Where does my data go?

Files dropped into Linda are parsed in the browser. Only what your prompts send to the LLM ever leaves the page. Linda itself sends nothing.

Where does my API key go?

In BYOK mode it sits in the browser — visible to anyone who looks. Use proxy mode (@linda/server) to keep it on your server. Linda streams over SSE in both modes.

Are uploads stored anywhere?

No. Files live in browser memory while the chat is open. Close the tab and they're gone. You can opt into IndexedDB persistence via the durable-state hook.

Security & privacy

Designed for the privacy axis.

Linda runs in the browser. Files stay in the browser. You hold the key. Here's the explicit model.

The promises

Linda's own runtime sends nothing. It calls only the LLM provider you configure. There is no Neul Labs analytics endpoint, no telemetry, no usage beacon. If something exfiltrates, it's because you (or a third-party hook) sent it.

Data paths, explained

Linda has three places data can flow. We document each one.

1. The model call

Whatever your prompt sends to the LLM — the user's messages, the parts of the VFS the model decided to read, the tool-call outputs — goes to the provider you picked. That's the trust boundary. If your provider is Anthropic, Claude's data-handling terms apply. If it's a self-hosted Ollama on your laptop, nothing leaves.

2. The file path

User-dropped files are processed in the browser:

PDFs via @linda/parsers-pdf (pdf.js)
DOCX/XLSX via @linda/parsers-office (mammoth + SheetJS)
ZIPs via @linda/parsers-archive (fflate)
Images/scans via @linda/parsers-ocr (tesseract.js)
Audio via @linda/parsers-audio (whisper.cpp WASM)
Embeddings/NER via @linda/parsers-ml (transformers.js)

The parsed text may be sent to the LLM (so it can answer questions about the file). The raw bytes never leave the browser unless you explicitly send them.

3. The webhook path

Declarative hooks let you POST events to your own URL (onComplete, afterFieldFill, etc.). That's your endpoint, your data. We never touch it.

BYOK vs. proxy

BYOK (bring your own key): The API key sits in the browser. Fine for personal projects, internal demos, and apps where the key has a tight per-user quota. Not fine if the key has access to anything sensitive — anyone in DevTools can copy it.

Proxy mode: Drop in @linda/server — a thin Node middleware that holds the key on your server and relays SSE to the browser. You add rate-limiting, per-user quotas, request inspection. ~1 KB of code, no business logic; you wire it into your existing Express/Hono/Fastify app.

Capability gates

Linda detects browser capabilities at startup (WebGPU, Bluetooth, NFC, Geolocation, FileReader, etc.) and only exposes the skills, parsers, and mounts that the runtime actually supports. So you can ship a build with the OCR skill and an NFC mount; on Firefox without WebNFC the NFC mount silently no-ops instead of crashing.

Guardrails

Linda ships built-in:

makeInjectionGuard — strips user-supplied text of prompt-injection patterns before it hits the model.
makeScopeGuard — restricts which VFS paths a tool call can read or write.
buildVfsAcl + defaultLindaAcl — fine-grained per-path read/write ACL. Useful for /host/* mounts.

Reporting a vulnerability

Email linda@neullabs.com. We respond within 48 hours and credit the reporter in the release notes. Please don't open a public issue with security details.

Browser-first, by design.

See how the VFS, capability gates, and proxy mode fit together.

Read how it works Browse the docs