Privacy & Security

What Does My Agent Know About Me?

A plain-English way to audit what your agent can access, what it remembers, and how to avoid oversharing.

This is a recurring community question: "How much does my agent know about me?" The good news: your agent is not magically reading your private life. It only knows what you give it through your chats, files, and connected tools.

Short version: if you never shared it (or connected it), the agent usually can’t access it.

What your agent can know

What it usually can’t know

Run this 3-minute privacy audit

1) Ask for an access inventory
List exactly what data sources you can currently use for my requests. For each source: why you have access, and whether I explicitly granted it.
2) Ask for memory inventory
List files where personal details about me may be stored. Show file paths and a short summary of what each contains (no secrets in full).
3) Reduce exposure
Suggest a minimum-access setup for my use case. Include what to disconnect, what to keep, and any redaction rules I should use.

Safe prompt pattern when discussing sensitive topics

Treat this as sensitive. Do not store personally identifying details unless I explicitly say "save this". If storage is required, save only a redacted summary. Before using external tools, ask for confirmation first.

Important: avoid pasting full API keys, passwords, banking details, or private IDs directly into chat. Use redacted placeholders whenever possible.

If you’re unsure whether you overshared

  1. Ask the agent for an access + memory inventory (prompts above).
  2. Rotate any credentials you previously pasted.
  3. Remove or redact sensitive files and reconnect tools with least privilege.

Bottom line: your agent is powerful, not psychic. Keep permissions tight, share intentionally, and run periodic audits.

Related reads: How Agent Memory Works, API Keys & Models, and What Your Agent Can (and Can’t) Do.