Vellum
Docs
Docs / Trust & Security / Security Best Practices

Security Best Practices

Your assistant is a powerful tool. Powerful tools deserve thoughtful use. Here are practical tips for getting the most out of Vellum while staying safe.

Be intentional about what you share

Your assistant remembers what you tell it. That's a feature. But it means you should be thoughtful about what you share, because:

  • Facts and preferences get saved to local memory
  • Saved memories may be included in future AI model calls when relevant
  • Workspace files (USER.md, etc.) are read at the start of every conversation

Practical advice:

  • Share freely for things that help your assistant help you (projects, preferences, schedule patterns)
  • Think twice before sharing highly sensitive information (passwords, financial details, medical records, legal matters)
  • If you shared something sensitive, you can always ask: “Forget what I told you about [topic]”

Review your workspace files periodically

Your assistant's brain is a folder you can read. Take advantage of that.

Every few weeks, open ~/.vellum/workspace/ and glance through:

  • USER.md — Is everything in here accurate? Anything you'd rather remove?
  • SOUL.md — Are the behavior rules still what you want?
  • IDENTITY.md — Still happy with the name and personality?

Think of it like reviewing your browser's saved passwords or autofill data. A quick check keeps things clean.

Understand what you're approving

When a permission prompt appears:

  1. Read it. Don't just click Allow out of habit.
  2. Check the scope. Is it reading one file or your entire home directory?
  3. Consider the context. Does this action make sense for what you just asked?
  4. Say no if unsure. You can always try again after understanding what's needed.
🫣 Autopilot warning: It's easy to start clicking Allow reflexively after your first dozen prompts. That's human nature. But each prompt is a new action. Take the half-second to read it. Your future self will thank you.

Be cautious with custom skills

Custom skills are powerful. They can also do unexpected things if you're not careful.

  • Always test in the sandbox first. The sandbox exists for a reason. Run your skill there before saving it.
  • Review the code. If your assistant wrote a custom skill, ask to see the code before saving: “Show me what this skill does.”
  • Be skeptical of third-party skills. [TBD: When community skills are available] If someone shares a skill with you, review it before installing. Same logic as installing any software.

Credential hygiene

  • Use scoped tokens. When connecting services, grant the minimum access needed. Read-only when possible.
  • Rotate periodically. If you've stored API keys, consider rotating them every few months.
  • Revoke what you don't use. “Show me my credentials” and clean up anything stale.
  • Don't store master passwords. The credential vault is for service tokens and API keys, not your bank password.

Network awareness

Your assistant makes network calls in two situations:

  1. AI model calls — Your prompts and context go to the model provider
  2. Service API calls — Emails, calendar events, web searches, etc.

If you're on a sensitive network (corporate VPN, public WiFi), be aware that these calls are happening. They use HTTPS, but the data is still traversing the network.

The nuclear option

If you ever want to completely reset:

  1. Delete the workspace: Remove ~/.vellum/ entirely. Your assistant starts from scratch.
  2. Revoke macOS permissions: System Settings → Privacy & Security → remove Vellum from each category.
  3. Revoke OAuth connections: Visit each connected service (Google, Slack, etc.) and revoke the Vellum app.

This is irreversible. Everything your assistant has learned is gone. But it's your data and your choice.

[TBD: Guided reset process, “factory reset” command]