Effective March 28, 2025
None of your messages, chat histories, and documents are ever transmitted from your system - everything is saved locally on your device by default.
The only occasions where we receive anything about your usage of LM Studio:
When you search for, or download an AI model (so that we can get you the model over the internet).
When the app checks for software updates (so we can get you the updates over the internet).
LM Studio processes as little info as possible, and can run entirely offline. This Privacy Policy ("Policy") describes what information Element Labs ("we", "us", "our") may gather and how we use it when you download and use LM Studio (the "App").
We may update this policy occasionally. When we do, we'll post the new version on this page with a reasonable amount of time before the changes take effect.
Contact us
If you have any questions, comments or concerns regarding this Policy or our processing of information, please contact us at [email protected].
We only process information in the following occasions:
Some of this information (such as your email address or IP address) may be considered personal information. However, we can't see any of your chats or documents within the App.
Here's what this means in practice, and the situations when we would receive data:
What: Your email address and the content of your email
Why: So we can respond to your questions or provide the support you need
What: Device and app information (app version and build, operating system) and IP address (included automatically by our CDN provider)
Why: To help deliver the right app updates for your specific device configuration and to give us an understanding of the software and hardware spread of our user-base.
*Note: We do not collect personal identifiers, nor track your individual behavior.*
What: Anonymized search queries
Why:
*Note: We do not track individual search patterns nor create user profiles based on your model preferences.*
Privacy is core to LM Studio, which is why we:
We keep your information private, and only share it with third parties under the following circumstances, or if you give us explicit permission.
We use service providers who help us with our business operations. These providers are only authorized to store the information as necessary to provide these services to us and not for their own promotional purposes.
In rare cases, we may need to disclose information to authorities, legal counsels, and advisors:
If our company undergoes organizational changes (like a merger or acquisition), information may be transferred to a new business as part of that process.
We retain information only as long as necessary.
We keep data only as long as needed for legal, operational, or contractual purposes. This includes support emails and IP address data processed automatically when you pull updates or download third party models. We employ brief retention periods by design.
We implement measures to keep information secure.
Information security is really important to us. We implement generally accepted industry standards to keep it safe and reduce the risk of damage or unauthorized access. However, as with any electronic storage or method of transmission over the internet, there is still risk, and we can't guarantee absolute information security despite following these acceptable practices.
LM Studio processes very limited data, none of which can be linked directly to individual users. Because the application does not include telemetry or user-specific tracking, we are unable to fulfill data subject requests such as providing a copy of your data or deleting your information. In other words, there's no way for us to identify or retrieve your specific data, and any information we do collect is anonymous and only kept briefly.
The data controller of the data described in this policy is:
Element Labs, Inc., a Delaware corporation. Our registered address: 251 Little Falls Drive, Wilmington, New Castle Country, Delaware 19808-1674.
To facilitate the processing of information, we transfer it to countries outside the EU and the UK to the United States.
Scenario: Handling your email request and responding to you. Legal Basis: Our legitimate interests in responding to customer inquiries.
Scenario: When the app checks for updates and when you search or download AI models Legal Basis: Performance of our terms of use agreement under which we provide the App
Scenario: Responding to, handling, and mitigating suspected violations of law impacting us Legal Basis: Legitimate interests in defending and enforcing violations and breaches that are harmful to us.
Scenario: Complying with a binding request to disclose your information to a judicial, governmental, or regulatory authority Legal Basis: Compliance with legal obligations imposed on us. Where the binding request is not within UK or EU law, our legal basis is our legitimate interests in complying with mandatory legal requirements imposed on us.
Scenario: Enabling a structural change in the operation of our business Legal Basis: Legitimate interests in our business continuity.
If you are in the EU or the UK, you have the following rights under the GDPR:
Right to Access and receive a copy of your information that we process.
Right to Rectify inaccurate information we have concerning you and to have incomplete information completed.
Right to Data Portability, that is, to receive the information that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another person or entity. Where technically feasible, you have the right to have your information transmitted directly from us to the person or entity you designate.
Right to Object to our processing of your information based on our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or if we need to process such information for the establishment, exercise, or defense of legal claims.
