Security & privacy

Local-first. Sandboxed. Budgeted.

Your data stays on your computer. Employees can't do anything risky without your OK. Every task has a ceiling on what it can spend.

Replace OS runs on your computer. Your conversations, what each employee remembers, and the files agents touch never leave your machine. We don't bundle a master AI login, and we don't report usage back to ourselves.

Your data

Stays on your computer.

Your conversations, what each employee remembers about you, and which agents you've hired all live in a file on your machine.

We don't read it.

Nothing you type, or anything an employee says back, ever leaves your computer.

Nothing ships with shared keys.

What we ship doesn't carry a master AI login — each person gets their own short-lived access.

Your agents

They ask before anything risky.

Deleting a file, running a command, anything you can't undo — the employee pauses and waits for your OK.

They're fenced into one folder.

An employee can only read or write inside the project folder you point it at — never the rest of your computer.

Every task has a ceiling.

Time and money are capped per task. Employees can only delegate a few levels deep, so a runaway one can't drain your wallet.

Compliance

GDPR practices apply today. SOC 2, ISO 27001, and HIPAA are on the roadmap; full attestations are available on request. Operating a team rollout? See the enterprise posture for SSO, audit-log export, and air-gapped deployment options.

Responsible disclosure

Found a vulnerability? Email security@replace-os.local instead of filing a public issue. We acknowledge inside 48 hours and patch material issues within two weeks of triage. We'll credit you in the changelog if you'd like to be named.