This document is provided in English. Any translation (including your browser's) is for convenience only; the English version is authoritative.
Privacy Policy
Last updated: June 6, 2026
NoFlattery is a local-first, offline-capable multi-agent AI chat application. This policy explains what data the app touches, where it lives, and what leaves your device.
1. tl;dr
- All your data stays on your device. Conversations, agent configurations, settings — everything lives in your browser's IndexedDB and Local Storage.
- No servers for your data. No backend, no cloud sync, no telemetry. The only contact with a server we operate is license activation, which sends just your license key and a device id (Section 4) — never your conversations or API keys.
- We cannot see your data. We have no way to access what's stored in your browser.
- API keys never leave your device except to call the AI providers you configure. They go directly from your browser to the provider's API — NoFlattery does not proxy, log, or relay them.
2. Where Your Data Lives
2.1 Local Storage (your browser only)
All application data is stored locally on your device using standard browser storage APIs:
| Storage | What's stored |
|---|---|
| IndexedDB (Dexie) | Conversations, messages, agent configurations, thread data, custom presets, provider credentials (API keys, base URLs) |
| Local Storage | License key + a randomly generated device id (Pro activation) |
2.2 No Servers for Your Data
NoFlattery is distributed as a single-file static web application. For your content, there is:
- ❌ No backend server
- ❌ No database we control
- ❌ No cloud synchronization
- ❌ No user accounts
- ❌ No analytics or telemetry
The app runs entirely in your browser. The only request NoFlattery makes to a server we operate is license activation/validation (Section 4), which carries just your license key and a device id — never your conversations, prompts, or API keys.
2.3 Data Portability
You can export your data at any time via the Settings page (Export Backup). The resulting JSON file contains your conversations, agents, and settings. You control where that file goes — we never receive it.
3. API Keys and AI Providers
3.1 How API Requests Work
When you send a message to an AI agent, the request goes directly from your browser to the AI provider's API (OpenAI, Anthropic, Google, OpenRouter, Groq, DeepSeek, Kimi, Qwen, or your own custom OpenAI-compatible endpoint). NoFlattery does not proxy, intercept, log, or relay these requests.
3.2 API Key Storage
Your API keys are stored locally in your browser's IndexedDB (Dexie credentials table). They are never transmitted to any server controlled by NoFlattery.
3.3 Third-Party AI Providers
Your conversations with AI providers are governed by their respective privacy policies and terms of service. Please review the privacy policies of the providers you choose to use:
NoFlattery is not responsible for how third-party AI providers handle data you send to them.
3.4 Optional Tools (External API Calls)
NoFlattery includes optional tools that, when invoked, send data from your browser to external APIs:
| Tool | External Service | What is sent |
|---|---|---|
| Linkup Search | linkup.so | Search queries |
| Linkup Fetch | linkup.so | Target URLs |
| CoinGecko | api.coingecko.com | Coin IDs, currency codes |
| World Bank | api.worldbank.org | Country codes, indicator codes |
| QuickChart | quickchart.io | Chart configuration (may include chart labels and data you provide) |
Some tools require explicit credentials or configuration (for example, Linkup requires a Linkup API key). Public tools such as CoinGecko, World Bank, and QuickChart may be available whenever tool calling is enabled and may be invoked by the AI model during a conversation. Requests go directly from your browser to the external service. NoFlattery does not proxy, log, or relay these requests.
4. License Activation (Pro)
NoFlattery offers a paid Pro license. Unlocking Pro uses a one-time online activation, with periodic re-validation:
- When you enter your license key, the app sends only the license key and a randomly generated device id to our license server, which validates it with our payment provider (Creem) and registers this device against your key's device limit.
- The app re-validates occasionally and keeps working offline for several days between checks (a grace period). If validation cannot reach the server, Pro continues during that window.
- A license can be revoked (for example, if a key is shared publicly); affected devices return to the Free tier on the next check.
- Your conversations, prompts, and API keys are never sent during activation or validation — only the license key and device id.
- Your license key and device id are stored in your browser's Local Storage. The device id is a random value; it is not derived from your content or identity.
5. Cookies
NoFlattery does not set any cookies. The app does not use tracking cookies, session cookies, or any other cookie-based storage.
6. What We Do NOT Collect or Receive
To be explicit, the NoFlattery application may transmit data directly from your browser to the AI providers and tools you configure (as described in Sections 3 and 3.4). However, the developer of NoFlattery does not collect, store, receive, or have access to:
- Your conversation content or message history
- Your agent configurations, custom prompts, or presets
- Your API keys, provider credentials, or base URLs
- Your identity, email address, name, or location
- Your IP address, browser fingerprint, or device information
- Usage analytics, crash reports, or telemetry
- Any conversation, prompt, preset, or API key — none of these are ever transmitted to a server we operate
The sole exception is license activation/validation (Section 4): the app sends your license key and a random device id to our license server. That is the only data NoFlattery transmits to a server we control, and it never includes your conversations, prompts, or API keys.
7. Third-Party Software
The application may be hosted on a web server, a static file host, or served from a local file. The entity hosting the static files may collect server access logs (IP address, request time, user agent) per standard web server operation. This is independent of NoFlattery and governed by the hosting provider's policy.
If NoFlattery is served as a static web page, no server-side logs are generated by the application itself.
8. Children's Privacy
NoFlattery does not knowingly collect data from anyone, including children under 13 (or the applicable age of digital consent in your jurisdiction). The app has no mechanism to identify or track users of any age.
9. Changes to This Policy
We may update this privacy policy from time to time. Changes will be reflected in the published policy document with the date of the latest revision.
10. Contact
For questions about this privacy policy or data handling practices, contact support through the official NoFlattery website or purchase channel.
NoFlattery — your data, your device, your control.