Foxl Docs

Security & Privacy

How Foxl keeps your data local, transparent, and under your control

Foxl is designed with a local-first architecture. Your data stays on your machine, your memory is transparent, and you control what the agent can do.

Core Principles

  1. Local execution: The agent runs on your Mac. Data does not leave your machine unless you explicitly use cloud services.
  2. Transparency: All memory is stored as readable markdown files. No hidden databases or opaque data stores.
  3. User control: Every sensitive action requires your approval. You decide what the agent can and cannot do.

Tool Permissions

Each tool has a permission level:

PermissionToolsBehavior
Auto-approvedfile_read, web_fetch, memory, code_searchRuns without asking
Requires confirmationexec (shell), git push/commitAsks before executing (can be set to "always approve")
Restrictedbrowser on financial sitesBlocked by default

You can adjust these permissions in Settings > Tools.

Browser Security

  • Domain whitelist/blacklist: Configure which sites the agent can access
  • Financial site blocking: Banking and trading sites are blocked by default
  • Visual indicators: The Chrome Extension shows what the agent is doing in your browser
  • Action logging: Every browser action is recorded in the audit log

Code Execution Sandbox

The exec tool (shell command execution) includes safety measures:

  • Working directory restriction: Commands run in a designated directory
  • Timeout: Long-running commands are automatically terminated
  • Dangerous command blocking: Commands like rm -rf /, sudo, and similar are blocked
  • Confirmation required: Shell commands require approval before execution (you can set "always approve" per tool)

Memory Privacy

All memory files are plaintext markdown stored locally:

~/.foxl/workspace/
  SOUL.md      # Agent personality
  USER.md      # Your preferences
  MEMORY.md    # General knowledge
  memory/      # Daily summaries

You can read, edit, or delete any file at any time. There is no encrypted or hidden memory — what you see is exactly what the agent knows.

Network Security

  • Localhost only: The agent server listens only on localhost. It is not accessible from other devices on your network.
  • Connection token: The web dashboard connects via a random token generated at startup.
  • No external telemetry: Foxl does not send usage data, crash reports, or analytics to any server.

Cloud Relay

The relay server at relay.foxl.ai handles:

  • Authentication: Sign in with Google, Apple, or email
  • Model routing: Routes API calls to AI providers (AWS Bedrock)
  • Credit billing: Tracks credit usage for your account

The relay does not store your conversations, memory, files, or any personal data. When using the Desktop Relay for remote access, all messages are end-to-end encrypted (ECDH P-256 + AES-256-GCM).

Bring Your Own Key

When you use your own API keys (Settings > Providers), requests go directly from your machine to the AI provider. The Foxl relay is not involved. No credits are consumed.

Supported providers for BYOK:

  • Anthropic (Claude API direct)
  • OpenAI (GPT-4, etc.)
  • Google (Gemini)
  • Ollama (local models, completely offline)

API Key Storage

API keys are stored locally in the desktop app's configuration. They are never sent to Foxl servers — only to the respective AI provider when making API calls.

For maximum privacy, use Ollama with local models. Your conversations never leave your machine, no API calls are made, and no credits are consumed.

Morning Briefing

Set up a daily AI briefing that checks your email, calendar, and news

FAQ

Frequently asked questions about Foxl — pricing, security, features, and troubleshooting

On this page

Core PrinciplesTool PermissionsBrowser SecurityCode Execution SandboxMemory PrivacyNetwork SecurityCloud RelayBring Your Own KeyAPI Key Storage