SafeRag Privacy Policy
Last updated: November 15, 2025
SafeRag is built with absolute privacy as its foundation. All AI processing happens locally on your Mac using Ollama. No data ever leaves your device. No cloud connections, no tracking, complete control. Your conversations, documents, and data remain entirely yours.
Overview
SafeRag ("we", "our", or "us"), developed by Corixa, operates a macOS application for private AI conversations with RAG (Retrieval-Augmented Generation) capabilities. This privacy policy explains our commitment to your privacy and how SafeRag handles (or rather, doesn't handle) your information.
Our Privacy Commitment
SafeRag was created specifically for privacy-conscious professionals who need AI capabilities without cloud exposure. We adhere to three core principles:
What SafeRag Does NOT Do
To be absolutely clear, SafeRag does not:
- Collect personal information - No registration, no accounts, no user tracking
- Transmit conversation data - All chat history stays on your Mac
- Upload documents to cloud - RAG documents processed entirely locally
- Store data on servers - We don't operate any data storage servers
- Track usage analytics - No telemetry, no usage statistics, no behavior tracking
- Share data with third parties - No integrations, no partnerships, no data sharing
- Use cookies or web trackers - No tracking technologies of any kind
- Require internet connection - Works completely offline after Ollama setup
How SafeRag Works
Local AI Processing (Ollama)
SafeRag uses Ollama, an open-source local AI runtime, to provide conversational AI capabilities:
- All AI models run locally on your Mac (Llama, Mistral, Gemma, etc.)
- Conversations processed entirely on-device using your Mac's CPU/GPU
- No internet connection required after initial model download
- You control which models are installed and can delete them anytime
- Model weights stored in your local Ollama directory (~/.ollama)
Local Data Storage
All your SafeRag data is stored locally on your Mac using Apple's secure frameworks:
- Chat History: SQLite database in Application Support directory
- RAG Documents: Local vector database (Lance DB) in Application Support
- User Accounts: Encrypted locally with Argon2 password hashing
- Settings: JSON configuration files in Application Support
- Audit Logs: Local JSON files for compliance tracking
Data location: ~/Library/Application Support/io.halldor.SafeRag/
RAG Document Intelligence
When you upload documents for RAG (Retrieval-Augmented Generation):
- Documents are processed locally to extract text content
- Text is chunked and converted to vector embeddings using local models
- Embeddings stored in local vector database (LanceDB)
- Search and retrieval happens entirely on your Mac
- Original documents never leave your device
- You can delete documents and embeddings at any time
Supported Document Types
All processed locally without external services:
- PDF documents
- Microsoft Word (.docx)
- Plain text (.txt)
- Markdown (.md)
Multi-User Accounts
SafeRag supports multiple users with role-based access control:
- All user accounts stored in local database
- Passwords hashed with Argon2 (industry-standard secure hashing)
- Sessions managed with JWT tokens (stored locally, never transmitted)
- Each user has separate chat history and document access
- Admin users can manage other accounts (all operations local)
- No cloud authentication - everything happens on your Mac
Watch Folder Automation (Pro Feature)
When using watch folder auto-ingestion:
- SafeRag monitors specified folders on your Mac
- New documents are automatically processed locally
- File system access uses macOS security APIs
- No folder contents transmitted anywhere
- You control which folders are monitored
Compliance Features
GDPR Compliance
SafeRag helps you comply with GDPR through local-first architecture:
- Right to Access: All data stored locally, fully accessible to you
- Right to Export: Built-in data export to JSON format
- Right to Deletion: Delete individual items or all data
- Right to Rectification: Edit or update any stored information
- Data Minimization: Only stores what's necessary for functionality
- No Data Processing: Since data doesn't leave your Mac, there's no external processor
HIPAA Compliance
For healthcare professionals, SafeRag supports HIPAA compliance:
- No PHI Transmission: Protected Health Information never transmitted
- Local Encryption: Database encrypted using SQLCipher
- Audit Logging: Complete audit trail of all data access
- Access Controls: Role-based permissions for multi-user setups
- No Business Associate Agreement Needed: No third-party data sharing
Audit Logging (Pro Feature)
For compliance and security monitoring:
- All user actions logged locally (login, document access, exports, etc.)
