Privacy Policy
Goblintown is a local-first orchestration tool. This policy covers the website, Codex Plugin, ChatGPT App dev preview, CLI, local Tank, and related package docs.
Short Version
Goblintown does not sell personal data, does not use data for ads, and does not add hidden remote analytics to the local package. The local tools run from your machine and store local state only when you ask them to create or reuse a Warren, run history, settings, or artifacts.
Data Goblintown May Handle
Depending on what you choose to run, Goblintown may handle:
- Prompts, tasks, questions, and tool inputs you submit.
- Local project context or files you explicitly ask Goblintown to scan, import, or summarize.
- Run artifacts, local settings, provider route choices, hosted settings, hosted DAG packets, imported context, recorded host traces, and setup diagnostics.
- Provider status such as missing-key state, without intentionally exposing secret values.
- Optional ChatGPT or Codex host context that the host includes in a tool call.
- Optional cloud-mode account, country, mail, discovery, or sync fields when cloud features are enabled by you.
Where Data Goes
- Local-first state stays on your machine, usually under a project
.goblintownfolder or the Codex-local Goblintown folder. - When you use the hosted ChatGPT App, ChatGPT and OpenAI receive the content needed to call the app tools and execute the returned host-run packets.
- The hosted runtime can store DAG packets, imported context, recorded host traces, retention settings, model-profile choices, and redacted provider-key metadata for later Goblintown calls.
- When you use Codex, the Codex host receives the content needed to call the plugin tools.
- The hosted ChatGPT App does not require
OPENAI_API_KEY. Provider-key configuration in the hosted settings panel stores redacted metadata and fingerprints by default, not raw key values. - When you run local-provider execution, configured model providers may receive prompts, context, and tool outputs needed for that run.
- When you provide URLs or enable tools that fetch remote content, those remote services may receive normal request metadata.
- Private local files are not uploaded by Goblintown unless you ask a tool to read, scan, import, summarize, or send them to a provider or host.
Keys And Secrets
API keys are meant to stay in your local environment, local settings, or a dedicated hosted secret backend. Goblintown diagnostics should report whether a key is present or missing, not the secret value itself. The hosted settings panel defaults to redacted metadata/fingerprint storage so raw provider secrets are not returned to widgets or logs. You are responsible for choosing which providers to configure and for removing secrets from prompts, files, screenshots, logs, or artifacts before sharing them.
Retention And Deletion
Local files, Warrens, run logs, and artifacts remain on your machine until
you delete them or reset that local state. Hosted runtime records follow
the retention settings shown in /settings.html and the
configured backend's durability. Hosts and providers may retain data
according to their own policies. To remove local Goblintown data, delete
the relevant project .goblintown folder and any Codex-local
Goblintown state you no longer want.
Children
Goblintown is built for developers and is not directed to children. Do not use it to intentionally collect children's personal information.
Changes And Contact
This policy may change as Goblintown changes. For privacy questions, issues, or corrections, open an issue at github.com/0xbl33p/goblintown/issues.