Local AI privacy (Desktop scanner)
What data stays on your PC and what is sent to Capydox when uploading OpenAPI.
This document explains what Capydox processes on your machine and what can leave to the internet, so you can evaluate its use with proprietary or sensitive code.
General principle
Renderizando diagrama…
Structural scan (no AI)
- Uses pattern rules (e.g. Spring annotations, Express
router.get(...)) without running language models. - No project data leaves the machine or is sent to the cloud.
Inference with local AI
- If enabled, processing happens entirely on the user's machine via
llama.cpp. - Capydox does not use user code to train models.
- The GGUF model (downloaded once) stays in the app user data folder.
Upload to workspace
- On manual upload, only the generated
openapi.jsonis transmitted, not the full repository. - This artifact is subject to the workspace confidentiality and access policies.
Artifacts on disk
The app stores locally:
openapi.json(generated spec)semantic.json(optional intermediate analysis)
Both can be deleted via Clean artifacts in the app.
Restrictive environments
If you work with proprietary code:
- Disable AI inference.
- Analyze only the specific subfolder with public routes.
- Review the generated artifacts before any upload to the platform.