Privacy Policy
Effective date: 2026-05-18
1. What Libyx is
Libyx is a local desktop application for translating EPUB books using large-language-model (LLM) APIs. There is no Libyx server, no Libyx cloud account, and no backend operated by this project. Everything Libyx does happens on your machine or directly between your machine and your chosen LLM provider.
2. What data Libyx stores on your machine
All files Libyx creates or modifies are stored under your user data directory:
- macOS:
~/Library/Application Support/Libyx/ - Windows:
%LOCALAPPDATA%\Libyx\
Files stored there include:
| File / folder | What it contains |
|---|---|
api_keys.json | Your LLM provider API keys (see §4 below) |
state.db | SQLite database: job history, batch status, settings |
*.epub, output folders | Your input EPUB and translated output files |
glossary/ | Per-book glossary JSON files you generate |
sidecar.log (and up to 3 rotated backups) | Runtime logs from the Python pipeline |
Libyx does not create any other files outside this directory (aside from temporary files that are cleaned up on startup).
3. What data leaves your machine
Your EPUB content — book text, chapter contents, and any custom instructions you provide — is sent directly from your machine to the LLM provider you have configured (Anthropic, OpenAI, Mistral, Google, or OpenRouter). Libyx acts as a local client: it formats the requests and sends them over your internet connection. No copy of this traffic passes through any Libyx server, because no such server exists.
The Libyx project never receives, sees, processes, or stores any of your book content, translation output, or API requests.
What goes to each provider, how they use it, and how long they retain it is governed by their own terms and privacy policies — see §6.
4. API keys
You supply your own API keys for each LLM provider you use. Libyx stores these keys in api_keys.json inside your user data directory, with file-system permissions restricted to your user account (mode 0600 on macOS/Linux; restricted to your user via the %LOCALAPPDATA% ACL on Windows). Keys are read into memory at runtime and injected as environment variables into the Python sidecar process. They are not written to any other location, logged, or transmitted anywhere except to the corresponding provider's API endpoint when making requests.
You are responsible for securing your machine and your user account. If you believe a key has been compromised, revoke it in the provider's console and set a new one in Libyx Settings.
5. Logs
Libyx writes a rotating log file (sidecar.log) to your data directory. The active log is capped at 2 MB; up to 3 rotated backup copies are kept. Logs record pipeline events, errors, and debug information. They do not contain your API keys (keys are redacted before any log write). They do contain file paths, book metadata, and translation progress details.
Logs stay on your machine at all times. If you use the Report a bug feature in Settings, Libyx generates a diagnostic report from the log tail and your current app state. Before the report is shown to you:
- Home-directory paths are replaced with
<REDACTED>. - Book title, author, and filename are replaced with
<REDACTED>.
You control whether to copy and share that report. Nothing is sent automatically.
6. Third-party LLM providers
When you add an API key for a provider, you enter into a direct relationship with that provider. Libyx has no visibility into how providers handle the data you send them. You are responsible for reading each provider's terms of service and privacy policy before use:
| Provider | Privacy policy |
|---|---|
| Anthropic (Claude) | anthropic.com/legal/privacy |
| OpenAI (GPT) | openai.com/policies/privacy-policy |
| Mistral | legal.mistral.ai/terms/privacy-policy |
| Google (Gemini API) | policies.google.com/privacy |
| OpenRouter | openrouter.ai/privacy |
Different providers have different data-retention and training-use policies. Some offer opt-outs or zero-data-retention tiers via their API. Review those options directly with each provider.
7. Telemetry and analytics
Libyx collects no telemetry, usage analytics, crash reports, or diagnostic data of any kind.
Automatic update checks. When the in-app update checker is enabled (a feature not yet active), Libyx will periodically contact https://libyx.app/updates/latest.json to check whether a newer version is available. That request transmits: your IP address (visible to the server), the current Libyx version number, and standard HTTP metadata (User-Agent string including OS and Tauri version). No API keys, book content, glossary data, or file paths are transmitted. The update check runs on app startup and at a background interval (exact interval TBD). You will be able to disable it in Settings. This will be the only outbound network call Libyx makes that is not directed to an LLM provider you have explicitly configured.
Until the update checker is shipped, all network traffic from Libyx originates from your explicit actions (translating a book, saving settings that validate an API key).
8. GDPR and data-controller role
Libyx is a local processing tool. The Libyx project does not collect, receive, or control any personal data you process with the application. The project therefore does not act as a data controller or data processor under the GDPR in relation to your content.
When you send book content to an LLM provider, you (the user) are the party initiating that processing. The provider's role depends on your agreement with them. Libyx is the tool you use to initiate that transfer — it is not a party to the relationship between you and the provider.
If your use of Libyx involves personal data (e.g., translating documents that contain names, addresses, or other personal information), you are responsible for ensuring that your use of the relevant LLM provider complies with applicable data-protection law.
9. Children
Libyx is not directed at children under 13 (or under 16 where EU law sets a higher threshold). If you are a parent or guardian and believe a child has used Libyx to send content to an LLM provider, contact that provider directly — Libyx has no copy of the data.
10. Changes to this policy
This policy may be updated in future Libyx releases. Changes will be visible in the project's git history. Once the repository is made public, you can view the full revision history at the project URL. Continued use of a version of Libyx that ships an updated policy constitutes acceptance of that update.
11. Contact
Questions about this privacy policy: blackislandcrew+libyx@gmail.com