. The developer of Rosply has no visibility into, control over, or responsibility for how your chosen provider stores or processes this data.

Your API key is stored only in the local .env file on your machine. It is sent only to the configured API endpoint and never to any developer-controlled server.

If you configure a local model (e.g., via Ollama), no data leaves your machine at all during task execution.

The Software writes the following files to your machine during normal operation:

None of this data is transmitted to the developer or any third party except through the explicit API calls described above.

You can delete any of these files at any time without affecting the Software's ability to run. Deleting memory.json clears the agent's persistent memory. Deleting the chats/ folder clears your session history.

The Software may optionally interact with the following third-party services at your direction. You choose which services are used via your configuration:

Rosply contains no analytics, crash reporting, usage tracking, heartbeat pings, or telemetry of any kind. The developer has no visibility into how you use the Software, how often you use it, what tasks you run, or whether you have installed it at all.

There is no auto-update mechanism that phones home to check for new versions. Updates are manual and distributed via the same channel as your original purchase.

This website (rosply.com / rosply.site) does not use cookies, tracking pixels, session storage for analytics purposes, or any third-party analytics service such as Google Analytics, Mixpanel, or similar.

The website is statically hosted. Server access logs (IP address, request path, timestamp) may be retained by the hosting provider for infrastructure security purposes. The developer does not access or analyze these logs for marketing or tracking purposes.

Purchases are processed by Gumroad. When you click "Buy on Gumroad" you are redirected to Gumroad's checkout page, which is governed by Gumroad's own privacy policy.

Because the Software runs locally and the developer collects no data, there is no developer-side data breach risk for your task data or API keys. Your security depends on:

• Keeping your .env file private and outside any git repository (it is included in the default .gitignore)
• Setting appropriate usage limits on your OpenRouter API key to cap potential abuse
• The security practices of the AI providers you choose to use
• The general security of the machine on which Rosply is installed

We recommend running Rosply under a standard user account rather than an administrator account to limit the potential blast radius of any unintended actions.

The developer retains no data about you. Any local files the Software creates (logs, chat history, memory) remain on your machine indefinitely until you delete them. There is no automatic expiry or cloud sync.

If you contact us by email, we retain the email thread for as long as necessary to resolve your inquiry, after which it may be archived or deleted. We do not add you to mailing lists or share your email with third parties.

For data retained by third-party providers (OpenRouter, your AI model provider), refer to their respective data retention policies.

Because the developer collects no personal data from you through the Software, there is no personal data held by the developer to access, correct, or delete.

If you are a resident of the European Economic Area (EEA), United Kingdom, or California, and believe the developer holds personal data about you (for example from a support email), you have the right to:

• Request access to any personal data we hold about you
• Request correction of inaccurate personal data
• Request deletion of your personal data
• Object to or restrict the processing of your personal data

To exercise any of these rights, contact support@rosply.com. We will respond within 30 days.

Rosply is not directed at children under the age of 13. The developer does not knowingly collect any personal information from children under 13. If you believe a child under 13 has provided personal information to us, contact support@rosply.com and we will delete it promptly.

This policy may be updated from time to time. Changes will be reflected on this page with an updated date at the top. We will not reduce your privacy rights under this policy without prominent notice.

Continued use of the Software after a policy update constitutes acceptance of the revised policy. If you disagree with a change, you may contact us or discontinue use of the Software.

For privacy-related questions, data requests, or concerns, contact us at:

We aim to respond within 3 business days for general inquiries, and within 30 days for formal data subject requests under GDPR or CCPA.