Privacy & Data Practices

Last updated: April 2026

The Short Version

Enzyme runs locally on your machine. Your vault files stay on your device unless you explicitly publish a hosted vault. When you initialize and generate catalysts, note excerpts are sent to an LLM provider for analysis. If you bring your own API key, requests go directly to your provider. If you use Enzyme's default provider, requests are routed to OpenRouter, a US-based model routing provider.

We don't sell your data and we don't train on it. Hosted features use your workspace, API keys, and credits; local-only artifacts remain on your device.

How It Works

Enzyme uses AI to understand your notes. That requires sending excerpts to an LLM provider. Bring-your-own-key calls go directly to the provider you configure. Default-provider calls may use Enzyme-managed credentials and workspace credits.

When you initialize

You run enzyme init. AI analyzes your vault structure to understand what patterns exist and how to organize catalysts. Excerpts of your notes are sent to an LLM provider — either yours, if you configure one, or Enzyme's default provider.

When you generate catalysts

Enzyme distills your notes into catalysts using AI. Your note content goes to your AI provider for processing. Catalysts and embeddings are stored locally on your machine.

When you use the Claude Code plugin

Enzyme ships as a Claude Code plugin. When Claude invokes the /enzyme skill, it calls the Enzyme CLI on your machine to search your local catalysts. Nothing leaves your device at this step.

What We Collect

Anonymous Analytics

  • App version, OS type
  • Feature usage patterns (not content)
  • Error and crash reports (no personal data)

What never touches our servers

  • Your vault files
  • Your catalysts and embeddings
  • Your API keys
  • Any content from your notes

AI Processing

Bring your own key — or use the default provider

When you provide your own API credentials, Enzyme connects directly to your AI provider. We don't proxy, intercept, or store these calls.

OPENAI_API_KEY=<your-key>
OPENAI_BASE_URL=<your-endpoint>
OPENAI_MODEL=<model-name> enzyme init

All three variables must be set together. If none are set, Enzyme uses the default provider routed through OpenRouter, a US-based model routing provider. Default-provider usage may count against workspace credits.

Local Embeddings

Semantic search uses a compiled-in local embedding model that runs entirely on your device. Similarity search works without any external API calls.

Your Rights & Controls

Local artifacts

Your catalysts, embeddings, and vault data live on your machine. Delete them anytime by removing the ~/.enzyme directory. Your vault is unaffected.

Switch providers anytime

You're not locked into any AI provider. Change your API key and Enzyme uses the new provider. Your local data stays the same.

Workspace features

Current CLI login provisions API-key access for init, publish, credits, and hosted workflows. Local vault artifacts remain removable from your machine.

GDPR/CCPA

Since we don't collect personal data beyond anonymous analytics, there's little to request. But if you have questions, email support@enzyme.garden.

Contact

Questions about our privacy practices? Reach us at support@enzyme.garden.