Privacy & data handling

What the Senteron MCP extension touches on your computer, what leaves your computer, and what it never does. Plain English, no dark patterns.

Short version. Senteron reads its own repository folder, writes run artifacts back to that folder, and makes outbound HTTPS calls only to the LLM providers whose API keys you've configured. No analytics. No telemetry. No third-party tracking.

What Senteron reads on your computer

The Senteron repository directory you point the extension at — specifically senteron.py, the contents of core/, and your local .env file to load provider API keys.
The runs/ directory inside that repository, when you invoke senteron_list_runs or senteron_get_run.
Nothing outside the configured repository path. The MCP server's safe_run_lookup helper rejects path traversal and symlinks that escape the runs directory.

What Senteron writes on your computer

A JSON artifact under runs/senteron_<timestamp>.json each time you complete a run. Contains the prompt, the per-model responses, the synthesis, and cost estimates.
Sidecar files in the same directory: .events (stage timing), .checkpoint (recovery state), .log.
Nothing outside the configured repository path.

What leaves your computer

Senteron makes outbound HTTPS requests to the LLM provider endpoints whose API keys are present in your .env file. Typical destinations include:

api.anthropic.com (Claude)
api.openai.com (GPT models)
generativelanguage.googleapis.com (Gemini)
api.x.ai, api.deepseek.com, api.mistral.ai, api.cohere.com, api.groq.com, api.together.xyz (if you've configured those keys)

Each provider has its own privacy and data-retention policy that applies to the prompts and responses you send through them. Senteron does not modify, intercept, or proxy any of those calls — it dispatches directly to the provider SDKs.

API keys

API keys live in your local .env file. The MCP extension loads them when spawning senteron.py, but it does not transmit them anywhere except to the LLM providers themselves over HTTPS. The keys are never logged, never written to runs/ artifacts, and never sent to the host of this website.

Stderr output returned to the MCP client is best-effort scrubbed for common API-key patterns (sk-…, AKIA…, AIza…) before being shown.

What Senteron does not do

No analytics, telemetry, or usage tracking.
No phone-home — Senteron does not contact senteron.com or any other first-party server.
No update checks, version pings, or crash reporters.
No file access outside the configured repository path.
No proxying of API requests through any intermediary.

Verifying for yourself

The full source is at github.com/senteron/senteron under the MIT license. The relevant files for the claims above:

mcp_server/paths.py — path-traversal and symlink defenses
mcp_server/env_loader.py — how .env is loaded
mcp_server/redact.py — API-key redaction in returned stderr
mcp_server/exec.py — subprocess spawning, no network calls

Reporting concerns

If you find a privacy or security issue, please open a private security advisory on the GitHub repository rather than a public issue.

Last updated: 2026-05-22. Policy may change with releases; the authoritative version is the one served at this URL.