Our Approach: The Four Principles
Everything we build comes back to four ideas. They're not marketing language. They're the actual design constraints the product is built around. Every feature, every permission flow, every default behavior is measured against these.
πͺ It is inviting.
Trust starts with not overwhelming you.
We don't dump 14 permission screens on you during setup. We don't ask you to configure OAuth scopes before you've even said hello. We don't show you a settings panel with 47 toggles on day one.
Instead, things reveal themselves when they're relevant. The first time you ask about the weather, the Weather skill loads. The first time you ask to read a file, the permission prompt appears. Not before.
This is progressive disclosure, and it's a trust strategy as much as a usability one. You get to understand each capability in context, when it matters, rather than being asked to approve a wall of abstract permissions upfront.
Why this matters for trust: You're never blindsided by a capability you didn't know existed. Every new feature appears at the moment you need it, with an explanation of what it does and why.
π It is yours.
Your data. Your machine. Your rules.
- Your workspace is a folder on your computer. Plain text files. No cloud sync. No hidden databases.
- Your memories are stored locally. They don't leave your machine unless they're relevant to an AI model call.
- Your configuration is readable and editable. SOUL.md, USER.md, IDENTITY.md, everything is transparent.
- Your assistant is private to you. Not shared with your team. Not accessible to others. Not a multi-tenant service.
You can read every file your assistant creates. You can edit any of them. You can back them up, version control them, or delete them entirely. There is no state about you that you can't see and control.
Why this matters for trust: There's no mystery. No βwhat are they doing with my data?β anxiety. Open the folder. Read the files. It's all there.
πͺͺ It is not you.
Your assistant has its own identity. Its own email. Its own accounts. Its own presence.
This isn't just a philosophical distinction. It's a security boundary.
- When your assistant sends an email, it comes from its own address, not yours
- When your assistant creates a GitHub account, it's a separate account, not yours
- When your assistant interacts with a service, the service knows it's talking to an assistant, not to you
This means your personal accounts are never at risk from your assistant's actions. If your assistant's email gets compromised, your email is unaffected. If your assistant's API token is revoked, your personal tokens are fine.
Why this matters for trust: Clear identity separation means clear risk separation. Your assistant's blast radius is contained to its own identity, not yours.
π€ It needs to earn your trust.
This is the big one. Trust is not a checkbox you click during onboarding. It's something your assistant earns over time through consistent, transparent behavior.
Graduated access. Your assistant starts with minimal permissions. It can chat, search the web, and work within its own sandbox. As you use more features, it asks for more access, one capability at a time, with a clear explanation each time.
Bigger risks on smaller things first. Your assistant takes more initiative on low-impact tasks (searching the web, checking the weather) and is more cautious on high-impact ones (sending emails, modifying files). The risk profile matches the consequence profile.
Transparency by default. Every action your assistant takes is visible to you. Every permission request comes with an explanation. No background processes you can't see. No silent data collection. No βtrust usβ hand-waving.
Scoped permissions. Access is controlled through token scopes. Your assistant only gets the access it needs for the specific task. Read access without write access. Calendar viewing without calendar editing. Granular controls, not all-or-nothing.
Why this matters for trust: You never have to make a leap of faith. Each step is small, explained, and reversible. You build confidence through experience, not through a Terms of Service you didn't read.