Privacy Model
Your data stays on your machine and leaves only when you send a message to an AI provider. No QARK account, no cloud backend, no telemetry. The application runs entirely on your hardware.
Local-First Architecture
Section titled “Local-First Architecture”All persistent data lives in a SQLite database stored on your local filesystem. There is no remote database, no sync service, no server-side storage. When you close QARK, your data exists in exactly one place: your machine.
This applies to every operating system QARK runs on — Windows, macOS, and Linux. The database location follows each platform’s standard application data directory.
No Account Required
Section titled “No Account Required”QARK has no user accounts, no sign-up flow, no login screen. You download the application, open it, and start configuring. There is no identity layer because there is nothing to authenticate against — no cloud service exists.
No Telemetry, No Analytics
Section titled “No Telemetry, No Analytics”QARK sends zero telemetry data. No usage analytics, no crash reports, no feature flags fetched from a remote server, no “anonymous” usage statistics. The application makes no network requests except the ones you initiate by sending messages to AI providers or connecting MCP servers.
API Key Encryption
Section titled “API Key Encryption”Your API keys for providers like Anthropic, OpenAI, Google, and others are stored locally using AES-256 encryption. The keys never leave your machine except as authentication headers in API requests you trigger. No key is transmitted to QARK’s infrastructure (because no such infrastructure exists).
What Goes to Providers
Section titled “What Goes to Providers”When you send a message, QARK transmits the following to the selected AI provider:
- Your system prompt (from the agent configuration or conversation override)
- The conversation messages included by your context strategy
- Tool definitions for enabled tools
- Any attached files or images included in the message
This data is governed by the provider’s API terms of service — not by QARK. QARK does not add metadata, tracking identifiers, or wrapper payloads around your requests.
What QARK does not send to providers:
- Your other conversations
- Your agent configurations (beyond the system prompt for the active agent)
- Your API keys for other providers
- Your local documents or embeddings (unless explicitly included via RAG)
- Any application settings or preferences
What Stays Local
Section titled “What Stays Local”The following data never leaves your machine under any circumstance:
| Data Type | Storage |
|---|---|
| Conversation history | SQLite database |
| Groups and organization | SQLite database |
| Settings and preferences | SQLite database |
| Agent configurations | SQLite database |
| Flows and automation | SQLite database |
| Prompt library | SQLite database |
| Documents (uploaded files) | Local filesystem + SQLite metadata |
| Vector embeddings | Local vector store |
| MCP server configurations | SQLite database |
| MCP HTTP headers | AES-256 encrypted in SQLite |
| Export files | Local filesystem |
MCP Server Security
Section titled “MCP Server Security”MCP (Model Context Protocol) servers you configure may run locally or connect to remote endpoints. QARK encrypts any HTTP headers (including authentication tokens) stored in MCP server configurations using AES-256. When QARK connects to an MCP server, only the configured headers for that specific server are transmitted — never credentials for other servers or services.
Data Export: Your Data, Your Format
Section titled “Data Export: Your Data, Your Format”Export any conversation in the format you need:
- Markdown — Clean, portable text with formatting preserved
- HTML — Rendered conversation with styling, suitable for sharing or archiving
- PDF — Print-ready document with full conversation layout
- JSON — Structured data with all metadata, token counts, and tool call details included
Exported files are written to your local filesystem. No export passes through a cloud service or conversion API.
Comparison with Cloud-Based Alternatives
Section titled “Comparison with Cloud-Based Alternatives”| Capability | QARK | Cloud-based AI interfaces |
|---|---|---|
| Data storage | Local SQLite on your machine | Provider’s cloud servers |
| Account required | No | Yes (email, phone, or SSO) |
| Conversation history | Stored locally, never uploaded | Stored on provider’s infrastructure |
| Telemetry | None | Typically includes usage analytics |
| API key storage | AES-256 encrypted locally | Managed by provider (you use their key) |
| Data retention | You control deletion | Subject to provider’s retention policy |
| Offline access to history | Full access (database is local) | Requires internet connection |
| Multi-device sync | Not available (local-only by design) | Available via cloud sync |
| Audit trail | Full local database you can inspect | Varies by provider |
The tradeoff is explicit: QARK gives you complete data sovereignty at the cost of multi-device sync. Your conversations, agents, and configurations exist on the machine where you created them.
Verify It Yourself
Section titled “Verify It Yourself”QARK’s local-first claim is verifiable. Monitor your network traffic while using the application — the only outbound connections are API calls to providers you have configured and MCP servers you have connected. No background requests to QARK domains, no heartbeat pings, no data exfiltration. The SQLite database is a standard format you can open with any SQLite browser to inspect exactly what is stored.