Privacy Policy

This Privacy Policy explains how Nexight Technology (HK) Limited — a private company limited by shares incorporated in Hong Kong under the Companies Ordinance (Cap. 622), Company No. 80177350 ("we," "us," or "our") — handles information in connection with Tutti — our desktop application, command-line tools, local daemon, hosted services, the website at tutti.sh, and Tutti Cloud (collectively, the "Services").

We built Tutti to be local-first. The desktop app (Tutti · Local) runs on your own computer, and your workspaces, files, and Agent conversations are stored on your device, not on our servers. This policy is short by design, because we collect very little. Read it together with our Telemetry Transparency page, which lists every analytics field and event, and our Cookie Policy for the website.

The short version

• Tutti · Local stores your work on your machine. Your workspace files, Agent sessions and messages, tasks, settings, and AI provider keys live in a local database and folder on your computer. We do not have a copy.
• We do not run an account system for Tutti · Local. There is no sign-up, no login, and no name/email collected to use the local app.
• Three things do leave your device, and only these: (1) anonymous-by-design product analytics; (2) the AI requests your Agents make to the model providers you choose (sent directly from your machine using your own keys); and (3) routine app-update and app-catalog checks. Each is described below.
• Tutti · Cloud is not yet available. Tutti is currently a local-first desktop app. If we launch Tutti · Cloud (an opt-in hosted service), we will update this policy — including where data is hosted — before it becomes available to you.
• You can turn analytics off.

1. Scope: Local, Cloud, and the website

Tutti has surfaces that handle data very differently. Where a section applies to only one surface, we say so.

• Tutti · Local — Open-source desktop app + CLI + local daemon (tuttid) that run on your computer. Your data lives: On your device.
• Tutti · Cloud — A separate, opt-in hosted service for collaborating across devices — not yet available. Your data lives: When launched: on our servers (hosting region and transfer details disclosed before launch).
• tutti.sh — Our marketing and documentation website. Your data lives: Standard web hosting; see the Cookie Policy.

Tutti · Local is free and open source under the Apache-2.0 license. You can inspect exactly what it does — including everything described in this policy — in our public repository.

2. Information stored locally on your device (Tutti · Local)

When you use Tutti · Local, the following is created and kept on your own computer, in Tutti's local application directory and database. We do not receive or store this information:

• Workspace content — the files in your workspaces, app outputs, and running state.
• Agent sessions and messages — your conversations with Agents, the Agents' messages, and their activity logs.
• Issues and tasks — the work items, tasks, and runs you create.
• Preferences — your settings, such as appearance, language, and window layout.
• AI provider credentials — API keys you enter for your model providers are stored encrypted (AES-256) in your local database and are never transmitted to us.
• A device identifier and local logs — a randomly generated device ID and diagnostic logs used for analytics and troubleshooting (logs rotate and are deleted automatically; by default within roughly two weeks).

Because this data is local, you control it: you can delete it by removing the relevant workspace or by uninstalling Tutti and deleting its application directory.

3. Information that leaves your device

Only three categories of data leave your computer when you use Tutti · Local.

3.1 Product analytics (telemetry)

To understand how Tutti is used and to improve it, the app sends anonymous-by-design usage analytics. We use Volcano Engine DataFinder, an analytics service operated by Beijing Volcano Engine Technology Co., Ltd. (an affiliate of ByteDance). Analytics events are sent to a DataFinder endpoint hosted in Singapore.

What is sent with analytics events:

• a persistent, randomly generated device identifier (a pseudonymous ID — it is not your name or email, but it is stable across restarts);
• a session identifier generated each time the app starts;
• your operating system and the app version;
• a timestamp and whether dark mode is on; and
• the name of the product event (for example, "a workspace was opened" or "an Agent session started") and a small set of non-content parameters about that event (such as which feature was used or whether an action succeeded).

What is never sent through analytics: the contents of your workspaces, your files, your code, your Agent conversations or their outputs, your prompts, or your API keys.

The complete, current list of analytics events and fields is published on our Telemetry Transparency page.

How to turn it off. You can disable analytics entirely. When analytics is disabled, no events are sent.

Legal basis (EEA/UK). Where this processing relies on a legal basis under the GDPR/UK GDPR, we rely on our legitimate interest in understanding and improving the Services, balanced against your rights; you can object at any time by disabling analytics. Because the device identifier is pseudonymous personal data, this section is written to be transparent about it rather than to claim the data is fully anonymous.

3.2 AI requests to your chosen model providers (BYOK)

Tutti's Agents are powered by third-party AI model providers that you choose and configure with your own credentials ("bring your own key"). Supported providers include Anthropic (Claude), OpenAI, and Google (Gemini), among others.

When an Agent runs, your device connects directly to the model provider you selected, using the API key or account you configured. The request — which may include your prompts, relevant files, code, and tool results — is sent from your machine to that provider. We do not sit in the middle of these requests, and we do not receive, store, or proxy their contents.

