Privacy and Local Data

Airo is designed around practical local-first workflows.

Local-First Principles

• Prefer on-device AI when supported.
• Route app actions through Airo-owned tools, not direct model access.
• Keep sensitive actions confirmation-gated.
• Avoid sending raw private data to cloud AI fallback unless the user has opted into a workflow that requires it.

Files and Quests

Quest uploads can include PDFs, images, text files, and documents. Treat uploaded files as private user data. Any new PR that changes file handling must document:

• Supported file types.
• Storage behavior.
• Whether processing is local, remote, or mixed.
• Any deletion or retention behavior visible to users.

Money Data

Money, expenses, groups, and shared splits represent sensitive personal data. New finance features must document:

• What data is stored.
• Whether data syncs beyond the device.
• Any export, sharing, or payment behavior.
• Confirmation behavior for writes or sends.

Model and Connector Data

Future Agent Skills and connectors must document declared capabilities and permission prompts before release. Calendar, notification, location, and account connectors should never be described as available in this wiki until the app actually ships them.