Security & Privacy

FleetGram runs as a single daemon on your server. Every external call leaves from your machine — there is no FleetGram relay in the middle.

   ┌──────────────────┐    TLS    ┌──────────────────┐
   │  Telegram user   │ ◄──────► │  Telegram Bot API │
   └──────────────────┘           └─────────┬─────────┘
                                            │ webhook / polling
                                            ▼
                              ┌──────────────────────────┐
                              │   FleetGram daemon       │
                              │   (your server)          │
                              │                          │
                              │   ┌──────────────────┐   │
                              │   │ topic-history    │   │  ← plain JSON
                              │   │ topic-memory/    │   │  ← lossless markdown
                              │   │ state.json       │   │  ← settings
                              │   └──────────────────┘   │
                              │                          │
                              └─────┬─────────┬──────────┘
                                    │         │
                          ┌─────────┘         └──────────┐
                          ▼ TLS                          ▼ TLS (optional)
                  ┌────────────────┐             ┌──────────────────┐
                  │  Anthropic API │             │  ElevenLabs API  │
                  │  (Claude LLM)  │             │  or Edge TTS     │
                  └────────────────┘             └──────────────────┘

   No FleetGram cloud. No analytics. No telemetry.

The daemon spawns a worker subprocess per task. The worker uses Anthropic's Claude Code SDK. Voice synthesis is optional and goes to ElevenLabs (paid) or Microsoft Edge TTS (free default) only when the user explicitly asks for a voice reply.

Nothing else leaves. No analytics, no telemetry, no usage reporting back to FleetGram. If you grep the source for fetch(, every call goes to one of the four endpoints above.

Every persistent artifact lives on your server under ~/.claude/PAI/PULSE/:

We recommend chmod 600 on ~/.claude/.env and ~/.claude/PAI/PULSE/data/, plus full-disk encryption for compliance.

Default conversation retention is 90 days. Messages older than the window are permanently deleted by a daily sweep that runs at startup and every 24 hours. Pruned messages and their compacted summaries are removed atomically from disk.

Per-topic retention is useful when you want a tighter window on sensitive topics (e.g. legal at 14 days) and a longer one on knowledge base topics (e.g. research at 365 days).

On-demand wipe: /clear inside a topic deletes the entire history for that topic immediately.

How the no-training guarantee holds end-to-end:

• FleetGram itself is open-source software you run on your own server. We have no remote access to your conversation data and no backend that could ingest it.
• Anthropic (Claude API) contractually excludes API traffic from model training by default. See Anthropic privacy policy and their commercial terms.
• ElevenLabs Enterprise/paid plans contractually exclude your text from model training. See ElevenLabs privacy policy.
• Microsoft Edge TTS (default voice path) and Telegram Bot API are routed through but never see the LLM context.

To further minimize exposure: keep retention short on sensitive topics, use /clear after one-off confidential conversations, and route through GLM (open-weights via z.ai) or a self-hosted model if you must remove Anthropic entirely.

• In transit: TLS 1.2+ on every external call (Telegram, Anthropic, ElevenLabs, Edge TTS).
• At rest: conversation history is plain JSON on disk — we recommend disk-level or filesystem-level encryption (LUKS, FileVault, dm-crypt) for compliance environments. Premium tier offers application-level envelope encryption on request.
• Secrets: bot tokens and API keys live in ~/.claude/.env. Set chmod 600 and rotate quarterly.

• The bot answers only messages from the registered Telegram supergroup. Messages from any other chat are ignored.
• No web login. Telegram is the only control plane. There is no admin dashboard exposed to the public internet.
• Tier-based feature gates run in-process — no external authorization service to compromise.
• SSO/SAML available on Premium tier on request, integrated against your IdP.

FleetGram is infrastructure software you operate. In a team or organizational deployment:

• You act as data controller under Article 4(7) GDPR.
• FleetGram (the software) acts as your data processor.
• Anthropic, ElevenLabs, Telegram, Microsoft are sub-processors. Maintain DPAs with each.

We provide a fillable DPA template aligned with Article 28 GDPR. It covers nature of processing, retention, technical and organizational measures (Article 32), sub-processor list with cross-border transfer mechanisms, breach notification (Article 33), and audit rights.

Data subject rights (GDPR Chapter III): erasure via /clear, access/portability via JSON export of topic-history.json, restriction via /retention 0.

Our playbook follows GDPR Article 33–34 timelines and ISO 27001 A.16 procedures. It defines four severity tiers (P1 critical → P4 low), each with response-time SLAs, and contains template notifications for supervisory authorities and data subjects.

Breach notification timeline: supervisory authority within 72 hours (Article 33), data subjects “without undue delay” when high risk is likely (Article 34).

Report security issues to security@fleetgram.net or open a GitHub issue with the security label.

• Acknowledgment within 48 hours.
• Patch within 7 days for critical issues.
• Coordinated disclosure preferred — we credit researchers in the changelog unless requested otherwise.

PGP key available on request. No bug bounty at this stage, but we are happy to provide a public acknowledgment and a written confirmation for your portfolio.