Your use of each model provider is governed by that provider's own terms and privacy policy, including how they use or retain your data and whether they use it for training. We encourage you to review them:

• Anthropic — https://www.anthropic.com/legal/privacy
• OpenAI — https://openai.com/policies/privacy-policy
• Google — https://policies.google.com/privacy

3.3 App updates and the app catalog

To keep Tutti current and to offer apps that run inside Tutti, the app contacts:

• our software-update service to check for and download new versions; and
• our app catalog and app-runtime services to list and fetch available apps.

These requests are served from content-delivery and software-release infrastructure (currently Amazon CloudFront and GitHub Releases). Like any web request, they necessarily expose your IP address and basic request metadata (such as the requested file and your app version) to that infrastructure. This is used only to deliver updates and apps, not to profile you.

4. Tutti · Cloud (not yet available)

Tutti · Cloud — an optional hosted service for collaborating with teammates across devices — is not yet available, and this version of the Services does not upload your workspaces to our servers.

When we make Tutti · Cloud available, it will involve creating an account and hosting the content you choose to share on our servers. Before that happens, we will update this Privacy Policy to describe what Tutti · Cloud collects, where it is hosted, any international data transfers, and any payment processing — and we will make those terms available to you before you can start using Tutti · Cloud.

5. How we use information

We use the limited information described above to:

• operate and secure the Services (for example, deliver updates and apps);
• understand and improve the Services through aggregate analytics; and
• communicate with you where you have given us a way to do so (for example, if you contact us by email) about security, important changes, or support.

We do not sell your personal information, and we do not use your workspace content, files, or Agent conversations for advertising.

6. How we share information

We share information only with:

• Service providers that help us run the Services, as described above — our analytics provider (Volcano Engine DataFinder) and our content-delivery and release infrastructure. The AI model providers you configure receive your requests directly from you, as described in section 3.2.
• Legal and safety recipients, where we believe in good faith that disclosure is required by law or necessary to protect rights, safety, or the integrity of the Services.
• A successor entity, in connection with a merger, acquisition, or sale of assets, subject to this policy.

7. International transfers

We are based in Hong Kong, and Tutti's analytics are processed on a server in Singapore (section 3.1). If you are located in the European Economic Area, the United Kingdom, or Switzerland, your information may therefore be transferred to and processed in a country with different data protection laws. Where required, we put in place an appropriate transfer mechanism (such as the European Commission's Standard Contractual Clauses).

8. Data retention

• Local data stays on your device until you delete it. Local logs rotate automatically (by default, within roughly two weeks).
• Analytics data is retained by our analytics provider for the period needed for product analysis.
• Tutti · Cloud data — not applicable yet. When Tutti · Cloud launches, its retention will be described in the updated policy.

9. Security

We use reasonable technical and organizational measures to protect information, including AES-256 encryption of locally stored AI provider keys and encrypted transport for data in transit. No method of storage or transmission is perfectly secure, so we cannot guarantee absolute security. Because Tutti · Local stores your work on your own device, securing that device is also important to keeping your data safe.

10. Children

Tutti is not directed to children. The Services are intended for users 18 years of age or older, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us at business@tutti.sh and we will take appropriate steps to delete it.

11. Your privacy rights

Depending on where you live, you may have rights over your personal information, including to access, correct, delete, or obtain a copy of it, to object to or restrict certain processing, and to withdraw consent. Because Tutti · Local has no account and stores data on your device, you can exercise most of these rights directly — by viewing, editing, or deleting your local data, or by disabling analytics.

• Hong Kong. We are based in Hong Kong and handle personal data in line with the Personal Data (Privacy) Ordinance (Cap. 486) (PDPO). You have the right to request access to and correction of your personal data, and you may make a complaint to the Office of the Privacy Commissioner for Personal Data (PCPD).
• EEA/UK/Switzerland. You have rights under the GDPR/UK GDPR and may lodge a complaint with your local supervisory authority.
• United States. Residents of states with privacy laws (such as California, Colorado, Connecticut, Texas, Virginia, and others) may have rights to know, access, correct, delete, and obtain a copy of personal information, and to opt out of certain processing. We do not sell personal information or use it for targeted advertising.

To exercise any right that requires us to act, or to ask a question, email business@tutti.sh. We will respond as required by applicable law. We will not discriminate against you for exercising your rights.

12. Do Not Track

Some browsers offer a "Do Not Track" signal. There is no common standard for how to respond to it, so the Services do not currently respond to DNT signals. You can still disable Tutti's analytics as described in section 3.1.

13. Changes to this policy

We may update this policy from time to time. When we do, we will change the "Last updated" date above, and for material changes we will provide a more prominent notice (for example, prominently in the app or on the website).

14. Contact us

For privacy questions or to exercise your rights:

• Email: business@tutti.sh
• Post: Nexight Technology (HK) Limited, Suite 6503, 65/F, Central Plaza, 18 Harbour Road, Wan Chai, Hong Kong

Nexight Technology (HK) Limited is the data controller responsible for your personal information. Hong Kong does not require us to appoint a Data Protection Officer; our privacy contact is business@tutti.sh.