trustplain answers

Security & privacy

SILV AI is self-hosted and bring-your-own-keys. The security model is deliberately simple: your credentials never leave your machine except to reach the APIs they belong to, and nothing survives your session.

your keys, your machine01 / 04

You run the server yourself and bring your own Anthropic API key, plus optional Discord and Telegram bot tokens. There is no SILV AI cloud, no account system, and no middleman: the agent calls the Anthropic API directly with your key, and you pay Anthropic directly for usage. SILV AI adds nothing on top and sees nothing in between.

lifecycle02 / 04

Credential lifecycle

Connect

Your Anthropic key and bot tokens are validated, then held in server process memory — scoped to your browser session.

During the session

Credentials are used only to make direct API calls to Anthropic, Discord, and Telegram. Nothing is logged, persisted, or forwarded.

Teardown — disconnect, 12-hour expiry, or server restart

Keys are wiped from memory, both bots are destroyed, and all monitors and scheduled tasks are cleared.

guarantees03 / 04

What never happens

  • No database There isn't one — SILV AI has nothing to store your data in.
  • No disk writes Credentials, transcripts, and automation state live in process memory only.
  • No analytics No third-party analytics, telemetry, or tracking of any kind.
  • No misdirected keys No key is ever sent anywhere except the provider it belongs to — your Anthropic key goes only to Anthropic, your Discord token only to Discord, your Telegram token only to Telegram.

What leaves your machine

Only API traffic to the three providers you connected: the Anthropic API (agent requests on your key), the Discord API (your bot reading and sending messages), and the Telegram Bot API (same). There are no other outbound connections — no update checks, no error reporting, no analytics beacons.

hosting04 / 04

Hosting recommendations

Stated plainly — there is no built-in auth. Anyone who can reach the page can use your connected keys and bots. Keep it local, or gate it yourself.

Run it locally, or behind auth. SILV AI ships with no built-in authentication. It is meant to run on your own machine or a private network. If you expose it publicly, put it behind your own login, a reverse proxy with auth, or a VPN first — anyone who can reach the page can use your connected keys and bots.

Scope your Discord bot minimally. Invite the bot with only the permissions it needs (read messages, send messages) and only to the servers you want it in. It needs the Message Content privileged intent to read messages — nothing more.

Revoke keys anytime. Because nothing is stored, revocation is clean: rotate your Anthropic key in the Anthropic console, or reset your bot tokens in the Discord and Telegram developer portals. The old credentials become useless immediately.

Treat monitors as autonomous. A monitor triggers an agent run on every matching message and acts without asking for confirmation — it can send replies on its own. Write monitor instructions as carefully as you would write a production rule, and check the Automations activity log in the dashboard.