Right to Restrict us from processing your information (except for storing it): (a) if you contest the accuracy of the information (in which case the restriction applies only for a period enabling us to determine the accuracy of the information); (b) if the processing is unlawful and you prefer to restrict the processing of the information rather than requiring the deletion of such data by us; (c) if we no longer need the information for the purposes outlined in this Policy, but you require the information to establish, exercise or defend legal claims; or (d) if you object to our processing based on our legitimate interest (in which case the restriction applies only for the period enabling us to determine whether our legitimate grounds for processing override yours).
Right to be Forgotten. Under certain circumstances, such as when you object to our processing of your information based on our legitimate interest and there are no overriding legitimate grounds for the processing, you have the right to ask us to erase your information. However, notwithstanding such a request, we may still process your information if it is necessary to comply with our legal obligations, or for the establishment, exercise, or defense of legal claims. If you wish to exercise any of these rights, please contact us through the channels listed in this Policy.
When you contact us, we reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.
If you are in the UK, you can lodge a complaint to the Information Commissioner's Office (ICO) pursuant to the instructions provided here.
If you are an individual residing in the United States, we provide you with the following information pursuant to the applicable state privacy laws.
We do not sell your information and have not done so in the past 12 months. We do not share your information for cross-context behavioural advertising.
Right to deletion
Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
Please note that we may not delete your information if it is necessary to:
Complete the transaction for which the information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us.
Help to ensure security and integrity to the extent the use of the consumer's information is reasonably necessary and proportionate for those purposes.
Debug to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
Engage in public or peer-reviewed scientific, historical, or statistical research that conforms or adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the ability to complete such research, provided we have obtained your informed consent.
Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us and compatible with the context in which you provided the information.
or
We also will deny your request to delete if it proves impossible or involves disproportionate effort, or if another exception under the law applies. We will provide you with a detailed explanation that includes enough facts to give you a meaningful understanding as to why we cannot comply with the request to delete your information.
Right to correct inaccurate information
If we receive a verifiable request from you to correct your information and we determine the accuracy of the corrected information you provide, we will correct inaccurate information that we maintain about you.
In determining the accuracy of the information that is the subject of your request to correct, we will consider the totality of the circumstances relating to the contested information.
We also may require that you provide documentation if we believe it is necessary to rebut our own documentation that the information is accurate.
We may deny your request to correct in the following cases:
We have a good-faith, reasonable, and documented belief that your request to correct is fraudulent or abusive.
We determine that the contested information is more likely than not accurate based on the totality of the circumstances.
Conflict with federal or state law.
Another exception under the law.
Inadequacy in the required documentation
Compliance proves impossible or involves disproportionate effort.
We will provide you a detailed explanation that includes enough facts to give you a meaningful understanding as to why we cannot comply with the request to correct your information
Protection against discrimination
You have the right to not be discriminated against because you exercised any of your rights under applicable laws. If you exercise your rights, we cannot:
deny you services.
charge different prices or fees for services, also through discounts, benefits, or fines.
provide you with a different level or quality of services.
propose that you receive different prices or tariffs for services.
Please note that we may charge a different fee or provide a different level or quality of services, if the difference is reasonably related to the value we gain from your information.
We will respond to your requests within 45 days (or within 90 days, where the law permits, and we determine it necessary considering the complexity and number of the requests you have filed). If we take longer than 45 days, we will inform you of the extension within the initial forty-five-day response period, together with the reason for the extension.
We may deny your request in the following cases:
If we believe in good faith, based on reasons which are documented in writing, that your request is fraudulent or is an abuse of your rights under applicable law.
If we conclude that the request is irrelevant, based on all the circumstances at issue (e.g., if you requested to correct your information, and we find that it is likely to be accurate).
If it is contrary to federal or state law.
Due to discrepancy in the required documentation.
If the fulfilment of your request turns out to be impossible or involves disproportionate effort.
We will provide you with a detailed explanation including sufficient facts, to enable you to meaningfully understand why we cannot fulfil your request.
You may appeal our decision to deny your request by sending us an email at [email protected].