Skip to main content

The Short Version

Mako is private by design. Your prompts are never stored, never used for training, and never shared. When you self-host, your data never leaves your machine.

What Mako Does With Your Data

Data TypeStored?Details
Prompts & responses❌ NeverConversations are ephemeral — processed in memory, never written to disk
Conversation history❌ NeverThe gateway is stateless. History is managed client-side only
Training data❌ NeverMako is a static fine-tune. Your conversations are never used to train or improve the model
Telemetry & analytics❌ NoneNo tracking pixels, no usage analytics, no third-party reporting
Usage metadata⚡ OptionalToken counts and credit charges per request. Disabled in privacy mode
Wallet address✅ MinimalStored for credit tracking only. No personal information is linked
API keys🔒 HashedAPI keys are SHA-256 hashed before storage. The plaintext key is shown once on creation and never stored

Privacy Mode

Set PRIVACY_MODE=true in your environment to enable zero-retention mode: 
PRIVACY_MODE=true
When enabled:
  • Usage logs are disabled — no per-request metadata is written to the database
  • Console logs are redacted — tool arguments, URLs, and search queries are replaced with [redacted]
  • Privacy headers are set — API responses include X-Mako-Privacy: zero-retention

Privacy Response Headers

Every API response includes these headers so your client can programmatically verify the gateway’s posture:
HeaderStandard ModePrivacy Mode
X-Mako-Privacystandardzero-retention
X-Mako-Data-Storedusage-metadata-onlynone
X-Mako-Prompt-Storagenonenone
X-Mako-Training-Datanevernever

Usage Log Retention

Even in standard mode, you can limit how long usage logs are kept: 
USAGE_LOG_RETENTION_HOURS=24   # auto-purge logs older than 24 hours
Set to 0 (default) to keep logs indefinitely, or any positive number to enable automatic hourly purging.

Self-Hosting: Maximum Privacy

When you run Mako on your own infrastructure, you get the strongest privacy guarantee possible:
  • Prompts never leave your machine — inference happens locally on your GPU
  • No third parties involved — no proxy, no relay, no cloud provider sees your data
  • Fully auditable — Mako is open source. Every line of code is inspectable at github.com/DeepMako/mako
  • You control the data — the SQLite database is on your disk, under your control
This is stronger than any trust-based or proxy-based privacy system. You don’t have to trust anyone — you can verify everything.

Hosted Gateway

When using the hosted gateway at gateway.deepmako.com:
  • Prompts are not stored and not logged
  • Prompts are forwarded to the inference backend over HTTPS/TLS
  • The inference backend processes your request and returns a response — no data is retained after the response is sent
  • Usage metadata (token counts, credit charges) is stored for billing purposes unless privacy mode is enabled

API Key Security

API keys are hashed with SHA-256 before storage. When you create a key via POST /auth/api-keys, the plaintext key is returned once in the response. After that, only the hash exists in the database. 
{
  "key": "mako_sk_a1b2c3d4e5f6...",
  "name": "my-app",
  "address": "0x...",
  "message": "Store this key securely. It won't be shown again."
}

Environment Variables

VariableDefaultDescription
PRIVACY_MODEfalseEnable zero-retention mode (no usage logs, redacted console output)
USAGE_LOG_RETENTION_HOURS0Hours to retain usage logs before auto-purge. 0 = keep forever

Open Source Verification

Don’t take our word for it. Mako’s gateway is fully open source: Every privacy claim on this page is verifiable by reading the source.