Privacy Policy

Sanqian ("we", "our", or "us") develops a desktop AI agent orchestration hub and related productivity tools. This Privacy Policy explains what information we collect, how we use it, and your rights -- whether you use our desktop application, visit our website, or interact with any of our services.

By using Sanqian, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

2.1 Information You Provide

• OAuth credentials -- When you connect a Google service (or other OAuth-based service) through Sanqian's skill system, you authorize the app to access specific scopes on your behalf. The resulting access and refresh tokens are stored locally on your device.
• API keys and service credentials -- You may provide API keys for AI model providers, search services, speech services, and messaging platforms. These credentials are stored locally and never transmitted to our servers.
• Support communications -- If you contact us for support, we may collect your email address and the content of your message.

2.2 Information Collected Automatically

• Website analytics -- Our website uses Google Analytics, which collects anonymized data such as IP address (truncated), browser type, device type, pages visited, and referral source. Analytics data is retained for 14 months.
• Update checks -- The desktop application periodically checks GitHub Releases for available updates. Only the current application version is sent during this check; no user data is transmitted.

The Sanqian desktop application does not collect any telemetry, usage analytics, or crash reports.

2.3 Information We Do NOT Collect

We want to be explicit about the data we never collect or access:

• Your conversations, documents, agent outputs, or local files
• Your AI prompts, responses, or interaction history
• Your API keys, OAuth tokens, or service credentials
• The content of your Gmail, Google Drive, or Google Calendar data
• Your screenshots, voice recordings, or screen activity
• Messages sent or received through messaging channels
• Your browsing history or activity outside our website
• Biometric, health, financial, or location data
• Data from users under the age of 16

Sanqian's skill system allows you to connect Google services -- such as Gmail, Google Calendar, and Google Drive -- so that AI agents can act on your behalf (e.g. reading emails, creating calendar events, searching files). Here is how this works:

3.1 How access works

• You explicitly initiate each connection and choose which Google service to authorize.
• Authorization uses the industry-standard OAuth 2.0 protocol. Our auth relay server (auth.sanqian.ai) facilitates the OAuth callback flow but does not store tokens or access your Google data.
• Access and refresh tokens are stored exclusively in a local SQLite database on your device (~/.sanqian/).
• All requests to Google APIs are made directly from your device. Google data is fetched, processed in-memory, and used within the context of your local conversation. It is never uploaded to or stored on our servers.

3.2 Scopes and permissions

Sanqian only requests the OAuth scopes necessary for the specific skill you are connecting. For example, a Gmail skill will only request Gmail-related scopes. You can review and revoke any granted permissions at any time through your Google Account permissions page.

3.3 Google API Services User Data Policy

Sanqian's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we:

• Only use Google API data to provide and improve the user-facing features you explicitly request
• Do not use Google API data to develop, improve, or train generalized AI or machine learning models
• Do not sell, lease, or transfer Google API data to third parties, ad networks, data brokers, or any information resellers
• Do not use Google API data for advertising, marketing profiling, or credit assessment
• Do not allow humans to read Google API data unless: (a) you give explicit consent, (b) it is necessary for security purposes (e.g. investigating abuse), or (c) it is required by law

3.4 Google data and AI processing

When Google API data (e.g. email content, calendar events) is included in a prompt to an AI provider, this happens entirely on your device at your explicit direction. Sanqian does not independently decide to send Google data to AI providers. You retain full control over which data is shared and with which provider.

Sanqian integrates with various third-party services. In all cases, data is sent directly from your device to the service provider -- it never passes through Sanqian's servers. You configure each integration with your own credentials and can disconnect at any time.

4.1 AI model providers

You provide your own API keys for AI chat, embeddings, and vision capabilities. Supported providers include OpenAI, Anthropic, Google Gemini, DeepSeek, and others. Your prompts, conversation context, and model responses are transmitted directly between your device and the provider. We do not proxy, intercept, log, or store any of this data.

4.2 Voice and speech services

When you use voice input or text-to-speech features, audio data is sent directly from your device to your configured speech provider (e.g. OpenAI Realtime, Volcengine). Audio is processed in real-time and is not stored by Sanqian. Refer to your chosen provider's privacy policy for their data handling practices.

4.3 Computer use and screen capture

The computer use feature captures screenshots of your screen locally on your device. These screenshots are sent directly to your selected AI provider (OpenAI, Anthropic, or Google) for vision processing. Screenshots are transient -- they are not persisted beyond the current interaction and are never sent to Sanqian's servers.

4.4 Messaging channels

You can connect Sanqian to messaging platforms including Telegram, Slack, Feishu (Lark), WeChat, and QQ. When configured:

• Messages are received from and sent to each platform's official API directly from your device.
• Channel credentials (bot tokens, app secrets) are stored locally.
• Incoming messages may be processed by your configured AI provider as part of an agent conversation.
• No message content passes through Sanqian's servers.

