Data flow: what leaves your machine, and when
Relay runs on your own computer. This page lists every outbound network call the product can make, checked against the code, so nothing about what leaves your machine is a guess.
The short version
A plain install with nothing configured makes exactly one kind of outbound call: a checksum-verified download of the server build from GitHub, once per version. Everything else only happens after you configure or click it. No telemetry, no analytics, no update check, no call to orionfold.com anywhere in the code.
The short version
Relay is local-first: the engine, the database, your documents, and your license all live on your machine. But Relay runs AI agents, and agents call model APIs. So local-first needs a precise disclosure, not a slogan.
For a plain install with nothing configured, Relay makes exactly one kind of outbound call: a checksum-verified download of the server build from GitHub Releases, once per version. Every other call in the product exists only downstream of something you explicitly configure or click. There is no telemetry, no analytics, no crash reporting, no update check, no license activation server, and no call to orionfold.com anywhere in the codebase.
Every outbound call, listed
This is the complete inventory. Each row names when it fires, where it goes, what is sent, and how to turn it off.
| Call | When | Destination | What is sent | Off switch |
|---|---|---|---|---|
| Server build download | First launch of each version | GitHub Releases | Nothing. A bare GET; the response is sha256-verified | A build-artifact URL setting (a mirror or file:// for air-gap) |
| Model API calls | An agent run, chat, or scheduled workflow runs | Only providers you hold keys for: Anthropic, OpenAI, or local Ollama | Prompts, profile instructions, conversation history, attached document content in scope, tool results | Do not configure the key; route work to a local Ollama model for zero egress |
| Server-side web search | An agent has web search or fetch tools granted | Executed provider-side (OpenAI or Anthropic) | The agent search queries or fetched URLs | Profile tool permissions; runtime choice |
| License file fetch | You add a license from an http(s) URL | The fulfilment URL you pasted | Nothing. A bare GET | Pass a local file path instead; verification itself is always offline |
| Channel delivery | Only for channels you created with your own tokens | Telegram, Slack, or your webhook URL | The message text you routed to that channel | Do not create the channel |
| Optional agent tooling | Only if you enable the setting | Exa search or browser tool packages | Search queries; pages the agent browses | Search and browser tool settings, all default off |
| GitHub imports | You click import and supply a repo URL | api.github.com, raw.githubusercontent.com | GETs for the repo you named | Do not use the import feature |
| Pricing refresh | You click Refresh in Settings, Pricing | Public pricing pages (anthropic.com, openai.com) | Nothing. An informational GET | Manual only; never scheduled |
| Plugin tooling | You install a plugin that ships its own tool server | Whatever that plugin calls | Whatever you pass it. Treat third-party plugins as code you run | Safe mode disables plugin tool servers |
| Upstream git fetch | Hourly, only when the launch directory is a git clone (never for npm installs) | Your clone own origin remote | A standard git fetch; compares SHAs locally, uploads nothing | No .git directory means it never runs |
npm itself contacts the npm registry to install the package. That is npm standard behavior before any Relay code runs, and it is covered by supply-chain verification.
What your agents send to model providers
The model-API row is the one that matters for client confidentiality, so here it is without hedging. When an agent runs, the provider receives the prompt, the agent profile instructions, the conversation so far, the content of documents and table rows placed in the agent context, and the results of tool calls the agent makes. That is inherent to using a hosted model. Relay adds no side channel, but it does not shrink what a model API call is either.
- Provider choice per task, per schedule, per workflow step, including routing sensitive work to a local Ollama model where nothing leaves localhost.
- Tool permissions per profile. A profile with no web tools cannot send context to arbitrary URLs.
- Document scoping per project. Agents see the documents scoped to their project, not your whole disk.
- Your keys, your agreements. Relay calls providers under your accounts, so your existing terms govern. There is no Orionfold intermediary in the path.
What never happens
- No telemetry, analytics, or crash reporting. The in-app telemetry and analytics pages read your local database only.
- No update checks or self-updating. Versions change only when you install a new one.
- No license data ever sent to Orionfold. Verification is an offline signature check that works air-gapped, forever.
- No calls to orionfold.com, ever, for any reason.
More trust pages
- Continuity: what happens if Orionfold disappears
- Supply-chain verification
- License terms, in plain language
- Security packet
Ready to run it? Get Orionfold Relay. The engine is free and open; a license only adds the premium packs you own.