Data & Privacy
ProxAI Gateway handles your team’s coding-agent conversations, so we keep its data handling boring and auditable:
- The gateway is open source under the MIT license at github.com/proxai/proxai_gateway . We keep it open intentionally — you can read exactly what is collected, how redaction works, and what leaves your machine.
- No proxy, no interception. The gateway never sits between your agents and their model providers. It only reads the session files the agents already write to disk.
- Redaction happens on your machine, first. Secrets are stripped before anything is stored locally, and therefore before anything is uploaded.
On-device redaction
Every captured record passes through a redaction pipeline before it is buffered. The rules cover 13 categories of secrets:
| Category | Examples |
|---|---|
crypto-keys | PEM, SSH, PGP, and other private key material |
llm-providers | OpenAI, Anthropic, and other model-provider API keys |
source-control | GitHub, GitLab, Bitbucket tokens |
cloud-providers | AWS, GCP, Azure, Cloudflare credentials |
payment | Stripe, PayPal, Shopify keys |
auth-services | Okta, Auth0, Twilio, SendGrid keys |
communication | Slack, Discord, Teams tokens |
ci-package-managers | CI tokens, npm/PyPI publish tokens |
saas-tools | Datadog, Segment, Algolia, PagerDuty keys |
http-headers | Authorization headers, API-key headers, cookies |
connection-strings | Database URIs with embedded credentials |
generic-tokens | Long hex strings, session ids, and other token-shaped values |
keyword-secret | password=, token=, secret= style assignments |
Every rule is part of the open-source repository , so the exact patterns are inspectable — not a black box.
What leaves your machine
| Data | Uploaded? |
|---|---|
| Redacted, compressed session records | Yes |
| Capture metadata (source agent, file progress markers) | Yes |
| Gateway and agent versions | Yes |
| A hashed host identifier (see below) | Yes |
| Raw, unredacted session content | Never — it is not even stored locally |
| Your machine’s raw hardware identifier | Never — only the hash is sent |
| Files the agents didn’t write (your repo, your disk) | Never — the gateway reads only agent session files |
The host identifier is derived during setup by hashing a machine identifier together with your user id. ProxAI uses it to tell your machines apart without ever learning the raw hardware identifier.
Inspect it yourself
Because the buffer lives on your machine, you can always audit what was (or will be) uploaded:
proxai-gateway logs --verboseshows full record contents from the local buffer — post-redaction, exactly as uploaded. Records of successful uploads are kept locally for 365 days by default (configurable).