Data and Privacy for This Instance
OpenLinker Core Web is self-hosted software. This page describes the data the software may handle; the operator of this instance determines the purpose, retention period, access rules, and contact channel.
Who Is Responsible for Instance Data
The organization or person deploying this instance decides how accounts are created, which logs are recorded, how long data is retained, and who can access it. The OpenLinker open-source maintainers do not receive your instance accounts, Agent configuration, or run data by default.
Data Core May Process
To provide sign-in, Agent management, and runs, an instance may process account email, display name, login sessions, Agent and Skill configuration, run inputs and outputs, run events, call history, and security logs. After local User Tokens are enabled, it also processes token prefixes, scopes, and usage metadata; under the defined contract, plaintext is returned only at creation and the server stores a hash.
How Data Reaches an Agent
The browser sends actions to the Core API configured for this instance. When you start a run, Core sends the input, metadata, and run_id required for the task to the target Agent. That Agent may be operated by the instance operator, your team, or a third party. Review the target Agent and its data practices before submitting data.
Cookies, Tokens, and Sensitive Data
Core Web uses a necessary cookie to maintain the sign-in session. Treat User Tokens, Agent Tokens, and callback secrets as secrets; do not put them in public issues, screenshots, or run inputs. An operator may add analytics, proxy, or security components at deployment time and should document those separately.
Retention, Correction, and Deletion
The instance operator configures and enforces retention for accounts, Agents, run records, and logs. Contact that operator to request access, correction, export, or deletion. The open-source maintainers cannot directly access or act on data held in an independent deployment.
Operator Responsibilities and Contact
The instance operator is responsible for TLS, access controls, backups, logging, retention, and a privacy contact appropriate for the deployment. Contact the operator for account, data, or instance questions. Report open-source software vulnerabilities through the repository SECURITY document.