Security
Zero network calls. Local-only storage. Verifiable.
loci is built on a simple principle: your AI conversations belong to you. Nothing leaves your device.
Privacy model
loci makes zero network calls. The extension, desktop app, and MCP server all operate entirely on your local machine.
| Component | Network access |
|---|---|
| Browser extension | None. All data stays in browser-local storage. |
| Desktop app (Tauri) | None by default. LLM provider calls are opt-in (Wizard tier). |
| MCP server | Localhost only (127.0.0.1:3721). Does not bind to external interfaces. |
There is no telemetry, no analytics, no crash reporting, no "phone home" behaviour.
What data is collected
The extension collects conversation turns from supported AI chat platforms:
- User messages: what you typed
- Assistant messages: what the AI responded
- Metadata: timestamp, conversation ID, platform identifier
This data is stored locally in IndexedDB (origin-isolated) and chrome.storage.local.
What is NOT collected
| Data type | Collected? |
|---|---|
| Passwords | No |
| Form data (outside AI chat) | No |
| Browsing history | No |
| Other tabs | No |
| Cookies | No |
| Authentication tokens | No |
| Payment information | No |
The extension content scripts only run on explicitly declared host permissions (claude.ai, chatgpt.com, chat.openai.com). They do not access other websites.
Content sanitisation
Before storage, conversation content is sanitised:
- Script stripping: any
<script>tags or inline event handlers are removed - HTML normalisation: content is parsed and re-serialised as safe Markdown
- Whitespace normalisation: excessive whitespace and control characters are collapsed
This prevents stored content from containing executable code.
Message validation
The extension uses Chrome's message passing API for communication between content scripts, the service worker, and the side panel.
All messages are validated against a strict schema before processing:
interface IndexMessage {
type: "INDEX_CONVERSATION";
payload: {
id: string; // validated: non-empty string
platform: Platform; // validated: enum
turns: Turn[]; // validated: array of valid turns
};
}Messages that fail validation are dropped and logged. This prevents injection attacks via malformed messages.
IndexedDB isolation
IndexedDB storage is origin-isolated to the extension's unique ID:
chrome-extension://{extension-id}/This means:
- Other browser extensions cannot read loci data
- Websites cannot read loci data
- Other Chrome profiles cannot read loci data
The data is as isolated as your browser profile itself.
Data deletion
Uninstalling the extension removes all stored data. IndexedDB and chrome.storage.local are both cleared when the extension is removed.
To manually clear data without uninstalling:
- Open the side panel
- Settings (gear icon) > Clear all data
- Confirm
This removes all indexed conversations, tags, and search index data.
API key storage (Wizard tier)
If you configure an LLM provider for semantic search or summarisation, API keys are stored in your operating system's secure keychain:
| OS | Storage |
|---|---|
| macOS | Keychain Access |
| Windows | Windows Credential Manager |
| Linux | libsecret (GNOME Keyring / KWallet) |
API keys are never written to config.json or any plaintext file.
Data at rest
Indexed conversations are stored as plaintext in IndexedDB (browser) and ~/.loci/ (desktop app).
loci relies on OS-level encryption:
- macOS: FileVault
- Windows: BitLocker
- Linux: LUKS / dm-crypt
Future
Optional at-rest encryption (per-room or full vault) is on the roadmap. Not implemented in v1.0.
Open source verification
loci is open source. You can verify that the extension does what it claims:
# Clone the repo
git clone https://github.com/huximaxi/Loci
cd Loci/packages/extension
# Install dependencies
npm install
# Build from source
npm run build
# Compare to any distributed build
diff -r dist/ /path/to/distributed/extension/The build is deterministic. Same source, same output.
Reporting security issues
If you discover a security vulnerability, report it privately:
Email: hux@nymtech.net
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested mitigations
Do not open a public GitHub issue for security vulnerabilities. We will respond within 48 hours and coordinate disclosure.