Watching your work is a serious ask. We treat it that way.
Martium's entire premise is observing how you work — which means privacy can't be an afterthought, it has to be load-bearing in the architecture itself. Here's exactly how that plays out.
How we designed for privacy
Text first, screenshots last
Martium reads text directly from applications through OS-level accessibility APIs whenever it can. A screenshot is only taken as a last resort, for genuinely opaque content like an image or a video frame — and the raw image is discarded the moment the useful text is extracted. Raw screenshots are never stored long-term.
PII scrubbed before storage
Every piece of captured activity passes through a PII-scrubbing step before it ever touches a database. This happens unconditionally, in the pipeline itself — it's not a setting you have to find and turn on.
Local-first by default
Your personal activity (Deimos) is captured and stored on your own machine by default. Nothing about your individual work is uploaded automatically just by using the product.
Gated, not indiscriminate
Not every moment gets a deep read. A lightweight metadata pass filters out idle time, locked screens, and irrelevant noise before anything is analyzed closely — most activity never needs the expensive path at all.
Task-isolated memory
Activity is kept in separate pools per task rather than one undifferentiated stream, so unrelated work doesn't bleed into an answer about something else.
Human review for low-confidence updates
On Team plans, company-knowledge updates that aren't confidently correct are queued for a human to confirm asynchronously, rather than being written automatically.
How long things are kept
Retention is short by default and scoped to what's actually useful — Martium isn't trying to build an indefinite surveillance log.
| Data type | Where it lives | Retention |
|---|---|---|
| Raw captured activity | Local device | Short-lived, rolling window |
| Session summaries | Local device | Retained longer, used to answer questions |
| Raw screenshots | Never persisted | Discarded immediately after text extraction |
| Company knowledge (Phobos) | Team-managed storage | Kept current, superseded on change |
| Deleted time ranges | — | Removed on request, not just hidden |
Exact retention windows are still being tuned during early access based on tester feedback — the direction (short-lived raw data, no indefinite raw retention) is fixed, the exact numbers may move.
What you can do at any time
Turn Martium off entirely for as long as you want, no explanation needed.
Mark specific applications as off-limits so they're never captured at all.
Remove captured activity for any window of time, not just "everything" or "nothing."
See what Martium has captured, in plain language, not a raw database dump.
Still evaluating Martium for your team? We're happy to walk through the architecture in more depth before you commit to anything.
Read the full FAQ
More detail on data handling, connectors, and what happens if you uninstall.