BaselineOS — Privacy Policy

Effective Date: April 13, 2026

This Privacy Policy describes how BaselineOS, provided by GTCX — Global Trade & Compliance Exchange (“GTCX”, “we”, “us”, “our”), handles data when you use our AI operating system SDK and desktop application (“the Software”).

1. Our Privacy Principle

BaselineOS is designed to operate locally. We do not run cloud services that process your data. Your organizational intelligence stays on your machine.

2. What Data BaselineOS Stores

BaselineOS stores the following data locally on your machine:

Organization profile: name, industry, and vertical (entered during onboarding)
Terminology: custom terminology definitions, enforcement rules, and language patterns
Configuration: layer settings, model routing preferences, and pipeline configuration
Organizational memory: accumulated intelligence from AI interactions

This data is stored in the .baseline/ directory in your project root and in browser localStorage (for the desktop application).

3. What BaselineOS Does NOT Collect

No usage telemetry
No analytics or behavioral tracking
No personal information sent to GTCX servers
No crash reporting without explicit consent
No cookies for tracking purposes
No fingerprinting or device identification

GTCX does not operate servers that receive, process, or store your organizational data.

4. API Keys

API keys for LLM providers (Anthropic, OpenAI, Google, etc.) are stored locally on your machine
Keys are encrypted at rest using AES-256 via the BaselineOS credential vault
API keys are never transmitted to GTCX
Keys are used exclusively for direct communication between your machine and the LLM provider

5. LLM Interactions

When you use BaselineOS to interact with LLM providers:

Prompts and responses flow directly between your machine and the LLM provider (Anthropic, OpenAI, etc.)
BaselineOS processes LLM output locally — applying terminology enforcement, provenance tracking, and organizational context
BaselineOS does not store conversation history on remote servers
BaselineOS does not act as a proxy or intermediary for LLM API calls

Your interactions with LLM providers are subject to those providers’ own privacy policies and terms of service.

6. Cross-Organization Learning

BaselineOS offers an optional cross-organization learning feature. When explicitly enabled:

Anonymized terminology patterns (no organization names, no user data, no proprietary content) may be shared within industry verticals to improve output quality
This feature requires explicit consent and is disabled by default
You can disable it at any time through the BaselineOS configuration

When disabled, no data of any kind leaves your machine via BaselineOS.

7. Data Portability

BaselineOS supports full data portability:

exportOrganizationalMemory() exports all accumulated organizational intelligence as portable JSON
Exported data includes terminology, patterns, and configuration — everything BaselineOS has learned about your organization
You own this data entirely

8. Data Deletion

To remove all BaselineOS data from your machine:

Delete the .baseline/ directory from your project root
Clear browser localStorage (for desktop application data)
Uninstall the BaselineOS desktop application

No remote data deletion is necessary because no data is stored remotely.

9. Children

BaselineOS is not designed for, marketed to, or intended for use by individuals under the age of 18.

10. Changes to This Policy

We will update this Privacy Policy as needed. Material changes will be communicated through BaselineOS release notes or documentation. The effective date at the top of this document will be updated accordingly.

11. Contact

For questions about this Privacy Policy or data handling practices, contact: iam@amanianai.com

This document is a draft for legal review and does not constitute a final privacy policy.