Local Waifu Bring her home, free 💗
Legal

Privacy Policy

Last updated: 2026-05-25

Local Waifu is a local-first macOS application. The short version: nothing about your conversations, characters, or use of the app leaves your Mac unless you explicitly turn on a feature that requires it. There is no "Local Waifu cloud", no analytics endpoint, no telemetry.

1. Data controller

The controller of any personal data processed in connection with the app and this website is:

Łukasz Blania prowadzący działalność gospodarczą pod firmą Lumi Zone Łukasz Blania
ul. Zabrska 15, 40-083 Katowice, Poland
NIP: 1990132289
Email: contact@localwaifu.com

We are a small business and have not appointed a Data Protection Officer (DPO), Art. 37 GDPR does not require us to. For any privacy-related matter, contact us directly at the address above.

2. What stays on your Mac

Everything by default.

  • Conversations, characters, memories, knowledge graph, mood, relationship XP live in ~/Library/Application Support/com.lumizone.localwaifu/ on your Mac. Soul files are encrypted with ChaCha20-Poly1305 using a key derived from your passphrase + Mac hardware UUID + a per-install random salt.
  • The local LLM (bundled Ollama) runs on your CPU/GPU. Prompts and replies never leave the process.
  • Voice, push-to-talk audio is transcribed locally via whisper.cpp. Audio bytes are processed in-memory and not persisted.
  • Image OCR uses Apple Vision (on-device).
  • Slap detector (microphone), audio samples are processed in real time and discarded; only the derived "slap event" (timestamp + force bucket) is kept.

3. What leaves your Mac (only with your action)

  • Cloud chat / image gen (BYOK), if you save an OpenAI / Anthropic / DeepSeek / fal.ai / Google API key in Settings, the app forwards your prompts to that provider when you select a cloud model. The provider sees the prompt; we never see the API key (it's stored in your macOS Keychain). We do not proxy these calls.
  • Calendar / Reminders / iMessage MCP tools, if enabled, the LLM reads your local data via Apple EventKit / SQLite. Nothing is uploaded; the read happens on-device and the result is fed back into the local prompt context.
  • Web search MCP, if invoked, sends a search query to duckduckgo.com/html and parses the HTML response.
  • Home Assistant MCP, if enabled with LW_HA_URL and LW_HA_TOKEN env vars set, the app talks to your HA instance.
  • Telegram bridge, if enabled, the app long-polls Telegram's Bot API.
  • Auto-updater, checks github.com/lumizone/local-waifu/releases/latest/download/latest.json on launch. The check is a public, unauthenticated GET; GitHub sees your IP as it does for any HTTPS request.
  • License validation, talks to Dodo Payments on first redeem and when you deactivate a device in Settings → License. There is no recurring background revalidation at this time.

4. Legal basis for processing (GDPR Art. 6)

  • Performance of a contract (Art. 6(1)(b)), license validation via Dodo Payments; processing your order; providing the app.
  • Legitimate interest (Art. 6(1)(f)), operational server logs (Netlify) for security and abuse prevention; minimum data needed to keep the website running.
  • Your consent (Art. 6(1)(a)), website analytics (Umami), which only loads after you click "Accept" in the cookie banner. You can withdraw consent at any time by clearing your browser's local storage.
  • Legal obligation (Art. 6(1)(c)), keeping invoices and accounting records (issued by Dodo Payments as Merchant of Record on our behalf) for the period required by Polish tax law (6 years).

5. Recipients & processors

For features you turn on, we route data to the following third parties. Each operates under their own privacy policy.

  • Dodo Payments, Inc. (USA), payment processing, Merchant of Record, license management. Receives your name, email, and payment details at checkout.
  • Netlify, Inc. (USA), static hosting for this website. Sees standard HTTP request metadata (IP, user-agent).
  • Umami, self-hosted on analytics.darkdynasty.cloud (EU). Cookieless, anonymous page view counts. Loads only after consent.
  • GitHub, Inc. (USA), source code hosting; release asset delivery (DMG downloads + updater).
  • BYOK providers you configure, OpenAI, Anthropic, DeepSeek, fal.ai, Google. Each receives only the prompts you send through them.