- Audit logs stored as JSON files in Application Support
- Logs include: timestamp, user ID, action type, result
- Logs can be exported for compliance reporting
- No audit data transmitted to external services
Data Security
Your data is protected through multiple security layers:
- Database Encryption: SQLCipher for chat/document database
- Password Hashing: Argon2 (winner of Password Hashing Competition)
- macOS Keychain: Sensitive credentials stored in system Keychain
- App Sandboxing: macOS sandbox prevents unauthorized access
- No Network Access: App runs entirely offline (except Ollama model downloads)
- Secure Backups: Encrypted backup files with version compatibility
Network Activity
SafeRag has minimal network requirements:
Ollama Model Downloads (One-Time)
The only network activity occurs when downloading AI models:
- Models downloaded directly from Ollama's public registry
- Downloads managed by Ollama (not SafeRag)
- One-time download per model
- Models stored locally, never re-downloaded
- You choose which models to download
In-App Purchase Verification (Optional)
If you purchase SafeRag Pro via the Mac App Store:
- Purchase verification handled by Apple's StoreKit framework
- SafeRag validates receipt with Apple (standard App Store process)
- No purchase data stored by Corixa
- Transaction managed entirely by Apple
No Analytics or Telemetry
Unlike most apps, SafeRag does not:
- Send crash reports
- Collect usage statistics
- Track feature usage
- Phone home with any data
Your Rights and Control
You have complete control over your SafeRag data:
Data Portability
- Export All Data: Export complete database to JSON (Settings → Data → Export)
- Backup & Restore: Create encrypted backups of entire system
- Individual Exports: Export specific chats or documents
Data Deletion
- Delete Messages: Remove individual messages from history
- Delete Sessions: Remove entire conversation sessions
- Delete Documents: Remove RAG documents and embeddings
- Delete Users: Admins can delete user accounts
- Complete Removal: Uninstalling app removes all data from Application Support
Data Retention
- Retention Schedule: Configure auto-deletion policies (Pro feature)
- Manual Control: Delete data whenever you choose
- Backup Policy: Configure automatic backups (Pro feature)
Third-Party Services
Ollama (Required)
SafeRag requires Ollama for AI functionality:
- Open-source: Ollama is free, open-source software
- Local processing: Runs entirely on your Mac
- No telemetry: Ollama doesn't track usage
- Privacy policy: https://ollama.ai/privacy
Apple StoreKit (Optional)
If purchasing Pro via Mac App Store:
- Governed by Apple's privacy policy
- Purchase data managed by Apple, not Corixa
- StoreKit policy: https://www.apple.com/legal/privacy/
No Other Third Parties
SafeRag does not integrate with:
- Analytics services (Google Analytics, etc.)
- Crash reporting services (Sentry, etc.)
- Cloud storage services
- AI cloud services (OpenAI, Anthropic, etc.)
- Marketing platforms
- Any other external services
Children's Privacy
SafeRag is not directed at children under 13. We do not knowingly collect information from children under 13. The app requires macOS 14.0+ and is intended for professional use by adults.
Data Breach Notification
Since SafeRag processes all data locally with no cloud storage:
- There is no central database that could be breached
- Your data security depends on your Mac's security
- Use strong passwords and enable FileVault encryption
- Enable macOS firewall and security features
- Keep macOS and SafeRag updated
International Data Transfers
Not applicable. Since all data stays on your Mac, there are no international data transfers. Your data never leaves your device regardless of where you're located.
Changes to This Policy
We may update this privacy policy to reflect changes in SafeRag's functionality or legal requirements. Changes will be posted on this page with an updated revision date. Material changes will be announced via:
- In-app notification (if applicable)
- Website announcement on corixa.io
- Email to registered users (if we implement newsletter)
Continued use of SafeRag after changes constitutes acceptance of the updated policy.
Open Source Transparency
While SafeRag's source code is currently proprietary, we are committed to:
- Complete transparency about data handling practices
- Detailed technical documentation
- Responding to privacy concerns promptly
- Considering open-source release in the future
Questions About Privacy?
We welcome questions about SafeRag's privacy practices. Our architecture is simple: everything stays on your Mac. If you have specific concerns or need clarification:
- Email us at privacy@corixa.io
- Review our technical documentation
- Check the FAQ on our website
Contact Information
For privacy-related inquiries, data requests, or general questions:
- Email: privacy@corixa.io
- Support: support@corixa.io
- Website: https://corixa.io
- Product Page: https://corixa.io/products/saferag.html
Company: Corixa
Product: SafeRag for macOS
Jurisdiction: Iceland
Summary: What Makes SafeRag Different
Most AI tools require you to trust a company with your data. SafeRag is different:
This isn't just a privacy policy—it's our product architecture. Privacy isn't a feature; it's the foundation.