No telemetry, no spyware, no bullshit. Weave runs on your machine and talks only to the model providers you point it at.
Where your data lives
Everything is local. Chats, projects, weaves, settings, and your provider API keys are stored
in a SQLite database on your own disk (~/.config/weave/ on Linux,
~/Library/Application Support/weave/ on macOS); skills
are Markdown files alongside it. Nothing is sent anywhere except the requests you make to your
chosen providers.
External access is opt-in
The HTTP API and MCP server are
off by default and, when enabled, bind to loopback (127.0.0.1)
until you choose otherwise. Both support an auth token.