What we don't collect.

The daemon runs entirely on your machine. The only thing it intercepts is the input to each Claude Code tool call — the shell command, file path, or URL — plus a session identifier and current working directory. It does not see your conversation with Claude, Claude's responses, or the contents of files Claude reads.

Approval decisions are stored in a SQLite database at ~/.vigili/queue.db. Policy rules live in ~/.vigili/policy.yaml. Both are owner-only (file mode 0600) and never leave your machine unless you choose to use the cloud relay.

If you enable the managed relay at relay.vigili.io for outside-LAN access, the relay routes by pairing-id and sees the same approval payload your phone sees (the tool input, e.g. the command line being run). It does not store this payload — it only forwards in memory. End-to-end encryption between Mac and phone is on the roadmap.

You can also self-host the relay — the code is OSS. In that case Vigili.io sees nothing.

If you enter your email on the landing page, we store it solely to send you a single notification when Vigili launches. No newsletters, no marketing, no third-party sharing. Unsubscribe by replying to that email or emailingprivacy@vigili.io any time.

Page visits are measured via Vercel Analytics in cookieless mode. We see aggregate counts (visits, referrers, browsers) but no personal identifiers and no cross-site tracking.

Questions: privacy@vigili.io.