zack3d/big-agi
1
0
Fork 0
mirror of https://github.com/enricoros/big-AGI.git synced 2026-05-11 06:00:15 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
4c8fa8e4776ffcbac419aec17eec1c30aa31e708
big-agi/docs/help-data-ownership.md
T
Enrico Ros f052963da3 Md cleanup
2026-03-24 11:53:01 -07:00

106 lines
4.3 KiB
Markdown
Raw Blame History

# Big-AGI Data Ownership Guide
Big-AGI is a **client-first** web application, which means it prioritizes speed and data ownership compared to cloud apps.
Your *API keys*, *chat history*, and *settings* live in your
browser's [local storage](https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage), not
on cloud servers.
You can use Big-AGI in two ways:
1. Run it yourself (open-source)
2. Use big-agi.com (hosted service)
This guide explains how the open-source version handles your data. You can verify everything in [the source code](https://github.com/enricoros/big-agi).
## Client-Side Storage
Within Big-AGI almost all chat/keys data is handled client-side in your browser using two
standard browser storage mechanisms:
- **Local Storage**: API keys, settings, and configurations ([learn more](https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage))
- **IndexedDB**: Chat history and larger files ([learn more](https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API))
The Big-AGI backend mainly passes requests to AI services (OpenAI, Anthropic, etc.). It doesn't store your data, except for the chat-sharing function if used.
You can see your data in your browser's local storage and IndexedDB - try it yourself:
1. In Chrome: Open DevTools (press F12 on Windows, ⌘ + ⌥ + I on Mac)
2. Click 'Application' > 'Local Storage'
3. See your settings and API keys
![Browser local storage showing API keys and chat data](pixels/data_ownership_local_storage.png)
### Sync for Authenticated Users
Users with accounts on big-agi.com who opt into Sync (a Pro feature) have their entity data - such as conversations and personas - replicated to the server for multi-device access.
Server-side data is isolated per-user using Row Level Security (RLS), ensuring that no other user can access your synced data.
Sync is entirely optional; without it, all data remains local to your browser.
### What This Means For You
Storing data in your browser means:
- Your data stays on **one device/browser only**
- Clearing browser data **erases your chats** - make backups
- Anyone using your browser can see your chats and keys
- Running your own server needs technical skills
### Local Device Identifier
Big-AGI generates a _device identifier_ that combines timestamp and random components, stored only on your device. This identifier:
- Is used only for the **optional sync functionality** between your devices
- Helps maintain data consistency when using Big-AGI across multiple devices
- Remains completely local unless you explicitly enable sync
- Is not used for tracking, analytics, or telemetry
- Can be deleted anytime by clearing local storage
- Is fully transparent - see the implementation in `src/common/stores/store-client.ts`
## How Data Flows
AI interactions in Big-AGI, such as chats, AI titles, text to speech, browsing, flow through three components:
1. **Browser** (client/installed App) - Stores your keys & data locally
2. **Backend** (routing server) - Passes requests to AI services
3. **AI Services** - Where the actual AI processing happens
### Self-Deployed Version: Your Infrastructure
You run the server. Your data only leaves when making AI requests.
The keys and chats are under your control and pass through your code, and are sent to
the upstream AI services on a per-request basis.
![data_ownership_local.png](pixels/data_ownership_deployed.png)
### Web Version: Using big-agi.com
Your data passes through the hosted Big-AGI edge network to reach AI services. The keys
and chats pass through Big-AGI's edge network to reach the AI services on a per-request basis,
and then are send to the upstream AI services.
![data_ownership_hosted.png](pixels/data_ownership_hosted.png)
## Security Best Practices
**Basic Security**:
- **Never share API keys**
- **Don't use shared computers**
- Use private browsing for one-off sessions
- Use trusted networks
- Back up your data
**When Running Your Own Server**:
- Use [environment variables](environment-variables.md) for API keys
- Run on trusted infrastructure
- Keep your installation updated
## TL;DR
Your API keys and chats stay in your browser. The server only passes requests to AI services.
Use big-agi.com for convenience, or [run it yourself](installation.md) for full control.
Need help? Join our [Discord](https://discord.gg/MkH4qj2Jp9) or open a [GitHub issue](https://github.com/enricoros/big-agi/issues).
Reference in New Issue View Git Blame Copy Permalink