Local-first by default
Morrow is designed to keep your conversations, projects, and memory on your own machine. Remote calls are the exception you choose, not the default you inherit.
Privacy
Your models. Your memory.
Your models. Your memory.
Your boundaries.
Privacy in Morrow is an architecture, not a promise. This page describes how it is being built — in careful, honest language, because trust is earned with specifics.
What leaves your machine?
See exactly what stays, and what is sent.
Switch between a local model and an approved provider to see how the boundary changes.
Nothing leaves your machine in this mode.
- Files in workspace scopeThe documents a task is allowed to read.Stays on your machineRead locally
- Structured memoryWhat Morrow remembers, by scope.Stays on your machineStored locally
- Prompts & task contextThe instructions and context for a run.Stays on your machineNever leaves
- Model inferenceWhere the thinking happens.Stays on your machineOn your machine (target)
- Credentials & secretsAPI keys and tokens.Never leavesSecret handles, never values
- Telemetry & usageAnalytics about how you use Morrow.Not collectedNone by default
Target behavior, under active implementation. During pre-alpha these boundaries are design intentions — verify before trusting any of them with sensitive data.
How it is designed
Eight principles, applied throughout.
Your model, your provider
Use a local model, or an approved provider. The active model and where it runs are intended to be visible at the point of use — never hidden.
Minimum context, selected deliberately
For each task, Morrow is being built to select the least context required — not to ship your whole workspace by reflex.
Disclosure before anything leaves
When context would be sent to a provider, the target behavior is a clear disclosure of what leaves and where it goes, retained as evidence afterward.
Workspace boundaries
Tools are scoped to an explicit workspace, not your entire machine. Access is meant to be granted per project, and understandable at a glance.
Secret handles, not secret values
Credentials are designed to be referenced by handle. Morrow uses the reference to act; the underlying value is not meant to be exposed to models or logs.
Scoped, inspectable memory
Memory is typed and scoped, with reads and writes intended to be visible — and retention you control, not silent accumulation.
No silent telemetry
No analytics or usage tracking by default. If diagnostics are ever added, the intent is explicit opt-in with a plain description of what is collected.
Where data lives
A plain map of your data.
The intended storage model. “Leaves” means whether it is sent off your machine under normal use.
Data Where it lives Leaves your machine?
Conversations & projects Local database on your machine No
Structured memory Local, scoped storage No
Credentials Referenced by secret handle Value never
Execution evidence Local, retained with the task No
Model inference Local model, or approved provider Only if you choose a provider
Honest limitations
What pre-alpha means for your privacy.
- Morrow is in active development. These are design intentions and target behaviors — not guarantees, and not yet independently audited.
- Local-only operation is a target. Until it is verified end to end, do not assume any boundary holds for sensitive data.
- Extensions and custom capabilities can broaden what a task can reach. Their access is meant to be scoped and visible, but you are responsible for what you install.
- We will not claim Morrow is fully secure. When boundaries are verifiable, we intend to publish how — with reproducible evidence.
Private by design. Customizable by choice.
If this is the kind of agent you have been waiting for, help shape it.