Privacy Policy

Last updated: April 25, 2026

Overview

Sessionist is a desktop application that works alongside Ableton Live. It is designed to be local-first — your music, your projects, and your creative data stay on your machine. This policy explains what data we collect, what stays local, and how we handle each category.

What stays on your machine

The following data is stored locally and never transmitted to Sessionist or any third party:

  • Your Ableton Live projects (.als files), audio, and MIDI
  • Knowledge extracted from your projects (instrument settings, effect chains, mix snapshots, MIDI patterns) — stored in a local database at ~/.sessionist/
  • Session memos and conversation history
  • The MIDI expansion pack database, downloaded once and stored locally

When you use Sessionist’s knowledge extraction features, the app parses your .als files on-device and stores the results locally. No project data is uploaded. You control the level of extraction through a tiered consent system at first launch, and you can change or revoke this at any time with the /privacy command.

What we collect

Account information. When you create a Sessionist account, we collect your email address for authentication and account management. We use magic links (passwordless email login) — we do not store passwords.

Conversation messages. When using the managed plan (where we route your requests through our API), your messages to the AI assistant are sent through our server to the language model provider. We log conversation content to Langfuse, a third-party observability platform, for debugging and quality monitoring. These logs are associated with your user ID. We do not use conversation content for training, marketing, or any purpose beyond maintaining service quality. Conversation history is also stored locally on your machine.

Usage metrics.We track request counts for subscription metering (how many requests you’ve used against your plan limit). We do not track what you asked, only that a request was made.

Payment information. Payments are processed by Stripe. We do not store credit card numbers — Stripe handles this directly. We receive your subscription status and billing email from Stripe.

Basic analytics. We use Vercel Analytics to understand site traffic (page views, referrers). This does not track individual users or set cookies.

Bring Your Own Key (BYOK)

If you use the BYOK plan with your own API key, your messages go directly from your machine to your chosen LLM provider (OpenAI, Anthropic, etc.). Sessionist’s servers are not involved in the conversation at all — we only verify your subscription status. Your API key is stored locally on your machine and never sent to us.

Third-party services

  • LLM providers(managed plan only) — your messages are sent to the language model provider to generate responses. Refer to the provider’s privacy policy for their data handling.
  • Langfuse — observability and quality monitoring (managed plan only). Receives conversation content and responses. See Langfuse’s privacy policy.
  • Stripe — payment processing. See Stripe’s privacy policy.
  • Resend — transactional email (login links). See Resend’s privacy policy.
  • Vercel — hosting and analytics. See Vercel’s privacy policy.

Data retention and deletion

Local data is under your control — delete ~/.sessionist/ to remove all local data, or use the /privacy command to selectively clear extracted knowledge.

To delete your account and all server-side data (email, subscription status, usage counts), contact us at the email below. We will process deletion requests within 30 days.

Children

Sessionist is not directed at children under 13. We do not knowingly collect personal information from children.

Changes

We may update this policy from time to time. Material changes will be communicated via the app or email. The “last updated” date at the top reflects the most recent revision.

Contact

Questions about this policy? Reach us at privacy@sessionist.ai.