6. International data transfers

Some of our processors are based in the United States (Dodo Payments, Netlify, GitHub) or other non-EEA countries. Transfers to those countries are made on the basis of:

  • Standard Contractual Clauses (SCCs) where applicable, and/or
  • Certifications under the EU-US Data Privacy Framework.

BYOK calls you initiate (OpenAI / Anthropic / DeepSeek / fal.ai / Google) are user-initiated transfers under Art. 49(1)(b) GDPR, necessary for the performance of the contract you have with that provider.

7. Retention periods

  • Data on your Mac, retained until you delete it (Settings → Advanced → Reset all data, or by uninstalling the app and removing ~/Library/Application Support/com.lumizone.localwaifu/).
  • License key (with Dodo Payments), for the life of your license + 6 years afterward, to satisfy Polish accounting law.
  • Netlify server logs, up to 30 days, then auto-rotated.
  • Umami analytics, anonymous page view counts retained up to 365 days, then aggregated. No individual records.
  • Email correspondence, kept for as long as needed to handle your request, then deleted within 12 months.

8. Your rights (GDPR)

You have the following rights regarding your personal data:

  • Access (Art. 15), request a copy of personal data we hold about you.
  • Rectification (Art. 16), correct inaccurate data.
  • Erasure / "right to be forgotten" (Art. 17).
  • Restriction of processing (Art. 18).
  • Data portability (Art. 20).
  • Objection to processing based on legitimate interest (Art. 21).
  • Withdraw consent at any time, for processing based on consent (Art. 7(3)). Withdrawal does not affect lawfulness of prior processing.
  • Lodge a complaint with the supervisory authority. In Poland: Prezes Urzędu Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa, kancelaria@uodo.gov.pl. You may also contact the supervisory authority in your country of habitual residence.

To exercise any of these rights, email contact@localwaifu.com. We respond within 30 days (typically within a few business days).

9. Children

Local Waifu is not intended for users under 16. We do not knowingly process personal data of children under 16 (Polish implementation of GDPR Art. 8, which raised the digital consent age from 13 to 16). If you believe a child has provided us with personal data, contact us and we will delete it.

10. Automated decision-making

We do not engage in automated decision-making or profiling that produces legal effects on you (GDPR Art. 22). The AI character's replies are not "decisions" within the meaning of Art. 22.

11. Data breach notification

If we ever experience a personal data breach likely to result in a risk to your rights and freedoms, we will notify the supervisory authority (UODO) within 72 hours of becoming aware (GDPR Art. 33), and affected users without undue delay (Art. 34).

12. About this website

localwaifu.com uses Umami (self-hosted, cookieless) to count anonymous page views and download-button clicks, only after you click "Accept" in the consent banner. No cookies are set, no fingerprinting, no cross-site tracking. If you click "Decline" or never interact with the banner, no analytics script is loaded.

Standard Netlify server logs contain HTTP metadata (IP, user-agent, timestamp) for operational and security purposes. These are not used for advertising.

13. Your data, your call

  • Export, Settings → Characters → Export gives you a JSON file with the character profile, chat history, memories, and knowledge graph.
  • Delete, Settings → Advanced → Reset all data wipes the SQLite database, soul files, and voice clones. Note: this does NOT clear your macOS Keychain entries (license key, trial timer, BYOK keys, Telegram bot token). To wipe Keychain too, use Keychain Access.app or security delete-generic-password -s "com.lumizone.localwaifu".

14. Changes to this policy

We may update this policy. Material changes will be announced in the app's CHANGELOG and on the GitHub release notes. The "Last updated" date at the top reflects the most recent change.

15. Contact

Email contact@localwaifu.com for questions, deletion requests, or anything else GDPR-shaped.