Privacy Policy

Effective date: March 27, 2026

Lavra is an open-source plugin for AI coding agents. This policy explains what data Lavra touches and where it goes.

What Lavra is

Lavra runs entirely on your machine as a set of shell scripts, markdown command files, and agent definitions. There is no Lavra server, no cloud backend, no analytics service, and no telemetry of any kind.

Data that stays local

All data Lavra reads, writes, or generates remains on your machine:

  • Knowledge base (.lavra/memory/knowledge.jsonl) — captured insights, decisions, and patterns from your work sessions. Written and read locally only.
  • Bead data (.beads/) — task tracking managed by the Beads CLI. Lavra reads bead titles and descriptions to provide context. This data stays local unless you explicitly push it to a Dolt remote.
  • Codebase profile (.lavra/config/codebase-profile.md) — an optional analysis of your project’s architecture generated by /lavra-setup. Stored in your project directory.
  • Project config (.lavra/config/project-setup.md, .lavra/config/lavra.json) — your reviewer preferences and workflow settings. Local files committed to your own repository.
  • Session state (.lavra/memory/session-state.md) — ephemeral context written between sessions. Gitignored and deleted after use.

Data that leaves your machine

Lavra itself sends nothing to any server. However, Lavra commands instruct your AI coding agent to perform work. When that happens:

  • Your code and bead content are sent to your AI provider (Anthropic, Google, or another provider depending on your agent) as part of normal agent operation. This is governed by your agreement with that provider, not by Lavra.
  • Context7 MCP server — Lavra configures Context7 as an optional MCP server for fetching framework documentation. If you use commands that invoke Context7, library name queries are sent to Context7’s servers. See Context7’s privacy policy for details. Context7 is opt-in and can be removed from .mcp.json.

No other data leaves your machine due to Lavra.

What Lavra does not do

  • No user accounts or registration
  • No analytics or usage tracking
  • No crash reporting
  • No automatic updates that phone home
  • No collection of your code, knowledge entries, or bead content by Lavra

Git and version control

If you commit .lavra/config/ files (as recommended for team sharing), that data becomes part of your repository’s history. What you commit and where you push it is under your control.

Open source

Lavra is fully open source. You can audit exactly what every hook, command, and script does at github.com/roberto-mello/lavra.

Contact

Questions about this policy: roberto.mello@gmail.com