Security & privacy

Your site stays your site.

AgentPresso runs on your Mac. Your credentials live in macOS Keychain. The conversation goes to the AI model you choose, with your own key — or to a local model, with nothing leaving the room.

Where credentials live

Every WordPress site you connect, every API key you paste, every SSH password — all of it is stored in macOS Keychain. The same place your Mac stores your Safari passwords and your Wi-Fi credentials.

What that means concretely:

  • Credentials are encrypted at rest. They're not in a config file. They're not in UserDefaults. They're not in a database we'd ship.
  • Credentials are only decrypted when AgentPresso needs them for a specific operation — connecting via SSH, hitting your site's REST API, talking to an AI provider.
  • Credentials are never synced to any AgentPresso server. We don't have a server they could sync to. AgentPresso has no cloud component.
  • If you export a site as a portable .agentpresso file (e.g. to move to another Mac), the credentials inside are encrypted with AES-256-GCM using an HKDF-SHA256-derived key.

What gets sent to the AI model

When you chat with AgentPresso, the conversation goes to the AI model you picked — OpenAI, Anthropic, DeepSeek, a local model, whichever. Your conversation goes directly from your Mac to the model provider you chose. It does not pass through any AgentPresso server. We don't see, log, or store any of it.

Anything the agent needs in order to act on your site — instructions you type, output of the commands it runs, the state it's keeping track of — is part of that conversation, which means it's visible to your chosen AI provider. What that provider does with the data afterwards is governed entirely by their own privacy policy and data-handling terms.

That choice matters. Read the privacy policy of any cloud provider before you point AgentPresso at it, and pick the one whose terms you're comfortable with. If you'd rather no data leave your Mac at all, AgentPresso supports local models through LM Studio — in that mode, nothing crosses the network.

One detail worth knowing: your AI provider's API key is sent only as an HTTPS Authorization header at the protocol level, never embedded in chat content the model itself can see.

What AgentPresso does not do

  • No telemetry by default. We don't collect anonymous usage statistics. There's no analytics SDK. There's no error reporter unless you opt in.
  • No phone-home on launch. The only network calls AgentPresso makes on its own are to your AI provider (when you send a message) and to Freemius (for license validation if you're on Multisite, checked at most once an hour).
  • No background agent. Quit the app, and nothing about AgentPresso is running on your Mac.

The permission model

AgentPresso uses three layers of permission, in order of strictness:

  1. Always Protected — deleting files, modifying wp-config.php, destructive database queries (DROP, TRUNCATE, DELETE without backup), deactivating security plugins, WordPress core updates. These always ask, every time, even if you've set everything else to "Always". Cannot be disabled.
  2. Per-Category Permissions — File Changes, Database, Plugin Install, Theme Changes, Shell Commands, External API. Each category is set to Always, Ask, or Never. Defaults are all set to "Ask" the first time you install the app.
  3. Quick Mode — a single toggle that, when on, asks before every significant action regardless of per-category settings. Off by default.

You set these in Settings → Permissions inside the app.

Running fully local

If you want zero data leaving your Mac, AgentPresso supports local AI models through LM Studio. You download a model (Qwen, Llama, DeepSeek-coder, etc.), run LM Studio's local server, point AgentPresso at it (Provider: LM Studio), leave the API key empty.

In that configuration: your message goes from AgentPresso to LM Studio (both on your Mac). The model runs locally on your machine. The reply comes back. Nothing leaves your computer.