Skip to main content

Privacy Policy

Last updated: January 1, 2026

Summary

This policy covers all Sigilweaver products: Studio, Server, Hub, and this website.

  • Studio + Server: We collect nothing. Runs locally. No telemetry.
  • Hub: Collects user data, workflows, and audit logs. Self-hosted only — we don't run it for you.
  • Website: Standard server logs. No analytics or trackers.
  • We don't sell data. Ever.
  • Open source. Verify our claims by reading the code.

1. Sigilweaver Studio + Server

What we collect

Nothing. No telemetry, no analytics, no crash reporting, no phoning home.

What stays on your machine

  • Settings (author name, theme, preferences) — in your system's app data folder
  • Workflow files (.swwf) — wherever you save them
  • Your data (CSV, Parquet, databases) — unchanged, where you put it

Network connections

Studio can run in three modes:

  • Bundled Server: Fully local. No internet required.
  • External Server: Connects to a Server you run elsewhere.
  • Hub: Connects to a Hub instance (see next section).

Optional update checks can be disabled in settings.

2. Sigilweaver Hub

Hub is self-hosted workflow orchestration software. We do not operate Hub for anyone. If you use Hub, either you're running it yourself or someone else is running it for you.

What Hub collects

Hub is enterprise-grade software built with compliance in mind. Administrators configure grants for databases, file paths, credentials, and cloud storage. It collects detailed, potentially sensitive data by design:

  • User accounts and sessions (including IP addresses)
  • Workflow files and metadata
  • Execution history (what ran, when, success/failure)
  • Immutable, tamper-evident audit logs of all user actions
  • Database connection credentials (encrypted)

The audit logs are comprehensive — who did what, when, from which IP. This is intentional for compliance and security, but it means the data collected is substantial.

If you deploy Hub for others

You control all the data. Hub makes no external calls — assets are bundled, no CDNs.

If you deploy Hub for others, you must have your own privacy policy and terms of use. The nature of Hub data — detailed audit logs, IP addresses, workflow contents, database credentials — may be highly sensitive. Your users have a right to know what is collected, who can access it, and how long it is retained.

Running Hub just for yourself? You don't need policies — it's your data.

We provide templates as a starting point:

These are templates only — not legal advice. You must customize them for your organization, jurisdiction, and practices, and have your legal counsel review them before publishing.

⚠️ If another organization deployed Hub for you

Their privacy policy and terms of use apply, not ours. They should have both available. If they don't, ask them to provide them — or reconsider using their deployment. Hub collects detailed data about everything you do; you deserve to know how that data is handled.

You can reference our templates to understand what they should cover: Privacy Policy · Terms of Use

Questions to ask the deploying organization:

  • Who has access to the audit logs showing all my activity?
  • How long is my data retained after I stop using the service?
  • Where is data stored and who else can access it?
  • What happens to my workflows and credentials if there's a breach?
  • Can I export or delete my data?

3. Website + Documentation

What we collect

  • Server logs (IP address, browser, timestamps) — retained 30-90 days
  • Whatever you send us (emails, GitHub issues)

What we don't use

  • No Google Analytics or similar
  • No advertising trackers
  • No tracking cookies (Cloudflare may set security cookies)
  • No external CDNs — fonts, scripts, and icons are self-hosted

Hosting providers

These services host our infrastructure and have their own privacy policies:

4. Data Sharing

We don't sell, trade, or rent your data.

We may share information if required by law or to protect our rights.

5. Your Rights

Depending on your location (GDPR, CCPA, etc.), you may have rights to access, correct, delete, or export your data. Contact us via GitHub to make a request.

Since Studio/Server collect nothing from us, there's nothing for us to provide. If you're using a Hub instance, contact the operator — not us.

6. Other

International users

Website infrastructure is in the US. If you're elsewhere, data crosses borders.

Children

Not intended for users under 13.

Changes

We'll update the date at the top when this policy changes.

7. Verify It Yourself

Sigilweaver is AGPL-3.0 licensed. Don't trust this document — read the code. There's no hidden telemetry, no analytics, no data collection you can't see.

8. Contact

Questions? Open an issue or discussion on GitHub.