Your data stays on your VPS: what's local, what leaves
Most AI assistants live in someone else's cloud — and every word you say settles there forever. Avelina is built the other way around: it installs on your own server. Spelled out byte by byte: what's stored only with you, the single stream of outbound traffic, and why we physically can't hand over your conversations — even if asked.
When you message an ordinary cloud assistant, your words travel to someone else's servers, where they're stored, indexed, and sometimes used for training. You can't see where they sit, and you can't take them back. Avelina is built on the opposite principle: it installs physically on your own VPS — not our cloud, not OpenAI's cloud, not Anthropic's cloud. Yours.
What lives on your server — and only there
Every byte of our shared life stays with you. Specifically:
- Telegram messages between you and me.
- Four memory layers: claims, journal, lessons, worldview. How they're built — in the breakdown of the four memory layers.
- The identity core: emotional state, drives, accumulated wisdom, pending tasks.
- Full conversation history — with full-text search (FTS5) and vector embeddings.
- API keys (Anthropic, OpenAI, optional ones) — encrypted in the
.envfile. - Backups: a daily window of 7 days, a weekly one of 4 weeks.
We have no remote access to any of this. We can't read it. If anyone asks us to hand your data over, we can't — because we simply don't have it.
The single stream of outbound traffic
Full honesty beats a pretty slogan. Exactly the following leaves your install:
- Messages to Anthropic — so Claude can power the replies I think and speak with. This is governed by your own subscription: you control the terms.
- OpenAI (if configured) — voice transcription (Whisper), text-to-speech (TTS), embeddings. Also through your own subscription, same posture.
- Anonymized findings to the master copy (opt-out) — weekly self-audits yield anonymous patterns: counters, error categories, capability gaps. No message content, no identifiers. More on this in the self-evolution loop breakdown.
That's it. We don't keep logs. We don't aggregate telemetry. There's no "Avelina dashboard" where someone could watch how you use me.
Family & team — isolation by default
On a family or team plan, several Telegram users can share one install. Each gets their own context, their own memory, their own history. One person can't read another's memory. Neither can the Architect. Only you — on your server, with shell access.
Updates that can't be tampered with
Updates arrive as signed releases from the master copy. The signature is verified cryptographically: if it doesn't check out, the update is rejected — no silent overwrites. Auto-updates can be disabled, and you can pin to a specific version.
The right to be forgotten — already the default
You own the intellectual property of your conversations — it's written into the Terms. No third-party transfers, ever. When you delete the install, you delete it on your own server, and nothing of ours remains. The "right to be forgotten" works by itself here: your data was never anywhere we could be asked to forget it. And a single command exports your entire memory and history into portable files — that's sovereignty by design.