thirdeye is designed for local use on your Mac. It is not a hosted service, and it does not send recordings, transcripts, summaries, settings, or job artifacts to any thirdeye-owned cloud service.

The macOS app starts local services on loopback addresses only:

These ports are intended to be reachable only from the same computer. Do not expose them to a public network or bind them to 0.0.0.0.

The supported local product has no in-app authentication screen and accepts real provider settings at runtime. Tests that need simulated providers use explicit doubles under tests/support; those doubles are not activated by .env settings.

Data created by the macOS app stays on your local computer. The app workflow stores controller state, recordings, transcripts, summaries, artifacts, logs, and capture runtime files under:

~/Library/Application Support/thirdeye/

The command-line development workflow stores runtime data in the repository under:

runtime/

Your .env file also stays local. It can contain Deepgram credentials and other local runtime settings. Do not commit .env or share it.

The app itself is local-first, but some optional features use services you configure:

• Live transcription uses DEEPGRAM_API_KEY and sends the captured audio stream to Deepgram.
• OpenClaw-backed summaries use your configured OpenClaw gateway.
• Optional isolated desktops may access websites you open inside them.

If you require a strict no-network workflow, do not configure external transcription or summary providers and do not create optional Docker desktops.

Local capture depends on macOS Screen & System Audio Recording permissions. Grant access only to thirdeye when using the packaged app. If you start the capture agent directly from Terminal, macOS may attribute permissions to Terminal or the Python launch path instead.

Only capture meetings, sessions, screens, apps, windows, and audio that you are allowed to capture. This project does not bypass platform permissions, login requirements, DRM, or consent controls.