Back to Outcry Sovereign

Outcry Sovereign Privacy Policy

Effective May 11, 2026

Outcry Sovereign is an on-prem product. The daemon runs on hardware your organization controls, and prompts and responses never leave that hardware unless you explicitly route them elsewhere. This policy describes what the daemon stores on disk, what it does not, and the few moments when it talks to the internet.

What we never collect

  • Your prompts. The daemon does not transmit prompt content to Outcry AI in any mode, including the audit log mode.
  • Your model output. Responses are streamed back to your client and not echoed to us.
  • Your API keys, license token, or admin password.
  • Telemetry on which features you use, how often you start the server, or which models you load. The daemon ships no telemetry SDK.
  • Crash reports. We do not run an automatic crash reporter. Diagnostic bundles are exported manually by you and sent to support only when you choose.

What the daemon stores on disk

All on-disk state lives under ~/Library/Application Support/Outcry Server/ (this directory was named before the product was rebranded to Outcry Sovereign; the path stays for migration compatibility) with file mode 0600 (owner read/write only):

  • state.json — API key records (label + hashed secret, never plaintext), license activation metadata, network preferences, logging mode preference.
  • admin.secret — the admin bearer token for the GUI's management surface. Generated locally on first run.
  • audit.jsonl — request audit log. Contents depend on the audit mode you select (see below). Default mode is none: this file is not written.
  • Diagnostics/ — support bundles you export manually. Never auto-uploaded.

Audit log modes

You choose how much detail Outcry Sovereign records about each request. Switch modes any time from the GUI's Logs tab.

  • none (default) — no per-request log is written. Only per-key aggregate counts (total requests, last-used timestamp) are kept in state.json.
  • privacy — metadata only: timestamp, API key label, client IP, endpoint, token counts, latency, status code. No prompt content, no response content.
  • hash — metadata plus a one-way SHA-256 hash of the prompt and response. The hashes let you correlate “was this request the one I ran on Tuesday?” without storing readable text.
  • audit — full prompt and response text. Opt-in only, intended for regulatory or compliance use cases. Storage is on the local disk only; we do not receive it.

Each mode honors a retention window you pick (7, 30, 90, or 365 days). Records older than the window are pruned in place on the next write.

When the daemon talks to the internet

The daemon initiates only two kinds of outbound network calls, and both are user-initiated:

  • When you click Check for updates in the Updates tab, the daemon fetches the appcast at https://www.outcryai.com/sovereign/appcast.json over TLS. The request includes a standard User-Agent header and nothing else identifying.
  • When you click Download update, the daemon fetches the signed .pkg URL from the appcast. Signature is verified locally before installation.

There is no license heartbeat, no telemetry beacon, no crash uploader, and no auto-update. Disconnect the daemon from the internet entirely and it serves requests indefinitely on your local network.

Memory-only state

The KV cache for the bundled system prompt is precomputed at daemon startup and held in RAM only. Per-request KV cache is ephemeral and discarded after the response completes. Neither is written to disk in normal operation.

License data

Your license token contains an organization name, an issued-at timestamp, a maintenance expiry date, and an optional machine fingerprint. We verify the signature locally using a public key baked into the daemon at build time. The daemon does not phone home to validate license tokens.

On our side, we keep your organization name, contact email, and billing records associated with the license. These are handled per our general Outcry AI Privacy Policy.

Sending us a diagnostic bundle

If you contact support and we ask for diagnostics, the GUI's Diagnostics tab exports a zip file you can attach to email. The bundle includes hardware info, network preferences, audit log metadata, and on request the full audit log including prompts (off by default — you must check the box). Inspect the zip before sending and redact anything sensitive.

Contact

Privacy questions: support@outcryai.com.