Privacy Policy
What data flows through the dollama network, what we store, what we don't, and how each privacy mode changes who can see your content.
What data flows through the dollama network, what we store, what we don't, and how each privacy mode changes who can see your content.
Plain-language summary: dollama is a volunteer, community-run network — there is no company standing between you and the compute contributors. In every mode, the relay (the server that matches your request to a machine) only ever sees routing metadata — never your prompt or response content. Content flows directly between your machine and the matched contributor's machine, in the clear (not yet end-to-end encrypted). Read on for the full detail, or see the mode comparison table below for the short version.
dollama.net ("dollama", "the network", "we", "us") is an open-source, decentralized network for sharing idle LLM (large language model) inference compute, built on top of Ollama. Volunteers ("contributors" or "node operators") offer spare GPU/CPU capacity; other users ("requesters") send inference requests that are routed to available contributor hardware. A central relay server matches requests to nodes and streams tokens back — it does not run inference itself.
This policy describes what happens to your data — specifically your prompts, model responses, and related metadata — when you use the dollama CLI, dashboard, or network in any mode. It applies to the hosted relay operated at api.dollama.net and the dollama.net website.
When you send a request through dollama (e.g. from Claude Code or another coding tool pointed at the local dollama proxy), the following may be transmitted off your machine, depending on your privacy mode:
What never leaves your machine, in any mode: your files, your repository contents, and your working directory. The local dollama proxy assembles the inference prompt on your machine; only that assembled prompt (and the model's response to it) is sent to the network. Tool execution (reading files, running commands, editing code) always happens locally — a contributor node never accesses your filesystem.
dollama has three privacy modes, chosen by you in the CLI, tray icon, or dashboard. The mode determines which machines can be matched to see your content — it does not change what the relay itself stores (the relay never stores content, in any mode; see §4).
All inference runs on your own machine(s). The relay is not involved at all — no request data leaves your machine or local network.
Requests are routed exclusively to machines you own or machines belonging to a group you're a member of. If none of those machines are available, the request fails rather than falling back to a stranger's machine — private mode fails closed, it never silently exposes your content to the public network.
Requests may be routed to any available contributor on the public network. This is the mode that makes the network's free, shared compute possible, and is not appropriate for secrets, credentials, regulated data, or anything you would not send to a third-party API.
| Who can see your content | Local Only | Private Network | Open Network |
|---|---|---|---|
| Your own machine | Yes — full prompt & response | Yes | Yes |
| The relay | Not involved | Metadata only — never content | Metadata only — never content |
| Machines that process your request | Your own hardware only | Your own or your group's machines only | Any available volunteer machine |
In every network-connected mode, a matched machine holds your content in memory only for the duration of processing your request. It is not persisted by dollama on that machine, and is not sent to any dollama-operated storage. We cannot, however, control what an individual contributor's machine or software does with data it processes — see §6.
Not yet end-to-end encrypted. Content is encrypted in transit (TLS/WSS) between your machine, the relay, and the matched contributor's machine, but the matched contributor's machine — and, if you are the contributor, your own machine when serving someone else's request — decrypts and processes the plaintext. End-to-end encryption between requester and worker, where even the relay operator cannot read metadata about content shape, is planned for a future release but not implemented today.
The relay's database (Postgres) and cache (Redis) never contain your prompt text, model responses, tool inputs, or tool outputs, in any privacy mode. What is stored:
Your actual conversation history lives on your own machine, in your local dollama session store — you control its retention. dollama does not maintain a durable copy of your conversations anywhere else.
If you run dollama in a mode that shares your hardware, other users' inference requests may be routed to your machine. Your machine will decrypt and process their prompt in memory to run inference, and return the response. This is symmetric with what happens to your own requests on someone else's hardware in Open Network mode.
We ask contributors not to log, store, or inspect the content they process beyond what's necessary to operate their node, but this is a community norm, not something we can technically enforce on a volunteer's machine. Treat every hop in Open Network mode — yours and others' — as a machine you don't control.
We run lightweight, non-content health probes against connected nodes to verify they're responsive, and a version/capability check at connection time. These checks confirm a node is running compatible software; they cannot detect or prevent a node from misbehaving with content it processes (see Docs → Trust & security).
No system is perfectly secure. If you believe you've found a security vulnerability, please report it per docs/SECURITY.md in the repository rather than filing a public issue.
The hosted relay runs on third-party infrastructure providers who process metadata (never content) on our behalf as part of operating the service: Fly.io (relay hosting), Neon (Postgres database), and Upstash (Redis cache). Each is bound by its own privacy practices for the infrastructure it provides; none of them receive your prompt or response content through dollama's normal operation.
dollama is a developer tool and is not directed at children. We do not knowingly collect information from anyone under 13 (or the relevant minimum age in your jurisdiction).
As dollama is under active development, this policy may be updated to reflect changes to the architecture (for example, when end-to-end encryption ships). We'll update the "Last updated" date above when we do. Material changes affecting how your content is handled will also be reflected in the in-app consent notices shown when you switch privacy modes.
dollama is an open-source, community-driven project with no corporate entity behind it. Questions, concerns, or reports should go to GitHub Issues on the project repository (security reports should follow the disclosure process instead of a public issue).