4.5 Web search

When you use web search within Sanqian, search queries are sent to your selected search provider. Supported providers include DuckDuckGo (default, no API key required), Google Custom Search, Tavily, SerpAPI, and browser-based search engines. Search queries and results are not stored beyond the current conversation context.

4.6 Image generation

Image generation prompts are sent directly to your configured provider (e.g. Google Gemini, Volcengine). Generated images are returned to your device and stored locally. Prompts and images are not sent to Sanqian's servers.

4.7 Skill store

The skill catalog is downloaded from GitHub and jsDelivr CDN. No user data, installed skill information, or usage statistics are sent during this process -- it is a one-way content download.

4.8 Office add-ins

Sanqian's Word and Excel add-ins communicate with the desktop application exclusively via local WebSocket connections on your device. Document content processed through the add-in may be sent to your configured AI provider but never to Sanqian's servers.

4.9 Provider privacy policies

Your interactions with third-party providers are governed by their respective terms. We encourage you to review them:

• OpenAI Privacy Policy
• Anthropic Privacy Policy
• Google Privacy Policy
• DeepSeek Privacy Policy

We use the limited information we have access to for the following purposes:

• Facilitating the OAuth 2.0 authorization flow via our auth relay server
• Distributing application updates via GitHub Releases
• Distributing the skill catalog via GitHub and CDN
• Responding to your support requests and communications
• Analyzing anonymized website traffic to improve our website
• Complying with legal obligations

We do not use your personal data for advertising, profiling, or automated decision-making. We do not sell your personal data.

We do not sell, rent, or trade your personal information. We may share information only in these limited circumstances:

• Service providers -- We may use trusted third-party services for hosting our website and auth relay infrastructure. These providers process data only on our behalf and are bound by confidentiality obligations.
• Legal requirements -- We may disclose information if required by law, regulation, legal process, or governmental request.
• Business transfers -- In the event of a merger, acquisition, or sale of assets, any information we hold may be transferred as part of the transaction. We will notify you before your information becomes subject to a different privacy policy.

Local-first architecture

Sanqian is built on a local-first architecture. All user data -- conversations, agent outputs, settings, OAuth tokens, API keys, vector embeddings, and skill configurations -- is stored in a SQLite database on your device (typically at ~/.sanqian/). We do not operate cloud servers that store your personal content, conversations, or credentials.

Auth relay server

Our auth relay server (auth.sanqian.ai) handles the OAuth 2.0 redirect flow to enable desktop-to-browser authorization. It facilitates the token exchange but does not persist tokens, user data, or any Google API content.

Security measures

• OAuth 2.0 with PKCE (Proof Key for Code Exchange) is supported for enhanced authorization security.
• All communications between the application and external services use TLS/HTTPS encryption.
• Sensitive data such as API keys is masked in application logs and UI displays.
• Deep link URLs containing sensitive parameters are redacted in logs.

While we implement reasonable safeguards, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of data transmitted over the internet.

The Sanqian desktop application does not use cookies or any tracking technologies.

Our website (sanqian.io) uses the following:

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

• Local application data -- entirely under your control. Conversations, agent data, OAuth tokens, embeddings, and settings can be deleted at any time by removing the ~/.sanqian/ directory or uninstalling the application.
• OAuth connections -- you can disconnect any Google service at any time from within the app or by revoking access from your Google Account settings. Local tokens are deleted immediately upon disconnection.
• Website analytics -- Google Analytics data is retained for 14 months, after which it is automatically deleted.
• Support communications -- retained for up to 2 years to help us improve our service, unless you request earlier deletion.

For users in the European Economic Area and United Kingdom (GDPR)

Our legal basis for processing your personal data is your explicit consent (for OAuth authorization of Google services) and our legitimate interest in operating and improving our services (for website analytics).

Under GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate personal data
• Request erasure of your personal data
• Restrict or object to processing of your data
• Data portability
• Withdraw consent at any time
• Lodge a complaint with your local supervisory authority

If your data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses or adequacy decisions to ensure appropriate safeguards.

For users in California (CCPA/CPRA)

Under California law, you have the right to:

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Opt out of the sale or sharing of personal information
• Non-discrimination for exercising your privacy rights

We do not sell or share your personal information as defined under the CCPA/CPRA. In the preceding 12 months, the only category of personal information we may have collected is internet activity (anonymized website analytics).

For all users

Regardless of where you are located, you may exercise your rights by contacting us at [email protected]. We will respond to your request within 30 days.

Sanqian is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected personal data from a child under 16, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at [email protected].

We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will update the "Effective date" at the top of this page. We encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

• Email: [email protected]

We aim to respond to all inquiries within 30 days.