Privacy policy

• We do not sell your personal data.
• The website may receive ordinary server logs such as IP address, user agent, referrer, request path, and timestamps.
• A self-hosted Spore Core stores your chats, graph data, settings, files, and plugin state on your own deployment.
• If you connect model providers, channel plugins, search tools, voice tools, or other integrations, those providers process the data needed to perform the action you requested.

The public Spore website is used to explain the project, link to source code, link to the community, and show installation instructions. Depending on how the site is hosted, infrastructure providers may collect routine logs for security, abuse prevention, uptime, and debugging.

If analytics are added later, they should be privacy-respecting, documented here, and limited to understanding aggregate product interest rather than tracking individual people across the web.

When you run Spore Core, your instance can store conversation history, user accounts, API keys or encrypted credentials, knowledge graphs, plugin state, uploaded files, generated files, logs, scheduled jobs, and integration metadata. That data is controlled by whoever operates the Spore Core deployment.

Back up and secure your /data volume. Treat model provider keys, invite keys, Telegram/Discord/Slack tokens, SSH keys, and Tailscale state as sensitive secrets.

Spore can connect to external services including model providers, GitHub, Docker Hub, Discord, Telegram, Slack, web search providers, browser automation backends, voice providers, and local or remote code execution environments. When you enable one of those services, your instance sends the information required for that service to work.

Those services have their own privacy policies and retention rules. Review them before enabling integrations for sensitive work.

For self-hosted deployments, retention is mainly your decision: delete graphs, sessions, logs, plugin state, backups, or Docker volumes when you no longer need them. The project aims to provide clear controls for export, deletion, and backup, but operators are responsible for securing the host, reverse proxy, credentials, and volumes.

For privacy questions or security concerns, open an issue on GitHub or reach the project through the Spore Discord.