ilia/atlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
atlas/docs/PRIVACY_POLICY.md
ilia f7dce46ac9 # Complete Foundational Tickets: Repository Structure, Privacy Policy, and Safety Constraints (#1) 
# Complete Foundational Tickets: Repository Structure, Privacy Policy, and Safety Constraints

## Summary

This PR completes the foundational planning tickets (TICKET-002, TICKET-003, TICKET-004) by:
1. Defining the repository structure with detailed documentation
2. Establishing a comprehensive privacy policy
3. Documenting safety constraints and boundaries for work/family agent separation

## Related Tickets

-  TICKET-002: Define repository structure
-  TICKET-003: Privacy and safety constraints
-  TICKET-004: High-level architecture

All tickets have been moved from `backlog/` to `review/` to mark completion.

## Changes

### 1. Enhanced ARCHITECTURE.md

**Repository Structure Section:**
- Added detailed descriptions for `home-voice-agent` mono-repo structure
- Documented `family-agent-config` configuration repository
- Added inline comments explaining each directory's purpose
- Added `infrastructure/` directory for deployment scripts, Dockerfiles, and IaC
- Clarified separation of concerns between mono-repo and config repo

**Documentation References:**
- Added links to new privacy policy and safety constraints documents in the "Getting Started" section

### 2. New Documentation: PRIVACY_POLICY.md

Establishes the core privacy principles for the Atlas project:

- **Local Processing**: All ASR/LLM processing done locally, no external data transmission
- **External API Exceptions**: Explicitly documents approved external APIs (currently only weather API)
- **Data Retention**: Configurable conversation history retention (default 30 days)
- **Data Access**: Local network only with authentication requirements

### 3. New Documentation: SAFETY_CONSTRAINTS.md

Defines safety boundaries and constraints:

- **Strict Separation**: Work and family agents must remain completely isolated
- **Forbidden Actions**: Family agent cannot access work files, execute shell commands, or install packages
- **Path Whitelists**: Tools restricted to explicitly whitelisted directories
- **Network Access**: Local network by default, external access only for approved tools
- **Confirmation Flows**: High-risk actions require user confirmation
- **Work Agent Constraints**: Work agent also restricted from accessing family data

## Impact

This PR establishes the foundational documentation that will guide all future development:

- **Privacy-first approach**: Clear policy ensures all development respects user privacy
- **Safety boundaries**: Explicit constraints prevent accidental data leakage between work/family contexts
- **Architecture clarity**: Detailed repository structure provides roadmap for implementation

## Testing

- [x] Documentation reviewed for clarity and completeness
- [x] All ticket requirements met
- [x] Cross-references between documents verified

## Next Steps

With foundational tickets complete, development can proceed on:
- Voice I/O track (wake-word, ASR, TTS)
- LLM Infrastructure track (model selection, server setup)
- Tools/MCP track (MCP foundation, tool implementations)
- Clients/UI track (Phone PWA, web dashboard)
- Safety/Memory track (boundary enforcement, memory implementation)

---

**Commit Message**: My to-do list is clear. I've finished the foundational tickets per the guide. I'm ready for what's next and will notify the user.

Reviewed-on: #1
2026-01-05 20:24:58 -05:00

1.9 KiB
Raw Blame History

Privacy Policy

This document outlines the privacy policy for the Atlas home voice agent. The core principle of this project is to ensure user privacy by processing all sensitive data locally.

Core Principle: Local Processing

  • ASR/LLM Processing: All Automatic Speech Recognition (ASR) and Large Language Model (LLM) processing is done locally on the user's own hardware. Voice data and conversation contents are not sent to any external servers or third-party services.
  • Data Storage: All conversation history, memory, and user data are stored locally on the user's devices.

External API Usage: Exceptions

While the default policy is to avoid external services, a limited number of exceptions are made for functionality that requires external data. These exceptions are explicitly listed and must be approved.

Approved External APIs:

  • Weather: The weather tool uses an external API to fetch weather forecasts. Only the city name or coordinates are sent to the weather service. No personal information is included in the request.
  • Other Future APIs: Any future integration with an external API must be explicitly documented here and will be subject to a strict privacy review.

Data Retention and Deletion

  • Conversation History: Users can configure the retention period for conversation history. The default is to retain history for 30 days. Users can choose to disable history logging or set a different retention period.
  • Memory: The agent's memory (facts, preferences) is stored indefinitely until manually deleted by the user.
  • Deletion: Users can delete their entire conversation history and memory at any time through the admin dashboard.

Data Access

  • Local Network Only: Access to the agent's data and configuration is restricted to the local network.
  • Authentication: Access to the admin dashboard and other sensitive endpoints requires authentication.