Privacy Policy

Effective date: June 1, 2026

Goblintown is a local-first orchestration tool. This policy covers the website, Codex Plugin, ChatGPT App dev preview, CLI, local Tank, and related package docs.

Short Version

Goblintown does not sell personal data, does not use data for ads, and does not add hidden remote analytics to the local package. The local tools run from your machine and store local state only when you ask them to create or reuse a Warren, run history, settings, or artifacts.

Data Goblintown May Handle

Depending on what you choose to run, Goblintown may handle:

  • Prompts, tasks, questions, and tool inputs you submit.
  • Local project context or files you explicitly ask Goblintown to scan, import, or summarize.
  • Run artifacts, local settings, provider route choices, hosted settings, hosted DAG packets, imported context, recorded host traces, and setup diagnostics.
  • Provider status such as missing-key state, without intentionally exposing secret values.
  • Optional ChatGPT or Codex host context that the host includes in a tool call.
  • Optional cloud-mode account, country, mail, discovery, or sync fields when cloud features are enabled by you.

Where Data Goes

  • Local-first state stays on your machine, usually under a project .goblintown folder or the Codex-local Goblintown folder.
  • When you use the hosted ChatGPT App, ChatGPT and OpenAI receive the content needed to call the app tools and execute the returned host-run packets.
  • The hosted runtime can store DAG packets, imported context, recorded host traces, retention settings, model-profile choices, and redacted provider-key metadata for later Goblintown calls.
  • When you use Codex, the Codex host receives the content needed to call the plugin tools.
  • The hosted ChatGPT App does not require OPENAI_API_KEY. Provider-key configuration in the hosted settings panel stores redacted metadata and fingerprints by default, not raw key values.
  • When you run local-provider execution, configured model providers may receive prompts, context, and tool outputs needed for that run.
  • When you provide URLs or enable tools that fetch remote content, those remote services may receive normal request metadata.
  • Private local files are not uploaded by Goblintown unless you ask a tool to read, scan, import, summarize, or send them to a provider or host.

Keys And Secrets

API keys are meant to stay in your local environment, local settings, or a dedicated hosted secret backend. Goblintown diagnostics should report whether a key is present or missing, not the secret value itself. The hosted settings panel defaults to redacted metadata/fingerprint storage so raw provider secrets are not returned to widgets or logs. You are responsible for choosing which providers to configure and for removing secrets from prompts, files, screenshots, logs, or artifacts before sharing them.

Retention And Deletion

Local files, Warrens, run logs, and artifacts remain on your machine until you delete them or reset that local state. Hosted runtime records follow the retention settings shown in /settings.html and the configured backend's durability. Hosts and providers may retain data according to their own policies. To remove local Goblintown data, delete the relevant project .goblintown folder and any Codex-local Goblintown state you no longer want.

Children

Goblintown is built for developers and is not directed to children. Do not use it to intentionally collect children's personal information.

Changes And Contact

This policy may change as Goblintown changes. For privacy questions, issues, or corrections, open an issue at github.com/0xbl33p/goblintown/issues.